GnoPhish (noh-fish), a portmanteau of gnostic ("knowledge, especially esoteric knowledge") and phish, is a tool meant to raise awareness among people at an organization about phishing features and techniques so they can better spot, avoid, and report phishing attempts to their security team. There is a fully intended pun behind the name, too: "no more phish, please!"
Unlike traditional phishing awareness and training tools, GnoPhish:
- Doesn't utilize "simulation tests" that can create feelings of shame, embarassment, and humility in end users
- Can be used to raise awareness about phishing delivered via non-email methods (SMS, social media, phone call, etc.)
- Is meant to be based on real and recent phishing attempts that an organization has been targeted with, instead of hypothetical ideas