I would like there to be a way in Phish Threat to mark someone's training complete. In the last training campaign we did several users could not complete the training on their iPads as the quiz link did not work. I want to mark their training complete.

Sophos Phish Threat - Report message add-in for Outlook settings page has dead links titled "Learn More" and "click here".

Can you please create a phishing reporting add-on for Gmail so that education can use this tool.

Hi,
Our company is using HCL Notes 11 Release 11.0.1 (previously known as IBM Notes, Lotus Notes, etc.). It is unlikely that we can switch to Outlook.
Please make available a Report message add-in for HCL Notes.
Thank you, József

I would love to see a Chrome add-in for Gmail that reports Phish Threat emails (like the Outlook add-in). If there is an API that can do the same thing, I'd be willing to try programming it myself.

Feature request - provide a way to perform a campaign through smishing. You provide training for it but no way to test for it.

Where did all the Microsoft / 365 / Office templates go?

Phishthreat PayPal template (We detected unusual activity on your PayPal account) is broken. Shows a gigantic exclamation mark at the start.

Why Sophos Support replying so slowly, we created a ticket 2 weeks before with a high severity, and your support colleague just reply me after more than 4 days, and we were in hurried to figure out how the problem is. However, after a few days your colleague just ask me to give him some basic information and ask me to turn on the remote access again after a week. Well, it's lucky that we could figure out the problem by ourselves but not the Support. Can't believe it takes such a long time to handle a high severity ticket!

I receive an alert that Sophos needs one full disc and access to my computer for an update. Is this you or a hack?

I'm finding that customers who have access to work emails on a mobile phone are more susceptible to clicking on malicious links. This is because it's not as obvious as on a desktop where you can hover over the link. Depending on the phone app, sometimes even the From: address fields are hidden and harder to pick out the email address because it would just read the sender's name. I'd love to see training that can be offered through this service to focus on these areas.

Low quality support. Basically my support ticket was closed without any serious investigation.
Low quality service. Most of the domains used are blocked by SafeBrowsing/SmartScreen -> are useless for training purposes.

We use the VIP impersonation quite a lot, however the problem is that our users display names are in the format "Surname, Firstname", which means that it doesnt catch our users by default. We have to manually create another user in Sophos, and assign both users. It would be great if the VIP impersonation tool could identify the users firstname and surname no matter which way around it is. The whaling emails usually come through firstname + surname.

When a user receives a phishing campaign from phish threat on an iPhone they try to hover over the link by clicking and holding. When they do this though it still classes it as a click and enrolls them in training. I don't know whether this can be corrected or not, but I thought I would report it.

Is it possible to add a comment field for the user so we can add if they called verbally and reported a phish email?

It seems like the percentage of employees that report the email should be based on opening it vice simply being included in the campaign.

The opening percentage is valid and the caught percentage seems appropriate as an overall statistic, but reporting seems like it has to be tied to opening to have any idea how effective the effort to train employees to report suspicious mail.

When we run campaigns, we would like "caught" users to be immediately reported via email to a specific email address in real time so we don't have to continually run the results report. If this could generate the training URL also but instead of sending it to the user, send it to the notification email address, that would allow us to take faster action versus learning about the issue a day or so later.

Hello Team,

Requesting to Extend the archive logs for Sophos Central Log.io for Phish Threat Campaign for 30 days or more as this will be helpful for the customer and for the technical support to perform further investigation for the behavior of campaign that run for 30 days.
For your assistance please. Thank You.

3 Things that the Sophos Phish Threat really needs to address sooner rather than later (That competing products such as InfosecInstitute IQ already have):
1) The ability to save and name custom templates
2) The ability to save an unfinished campaign design for later completion (and the ability to edit during a live campaign for mistakes missed in the initial proofreading)
3) The ability to vary the scope of campaign duration for shorter than a month.