Release Notes & News

Sophos Phish Threat now available in Australia, Japan, and Brazil regions

2023-02-25T00:15:09Z

We are very excited to announce the availability of separate data centers in these regions for Sophos Phish Threat: Australia, Japan, and ...(read more)

Sophos Phish Threat is now available in India region

2023-01-18T23:50:57Z

We are delighted to announce the availability of a separate data center in the India region for Sophos Phish Threat. With this new offering...(read more)

5 New Campaign Templates in Nov'22

2022-11-21T17:36:22Z

Happy Holidays! Phishing attacks spike during the holiday season every year. And so, it is an ideal time for you to launch a simulated...(read more)

5 New Phishing Templates

2022-10-04T20:20:00Z

We are excited to announce that 5 new campaign templates have been added to our list today. These campaign templates simulate real...(read more)

Sophos Phish Threat is now available in Canada region

2022-09-15T14:42:00Z

We are happy to announce that we have now added Sophos Phish threat in Canada region. Having a separate data center in the Canada reduces ...(read more)

Sophos PhishThreat now supports Microsoft Exchange 2016 and 2019

2022-08-25T03:03:00Z

We are happy to announce the release of a new version of Outlook Add-in for Sophos PhishThreat. The new add-in is available for Outlook for ...(read more)

15 New Phishing Templates and Numerous New Training Courses

2022-08-17T18:49:00Z

New Phishing Templates: We are excited to announce that we have added 15 new phishing templates to our list this month. These templates simu...(read more)

[Release Notification] Sophos PhishThreat Domain Verification released for general availability (GA)

2022-06-01T19:20:00Z

<Note: This feature was temporarily rolled back, but has now been restored> Hi Everyone, We are pleased to announce the General Availability (GA) for Sophos Phish Threat Domain Verification process. Previously, there was no check in place to p...(read more)

Now Customize Your Phish Threat Training Email Address

2020-02-17T15:00:00Z

News: Feature update

Overview

Phishing attacks use multiple tactics to appear legitimate, the senders email address and domain name used is arguably one of the biggest tale-tale signs. So, when sending training emails related to your Phish Threat campaigns, you want users to know it’s you, and that it’s safe to click.

That’s why we’re pleased to release the ability for customers to customize the full email address used in the delivery of training related emails to end users, rather than “Sophos training@staysafe.sophos.com”

These training-related emails include:

Enrollment emails - only used in training campaigns

Training "reminder emails” - used in all campaign types

Caught emails - only used in attachment campaigns

How to customize your sender address

You’ll be sending from your own domain in no time at all, with a simple three step process:

Open Sophos Central and navigate to the Phish Threat section and a new page listed in "Settings" called "Automated Emails"
Select the “Use Custom, Verified Sender Email” toggle and enter your chosen sender name and email address (ensure you own the domain you enter)
You’ll then receive a verification email to the email address entered in step two. Simply click the link to verify it’s you

Once verification is complete (this will take a moment), you can begin building Phish Threat campaigns that use your custom email address.

This allows you to effectively train users on phishing tactics, without needing to explain why training emails are coming from Sophos.

Remarks

These features have been automatically applied to your Sophos Phish Threat service in Sophos Central
This feature is applied to the Phish Threat account and is not configured on a campaign by campaign basis
The sending address configured using this feature will only apply to the training related emails mentioned above (enrollment emails, training reminders, and caught user notifications). This sending address will not be applied to simulated phishing emails
If the feature has been enabled using the "Use Custom, Verified Sender Email" toggle and Phish Threat cannot detect a valid, verified sender email to use for this feature, we will continue to send procedural emails using "Sophos <training@staysafe.sophos.com>"

Phish Threat Now Available in Dutch

2019-01-03T16:41:00Z

News: Feature update

Overview

We’re pleased to announce that in the latest update to Sophos Phish Threat, IT teams can now carry out phishing simulation and a variety of cybersecurity awareness courses in Dutch language - providing the most effective training experience to drive down your risk from attack.

100’s of Simulated Phishing Attacks

Customize your Dutch language campaign from a range over 450 phishing attack templates in Sophos Central, with formats including phishing link campaigns, credential harvesting and malicious attachments.

Interactive Training Modules

Training modules will educate users about specific threats such as suspicious emails, credential harvesting, password strength, and regulatory compliance, and can be sent as part of a phishing simulation or sent direct to users in your branded email.

Now live in Sophos Central, try these latest enhancements during your next Phish Threat campaign for a more tailored experience.

