PhishCloud Customer
Frequently Asked Questions

General

PhishCloud is designed with a human approach. We offer proactive detection through a new, patented solution that focuses on people first. What makes PhishCloud unique is that we’re focused on helping humans be better at detecting threats wherever they see them – and not ONLY email.  

Phishing attacks require one important thing for success:  a user must click on a link or interact with content, whether it’s in email, social media, web browsers or messaging apps.  Unfortunately, users are woefully untrained in how to spot phishing attacks.  PhishCloud focused on the human aspect of phishing protection, clearly showing a user what is malicious, suspicious or safe to click on.  PhishCloud also has powerful policy builders that will allow IT administrators to notify, block and train users to prevent and educate.  

For phishing attacks to work, a user needs to click on a link or interact with content, whether it’s in email, social media, web browsers or messaging apps. Sadly, most users aren’t trained to spot these phishing attacks.  

PhishCloud visually identifies threats, through colored highlights, making phishing protection as simple as a traffic light:  red for malicious, yellow for suspicious and green for safe.  Users can now make intelligent decisions before clicking on a bad URL or content.  

From time to time you may encounter a link with a grey highlight.  This color means that PhishCloud is in the process of categorizing this link, using its cloud infrastructure to properly classify the nature of the link.  This usually requires no more than 2 seconds, but occasionally may take longer if we need to look closer.  User do have the option to right-click links and “Check Link Safety” to verify where the link is destined for.  

PhishCloud uses a local agent that processes and anonymizes data at the endpoint, protecting PII.  PhishCloud is dedicated to never collect or store any PII data.   

The PhishCloud Management Console, a cloud-based management tool, delivers real-time as well as monthly aggregated reporting. If a report is needed beyond what is available today, please contact support@phishcloud.com  

PhishCloud’s cloud-based management console gives IT administrators the ability to deliver custom notifications to employees based on what they click on and what they see.  IT administrators have full visibility into threats their users see and can notify, automatically block the ability to click on a malicious link, and provide reality-based training to educate the user in real-time. IT can configure alerts to be delivered via email or SMS if a user does make a mistake or somehow gets to a questionable site.  

PhishCloud uses more than 60 sources of data, including a Rapid Defense Network of highly trained analysts who actively investigate links, sites and ongoing attacks.  PhishCloud’s cloud AI engine has the ability to protect customers globally from events seen across the globe.  

     a. Deliver custom notifications to users addressing malicious and suspicious content

     b. Automatically block users from clicking on malicious or suspicious content  

     c. Assign immediate and reality-based training to users based on what attack they are experiencing.    

IT Administrators can now see in real-time what users are seeing, across all digital platforms.  Our intuitive management console lets you see all events, with attribution data, so you can respond quickly to mitigate risk.  IT Administrators can quickly see the most critical events so that you spend time wisely.  

Installation

PhishCloud installs a small, light-weight agent on each device for several reasons.  PhishCloud brings phishing protection to the user, inspecting URL’s and content in any digital platform used by the user, helping the user make intelligent decisions on what they click on.  PhishCloud’s agent also provides a privacy barrier, protecting PII and ensuring that PhishCloud’s service complies with all regulatory bodies, including GDPR.   

PhishCloud is designed to complement existing security tools, especially anti-malware solutions, and will not interfere with existing applications or security tools that you use. Some end-point applications or antivirus may need to be configured to allow PhishCloud to access the internet.  

PhishCloud supports numerous installation methods.  Should you encounter problems, PhishCloud support engineers will work with you to resolve issues and ensure that PhishCloud agents are installed and functioning properly.  

No, PhishCloud is not a network-level or gateway solution and does not collect or store PII or network data.  PhishCloud sits on top of your existing applications and only inspects URL’s and content to determine if it is malicious or suspicious.  

PhishCloud natively supports local (standalone) installation, Microsoft Intune, SCCM, and GPO deployments. Our package can easily be adapted to deploy via any end-point management platform.  

PhishCloud Support

Our Terms of Service is located here: https://www.phishcloud.com/terms-of-service/, section 2.2 limits our liability. Ultimately it isn’t possible to detect all threats, nor a way to guarantee that end users or Sys Admins will observe and take appropriate action. We do constantly monitor for threats and will update status and alerting as soon as they are recognized.   

PhishCloud support engineers can be quickly and easily be reached by emailing support@phishcloud.com.    

Supported Platforms & Applications

Yes, however Microsoft limits the capabilities we have to interact with the desktop version of Outlook. We highlight threats seen and provide banners to warn users for Outlook Desktop. Outlook Online and Office 365 are fully supported with real-time indicators.  

PhishCloud does not currently have an agent for MAC systems.  However, support for MAC’s is currently on the development roadmap.  

PhishCloud does not currently have an agent for mobile phones or tablets. Stay tuned.  

PhishCloud integrates via API’s to SIEM, SOAR, and other backend service. Contact support for a current list or to request integration services.  

PhishCloud is currently working on integrating with the Connectwise platform.  

Training

“Reality-based” training, a PhishCloud term, is a key ingredient to training users to spot phishing attacks.  When a user clicks on a malicious or suspicious link, visually highlighted by PhishCloud as red or yellow, IT administrators have the option of presenting immediate training based on the type of malicious or suspicious content seen by that user.  This immediate training, based on the event in progress (reality), helps the user fully understand what they did wrong and how to spot such attacks in the future.  Reality-based training “sticks” with the user and helps them make intelligent decisions going forward.  

Along with reality-based training, IT administrators can also develop a monthly/quarterly curriculum, pulling from a library of hundreds of security awareness and compliance modules, that keeps training fresh and top of mind, making your users part of the security architecture, not its weakest link.  

Yes, PhishCloud integrates with training providers to offer compliance training. There is an additional charge for compliance training.   

Pricing & Licensing

PhishCloud is priced per user per month, sold in 1-, 2- or 3-year subscriptions.  Pricing is discounted based on the total number of users and the subscription length.  

Customers have the option of paying for the full subscription term up front or being billed monthly.  Customers who pay up front will enjoy an additional discount.  

PhishCloud services are subscription based and will terminate at the end of the contracted subscription, unless renewed prior to the termination date.   

PhishCloud realizes that users today may have more than one device that they use daily, including personal computers.  Therefore, users can install PhishCloud on up to 3 devices.  

PhishCloud offers a 14-day “try before you buy” period.  Customers have the option of canceling their services within those 14 days.  Customers who do not cancel their service will automatically be billed after the 14 day period.