News: Feature update



The latest update for Phish Threat 2 is here, with Credential Harvesting campaigns now live, allowing you to simulate fraudulent phishing websites that lure employees into entering their access credentials.

Two sides to every campaign

Effective Credential Harvesting campaigns have two parts – the phishing email, and the website used to capture an employee’s login details. Phish Threat 2 now allows you to preview the phishing email and credential harvesting website straight from the campaign selector page, and go on to customize the email and website content. Significantly improving the campaign setup process and experience. And don’t forget – we don’t store any credentials entered!


A growing feature list

This adds to the growing list of enhancements added to Phish Threat since it’s full integration into Sophos Central in February:

  • Credential Harvesting campaigns: Lure employees to mock credential harvesting websites
  • Training campaigns: Enrol employees directly in training without simulation
  • Sending increment: Stagger campaign email sending
  • Training auto-reminders: Send automatic reminders to users with incomplete training
  • Customizable notifications: Customize content of training enrolment and reminder emails
  • Export campaign results to CSV: Download campaign results to CSV
  • Immediate scheduling: Schedule a campaign to launch immediately
  • End campaign: Stop an in-progress campaign from sending emails and collecting results


Gartner Magic Quadrant for Security Awareness Training

Tell us about your experience with Phish Threat. Please submit a Phish Threat review today on the Gartner Peer Insights website – simply click the banner below to start a review.



  • These features have been automatically applied to your Sophos Phish Threat service in Sophos Central