Upgrade to the latest Phish Threat

2018-12-03T17:31:00Z

Upgrade opportunity

We have now activated the latest version of Phish Threat for all V1 accounts – making it simple to switch. The list of new features added to Phish Threat 2 since launching in February 2018 is growing all the time. If you’re currently using our original version (V1), there has never been a better time for you to switch.

Find the latest version in your Sophos Central account

Customers will soon notice the latest version of Phish Threat appearing side-by-side with their V1 service in Sophos Central (see below). There is no EOL or migration at this stage – simply the ability to test drive and see the benefits.

Setup is simple

Thanks to our Active Directory Sync tool, all contacts can be imported and managed as one shared list across Sophos Central. Or if you wish, you can continue to upload contacts via .csv file. Once imported, simply whitelist the new IPs and domain names, and then you’re ready to start running our most effective campaigns and training ever.

Top five reasons to switch

Reports you need to show return on investment
Who clicked? Who entered credentials? Our first version of Phish Threat provided valuable insight, and now, interactive dashboards and reports give you a full breakdown of who, when and what device users received a simulated attack, while allowing you to track changing behavior and reduced risk over time – critical when demonstrating return on investment.
Train users with the latest attacks and training
Our customers need to juggle attack simulations and training with other security priorities. Moving to our latest version provides an edge over attackers. Customers have access to a growing range of over 500 attack templates inspired by the latest threat intelligence, and access to more training content than ever with over 60 modules in formats to suit every member of their organization.
Deliver campaigns as individual as your users
Our people are being targeted individually by attackers looking for the weakest link. That’s why Phish Threat now translates email templates and training courses in 10 languages. Providing users with the experience they need to learn new skills and become a stronger line of defense across the organization.
Turn users into an active line of defense
To prove training is effective, you need to show that it impacts real-world behavior. The new Phish Threat Outlook add-in uniquely enables you to do that. Once activated, it allows users to report both simulations and real threats. This allows you to measure training effectiveness and create human sensors throughout organizations to alert you to targeted attacks.
Identify at-risk users
Identifying users who exhibit the riskiest behaviour is a real challenge. Sophos Synchronized Security now let’s you achieve exactly that by connecting Sophos Email to the latest Phish Threat version. This enables you to identify users either warned or blocked from visiting a website due to its risk profile and enroll them directly into targeted training.

Existing Phish Threat licenses cover all campaigns

While you test-drive our latest version of Phish Threat, all campaigns sent between the two versions will be covered by your existing license. For now, any historic data will remain in the V1 console for comparison. Migration of data is coming soon. Until then, you can request data migration by raising a support ticket and include the Phish Threat license ID of the account.

Experience our latest innovation – the Outlook add-in

www.youtube.com/watch

We’re confident that with the improved insight you’ll receive, more than 500 new simulations, and 60-plus engaging training modules, you will love the benefits and make the switch.

Phish Threat Randomized Attacks

2018-11-26T14:00:00Z

News: Feature update

Overview

The latest update to Phish Threat allows you to select up to five attack emails during campaign setup and serve them to users in random order, providing a more effective training experience.

Multi-template customization

When selecting up to five email templates, the customization step now provides full visibility into each template with a new template carousel. This provides you with full control to customize each phishing email template and credential harvesting web page for a completely tailored campaign.

Enhanced reporting

Just as it’s important to test each user in the most effective way, we also want to give you complete visibility into user results across the multiple templates sent. The great news is that the new “By Attack” tab within each campaign report provides full visibility into distribution of the randomized attack. While also providing a detailed breakdown of behavior, including the actions taken by all employees receiving the simulation.

Now live in Sophos Central, try these latest enhancements during your next Phish Threat campaign for a more tailored experience.

Report Spam and Phishing with the Phish Threat Outlook add-in

2018-10-17T08:52:00Z

News: Feature update

Overview

Over the course of the next week Sophos Phish Threat Outlook add-in will launch - allowing employees to report suspected phishing and spam messages with one click right from Outlook. Available for Outlook for Windows and Mac, Outlook Web Access, Office 365 and Exchange environments - it turns all employees into an active line of defense against cyberattack.

Benefits of Sophos Outlook add-in

Sophos Outlook add-in simplifies the way your employees report suspicious messages and simulated tests. With one click, users can report a message to the proper destination in the proper format and eliminate the need to remember a specific email address or how to properly forward unwanted messages.

You and your team will get better visibility into organizational awareness of cybersecurity risks and the real threats you face. With new Phish Threat reports making it simple to view who, when, and on what device users receive their simulated attack - and who reported it.

What happens when you report?

Instant feedback to employees is a terrific way of improving behaviour. That’s why any employee reporting a Phish Threat simulation will automatically receive an instant confirmation of the test.

