KnowBe4 PhishER/PhishER Plus Reviews & Product Details

That we have an actionable portal in which to sandbox potential threats. In most cases, it does a good job determining if a reported email is either a threat, spam or clean. Review collected by and hosted on G2.com.

PhishER is lacking in key areas including features, reporting, and support. It does not offer the robust capabilities found elsewhere in the KnowBe4 ecosystem, particularly when compared to KSAT. The interface feels unpolished, and the platform frequently struggles to process requests, often running slowly and encountering errors more often than is acceptable for a security product.

Automation capabilities are minimal. Beyond basic keyword-based tagging, there is very little available to meaningfully streamline workflows or reduce manual effort. Reporting is another major weakness—built-in reports provide limited actionable insight and pale in comparison to the comprehensive reporting available in KSAT.

My experience with PhishER support has been particularly disappointing. Issues are routinely minimized or described as “expected behavior,” even when the platform becomes difficult or impossible to use. It is apparent that frontline support agents lack sufficient training and escalation support from senior staff and the development team.

If you are considering PhishER because you have been impressed with KnowBe4’s KSAT product, be aware that the same level of polish, investment, and maturity has not been applied here. Based on my experience, PhishER does not currently meet the expectations one would reasonably have for a product in this space. Review collected by and hosted on G2.com.

I like the automated triage that helps prioritize risky emails, the threat intel that helps us confirm if something is malicious, and the ability to group similar phishing emails so we can clean them up faster across the company. Review collected by and hosted on G2.com.

I’d like to see the automation and similar message detection become more consistent. Sometimes it misses emails that are clearly part of the same campaign and needs manual tuning. It would also be nice to have a bit more flexibility and visibility when building and troubleshooting automation workflows. Review collected by and hosted on G2.com.

PhishER provides a good platform for users to report potential phishing emails with. As admin, it provides a safe location to review those reported emails and ways to handle those. You can integrate several platforms with it to make it more powerful. The PhishRIP is great for pulling phishing emails out of user's inboxes that may not have reported it yet. It's another useful tool when combating phishing emails. It doesn't take long to set up and is pretty basic, making it easy to review the reported emails. I use it daily to review reported emails and take the necessary action against them. Review collected by and hosted on G2.com.

My biggest dislike with KnowBe4 is the delay that it operates at time. That may be due to it being a web based application, or it may be due to it's integration with M365 that I use, but sometimes it can take awhile to respond, so I have to wait for it to catch up. These do not happen every time, but when they do, it is fairly annoying. Review collected by and hosted on G2.com.

I really like that KnowBe4 PhishER/PhishER Plus lets users across our company simply click a button to report suspicious emails, which significantly boosts its adoptability. It's also very easy to set up. The initial automated analysis is crucial in making our decision-making process quick and effective, allowing us to evaluate emails and determine the correct course of action almost instantaneously. Review collected by and hosted on G2.com.

I wish the tool had a partnership with a company like any.run to allow us to analyze attachments in a safe environment real-time within the platform to see if there's malicious code or additional attack vectors embedded inside attachments. Review collected by and hosted on G2.com.

I love that users can submit suspicious emails and then if we find that they are a threat we can do a "rip" to identify if other users have received the same email and pull it from their inboxes. Review collected by and hosted on G2.com.

Some of the selection processes within the platform take a bit of getting used to. You need to make sure that you deselect an option because it doesn't automatically do that - so I've sometimes inadvertently sent a response to a previously selected email, instead of only to the one that I wanted to address. Review collected by and hosted on G2.com.

I find the detail I'm able to see and the sandbox environment in which to detonate emails to determine if there is a threat, as well as the automation for known emails to free up some of my time. Review collected by and hosted on G2.com.

I find it does not always return clean emails to inbox's and instead leaves them in the Junk Email folder. This might be something with how our account is configured, but I have not been able to determine what is causing this to happen. Review collected by and hosted on G2.com.

PhishER allows me to create some automation to help respond to users on a timely basis. For example, I can create rules that look for Spam keywords and automatically send a response thanking our users for their due diligence and give them some advice on reducing spam emails in the future. Additionally, if there are emails reported that PhishER has defined as a threat, or upon review I have decided is a threat, I am able to query our entire Outlook system and find messages that match the criteria, then pull and quarantine these messages. Review collected by and hosted on G2.com.

As bad actors continue to evolve, sometimes they are able to send to users, and the receiver's email is not located in the header. Sometimes this prevents the query from working as expected to remove these emails/threats from other users' inboxes. Review collected by and hosted on G2.com.

I love being able to easily review messages submitted by my users and to be able to give them feedback, and take action if needed. Being able to easily find and delete or quarantine messages from all of my users inbox is an amazing feature. Lately I have seen multiple instances where a "Global" PhishRIP was started and pulled a number of emails from my users, potentially saving us from a phishing incident.

I have used the customer support a couple of times and they have been knowledgeable and helpful every time. Review collected by and hosted on G2.com.

It's a bit frustrating that you have to first log into the KB4 training portal before being able to access the Phisher Plus interface. (This looks like it is getting fixed soon in the new unified login process.)

I wish that I would be able to simply enter an email address to initiate a PhishRIP, instead of having to wait for a user to send in a malicious email. Review collected by and hosted on G2.com.

What I like the most about PhishER is the automation functionality when creating the rules. The ability for us to create rules and automate certain actions based on the rules makes reviewing the reported emails much easier for our team. Review collected by and hosted on G2.com.

What I dislike about PhishER is that it doesnt have the ability to automatically quarantine a confirmed phishing email. In this use case where a phishing campaign is sent out to users and I find it on phishER and phishRIP all the emails and quarantine them, if the same email is sent again later, it does not automatically quarantine it based on past actions to that email. Another thing is that when a phishing campaign is sent to our users and they all report it, it shows that one email reported by so many multiple users - it would be nice if the system could detect that all the reported emails were part of the same campaign and maybe just have the campaign in the inbox where we could click it to see all the reported emails. Both dislikes are fairly minor but just things that could improve the experience of the admins who review the emails. Review collected by and hosted on G2.com.

We are a small team, made smaller but recent RIFs, and the automation features of PhishER are a life saver. We can configure exactly how we want and trust that it will just work. In the rare event that we actually need to sign into the dashboard to investigate something, they retain everything. We can even release a copy of any emails filtered if need be. Review collected by and hosted on G2.com.

Learning to configure it the way we want is a bit time consuming. They have done an amazing job to make it as easy as possible, but we have still misconfigured it more than once. I have no recommendations on how to make it better because it is already as good as I can think to make it, but there is definitely a learning curve. Review collected by and hosted on G2.com.