PhishMe, a seven year old startup that helps companies train employees to avoid phishing scams, announced today that it has been purchased by a consortium of private equity firms at a valuation of $400 million.
That wording doesn’t give the exact price and a company spokesperson was careful in her response when we requested clarification. “This is an acquisition by a consortium of investors. The wording is really a reflection of the fact that there were a number of parties involved.” It could also be referencing the enterprise valuation, which is a combination of factors such as a company’s debt and its cash on hand, rather than an actual purchase price.
The company confirmed a Fortune report that the consortium consisted of two private equity firms, BlackRock and Pamplona Capital Management with the latter owning about two-thirds of the company and BlackRock owning the remainder.
The company also announced it was changing its name to Cofense and all of its branding has switched to the name on the company website as of this morning.
As you might expect, the company sees this as a positive step, giving it the strong financial backing of two private equity firms. “So, our brand is inline with our vision. Cool. But even better, we’ve got deeper financial backing to make the vision a reality. The strategic vision is growing while financial pressure is shrinking,” company CTO and co-founder Aaron Higbee, wrote in a blog post announcing the deal.
He’s spinning this as a win for customers, saying that they should expect major updates across the company’s product suite, but when private equity firms take over a company, it’s never clear how well customers will fare. It depends whether they firms intend to invest further as Higbee suggests or whether they are out to squeeze out as much revenue as they can from the company.
The startup launched in 2011 as a way to help companies battle phishing attacks where hackers send emails disguised as legitimate correspondence. They often contain a malicious link or attachment. When a reader clicks the link or attachment, it provides the sender with some sort of access. That could be for a number of purposes including accessing a company’s network, grabbing some personally identifiable information or to be used in some sort of ransomware attack.