Reports of all suspicious emails will be automatically forwarded to your designated Phish Threat inbox for greater visibility into the threats each organization faces. A copy will also be automatically sent to SophosLabs for further threat analysis - helping Sophos in its work to predict and prevent threats for all our customers.

Start ‘Doing’ today!

The Sophos Outlook add-in is included as standard with the Phish Threat license. Available to download today from Sophos Central and install to all devices centrally (see “Technical bit” below), you can demonstrate how employee awareness is really improving today - from knowing, to doing the right thing.

Technical details

Is my environment compatible? Which mail clients are covered? How do I install? Can I run a POC? All important questions – so let’s get to it.

Is my environment compatible with the Sophos Phish Threat Outlook add-in?

Sophos Outlook add-in works for mail accounts in the following environments:

Microsoft Office 365 Business subscription (Microsoft Exchange Online)
Microsoft Exchange Server 2019 on-premises
Note:
- Exchange 2013 and 2016 on-premises is not supported.
- Non-Microsoft mail providers (such as Gmail or other POP/IMAP accounts) are not yet supported.

Which mail clients will Sophos Phish Threat Outlook add-in support?

Microsoft Outlook for Windows 2013, 2016, and 2019
Microsoft Outlook for Mac 2016 and 2019
Microsoft Outlook on the Web (Microsoft Office 365 or Outlook Web Access)

Please refer to: Is my environment compatible with Sophos Outlook Add-in?

How do I install the Sophos Phish Threat Outlook add-in?

During proof of concept or testing, sideloading allows you to install the Sophos Outlook add-in on individual user devices via an XML Manifest file.

Centralized deployment is the best way to manage roll-out of Outlook add-in to all employees. Partners and customers can quickly and easily carry this out from the Office 365 Admin Center or using the Exchange Admin Center for on-premises estates. Full details available here

30 New Training Courses Added to Phish Threat

2018-09-12T03:28:00Z

News: Feature update

Overview

The latest update for Phish Threat includes more than 30 new award-winning training modules. Plus, new ways to find the latest email templates fast.

All items in the article have already been added to your Phish Threat 2 account, so you can benefit immediately!

New Award-Winning Training

We’re excited to announce our latest Phish Threat learning partnership with Ninjio, adding more than 30 new training modules, plus one new module every month!

Ninjio shares our approach of short, engaging training, and its unique style recently scooped it the Gartner Customer Choice award for Computer Based Training 2018. By dramatizing real-life cyber threat headlines, with Hollywood script writers and great animations, Ninjio brings these stories to life for employees.

Can’t wait to login? Watch a preview here

Find the Latest Email Templates Fast

Phish Threat now provides more than 500 customizable attack email templates and new templates are being added all the time, so we’ve made it easier to find this latest content fast.

Featured Templates: The latest phishing attacks and seasonal campaigns. Train users to identify real-world attacks hitting inboxes today and the seasonal campaigns they need to know about.
New Templates: Templates added in the past 30 days. New templates are automatically applied to every Phish Threat account. The ‘New’ flag allows you to quickly find that wealth of extra content fast.

Remarks

These features have been automatically applied to your Sophos Phish Threat 2 service in Sophos Central.

Phish Threat 2 - Attachment Campaigns and Custom Landing Pages

2018-06-15T03:40:00Z

News: Feature update

Overview

The latest update for Phish Threat is here, with attachment campaigns and customizable training landing pages now live. This allows you to simulate phishing emails containing malicious attachments, which in the real world, could download malware, including ransomware, then advise caught employees of the need for education with training landing pages customized in your own brand.

SophosLabs now sees malware on up to 77 percent of blocked mail. Training employees to spot these attachments is crucial to stopping email-borne malware, including ransomware, from infecting your organization.

More campaigns that ever before

This latest update adds to the growing list of attack simulation campaign types added to Phish Threat 2 since the launch in February:

Benchmark tests: Understand your level of risk to phishing attacks by first sending attack simulations without training
Training campaigns: Enroll employees directly in training without the attack simulation
Phishing link campaigns: Teach employees to spot the signs of phishing links in emails
Credential harvesting campaigns: Train employees not to enter credentials on phishing website
Attachment campaigns: Avoid malware, including ransomware, being installed through malicious attachments

Tell us what you think of Phish Threat

Product reviews are important to us, helping us take Phish Threat to the next level. If you’re an existing Sophos partner using Phish Threat to increase security awareness among your employees or customers, please submit a Phish Threat review today – simply click the banner below to start.

Remarks

These features have been automatically applied to your Sophos Phish Threat service in Sophos Central