Skip to content

Phish Threat

Phish Threat lets you test your users' response to phishing campaigns.

Sophos Phish Threat allows you to simulate phishing attacks and assess how your users respond to them. It also allows you to distribute anti-phishing training to your users.

To use Phish Threat, the key steps are as follows:

  • Verify your domains. You must do this to use your users' email addresses in simulated phishing campaigns. See Verify domains.
  • Turn on M365 Direct Delivery if you've set up Phish Threat with M365 to handle your campaigns. This way, you don't have to manually add and configure the Phish Threat domains, URLs, and IP addresses to M365's allow list. See M365 Direct Delivery.
  • Create a simulated phishing attack campaign or series. See Campaigns.
  • Review your campaigns and their results. See Campaign overview.


Phish Threat is supported on Google Chrome. We recommend that you always run an up-to-date version.

Find out the frequently asked questions about Phish Threat. See Phish Threat FAQs.