Cofense Logo - Email Security Solutions

Can crowdsourcing be used to stop phishing attacks?

Share Now


By Michael Callahan

Most people probably know what Waze is but, as a quick overview, Waze is the crowdsourced traffic app that enables you to contribute to, and receive info from, other Wazers related to traffic conditions like road closures, traffic congestion, disabled vehicles or obstructions on the road. As a Wazer, you are more informed and can avoid negative consequences, thanks to being part of the network.

Can that same concept be applied to email security to stop phishing attacks? Yes. In fact, it’s being done.

Cofense has a global network of about 30 million people around the world reporting suspected phish. The phishing intelligence from that network is unparalleled. No one has access to, or has assembled, this volume of phishing intelligence based on real phish that have evaded existing email security like SEGs, CAPEs, CESSs and IESSs. No one. We call this the Cofense Phishing Intelligence Network, or PhIN.

But data without application is just a bunch of ones and zeros sitting in a database. Cofense applies the intelligence in that data so you are protected. There are two primary ways you’re protected:

  1. When someone in your organization reports a suspected phish, the Cofense team jumps into action and stops the attack instantly.
  2. When someone in the larger Cofense PhIN reports a phish, that information is used to see if you have been attacked as well. Before any of your employees even report. This is like when a Waze person reports an accident, you are made aware of it before you get to the accident and report it yourself. You benefit from the intelligence of others and, at some point, you’ll do the same for others.

What does this look like in practice?

One of our customers is in the healthcare industry and has about 23,000 employees. In one month, they had about 200 emails reported by their employees as suspected phish that resulted in about 500 phishing attacks being auto quarantined with our Vision solution. That’s pretty good as it is. A little more than a 1-for-2 impact. But wait. This customer is part of the Cofense PhIN, and information about attacks on other companies is used to determine if they are also being attacked with those phish (while simultaneously contributing the intelligence from the 200 emails they reported to the network). It turns out they were being attacked and employees had not yet reported those attacks. Because of the Cofense PhIN, many phishing attacks were stopped at this company. How many? Oh, a few. But really, how many? Over 4,500!!!!  4,500 phishing attacks stopped because they were part of the Cofense PhIN, much like people benefit from being part of the community of Wazers.

How about another?

One of our other customers is in the manufacturing industry with about 5,000 employees. They activated their access to the power of the Cofense network through our Vision product. What happened? Well, in two minutes — yes, in 120 seconds — about the amount of time it takes any of us to move from one conference call to another, they had 15 phishing attacks automatically quarantined. They didn’t do anything. They just turned on the product. No one reported the phishing attacks. They didn’t even know they were under attack. But the Cofense PhIN did, and shared that intelligence. This company avoided a costly potential breach, or becoming a victim of ransomware, thanks to the crowd-sourced intelligence in the Cofense network. In two minutes.

We are personal fans of Waze, but even bigger fans of the concept of Waze applied to stopping phishing attacks. With the Cofense Phishing Intelligence Network, you can put a metaphorical pin in phishing attacks.

Get the facts about the Cofense network of 30 million global users and Cofense Vision with Auto Quarantine. We’re here to help. Find out what we can do for you.

All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks. Any observations contained in this blog regarding circumvention of end point protections are based on observations at a point in time based on a specific set of system configurations. Subsequent updates or different configurations may be effective at stopping these or similar threats. Past performance is not indicative of future results.
The Cofense® and PhishMe® names and logos, as well as any other Cofense product or service names or logos displayed on this blog are registered trademarks or trademarks of Cofense Inc.


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on as a development site.