Phish Threat

Suggest, discuss, and vote on new ideas for Sophos Phish Threat. Phishing attack simulation and training for your end users.

Phish Threat

Suggest, discuss, and vote on new ideas for Sophos Phish Threat. Phishing attack simulation and training for your end users.

Suggest an Idea..

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Attack Screenshot Too Small To be Read

    When some one receives an email after clicking on a phishing email we send the AttachScreenShot is so small they can't read it at all.

    Is there a way to make this bigger. Users have no idea what email link they actually clicked on that was the phishing.

    3 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    • Manually Fail Users

      Currently, depending on the campaign type, the user fails the campaign when they do the action the campaign is testing. It would be nice to be able to manually fail users in a campaign. For example, if I ran a credentials harvesting campaign and a user clicks the link but doesn't enter their credentials. The system wont mark them as fail. However, in our opinion that is a failure. I would like to be able to manually mark the user as failed the campaign.

      2 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
      • Email Report for Campaign Status

        Currently, the only way to see the current state of a campaign (i.e. who click, who opened, etc.) is to login to the portal. It would be nice if there where an option to configure for the system to send an email. For example, an email could be sent to a specific address when a user in a campaign opens a phishing email.

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          1 comment  ·  Flag idea as inappropriate…  ·  Admin →
        • Randomize Name List

          Right now all the emails are sent alphabetically by first name.

          2 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
          • Multiple Phased Attacks

            Need to be able to create a campaign that sends, in a time phase, multiple emails to the same user list. This would be configured today as multiple campaigns. If I knew I was going to have 3 attacks over time at the same user list, today I would create 3 campaigns. I'm requesting multiple attack <-> training pairs in the same campaign.

            2 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
            • German

              Please add Support for German to make this usable for our Region.

              3 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
              • Need a training I can push to users before launch fake phishing emails.

                The product really needs a training I can push to users before I launch fake phishing emails. As the product is set up now, users can only be trained after falling for a phishing email. So, we have to just hope they fall for our fake phishing email before they click on a real one?!

                Also, we want our users to be really careful. Then we surprise them with a link or a pop up to a training. I think it would be a lot more effective if we could send out a message from our corporate email, timed with…

                1 vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  2 comments  ·  Flag idea as inappropriate…  ·  Admin →
                • Add Users to New Campagin

                  I would like the ability to add a group of users to a new campaign from the campaign results screen.

                  The idea would be to look at the employee data from one campaign and take all of the users that failed and add them to another campaign in one fell swoop. That way we can target users that failed with another campaign soon after.

                  3 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                  • More Variety Options for Attacks

                    More options for Attacks would be nice to make it easier to quickly make more campaigns. For example, the current templates are all centered around Visa, but some organizations use Master Card, so the Visa templates have to be heavily modified. Other examples are "female friend request" but my organization is 80% female and it would be nice to have an option to have a "male friend request" to send without having to repurpose an existing template and find a good image to use.

                    2 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                    • Connect users to Sophos cloud / synced users

                      Connect Phish threat users to Sophos Central users synced from AD.

                      2 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                      • Status Page - A web page showing the health of Sophos Central Phish Threat

                        Just like we have for Central but for Phish Threat: http://centralstatus.sophos.com

                        Perhaps Phish Threat needs it's own page or it can be included into the existing one for Central. It would be good to show customers any issues with email flow, log in issues etc. This would help to deflect cases as well in the event of an outage which would cause many customers to call in.

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                        • Manager Summary Feedback

                          It would be neat if we could tell PT to send managers a summary of any active campaigns (e.g. once per week) so they know who of their employees is enrolled, and whether they have passed/failed the campaign or quiz.

                          2 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                          • Manager Notification Options

                            Currently, Phish Threat will notify a manager if their employee fails a phishing attack. It would be nice if it could also inform a manager if their employee has passed the attack. Absent giving all managers access to the Sophos Cloud console, they have no way of ensuring their employees have taken and passed mandatory training. If this is to be delegated to them to ensure it happens, giving us an option to give them visibility if an employee passes OR fails the campaign or quiz would be valuable.

                            2 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                            • Phish Threat - time & wrong answers for Failed Trainings are missing

                              It would be good, that we could see the date and time of the Failed Trainings of enrolled users, also his score and what answers he choosed...
                              As it is now, when one choose list of users who had Failed the Training, bbut also retake that training again, you won´t see the date of Failed Training. For the system, it is Completed no matter what and it won´t show in statistics.

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                              • Allow a CSV export of information from the employee data page

                                When identifying staff from the campaign's employee data page we'd like to be able to export that information as CSV to better identify, and address various scenarios, for instance those users who have "opened" an attack email (see: https://ideas.sophos.com/forums/593590-phish-threat/suggestions/19574035-os-browser-email-client-should-be-available-for) for more detail.

                                Allowing an export of this information will enhance our ability to identify staff and provide proper guidance.

                                6 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                • OS, Browser, Email Client should be available for staff who open and click links

                                  Only when a user clicks a phishing link in an attack is the OS, browser, and other detailed information provided. It would be useful to display those details (such as email client - to distinguish full client/ web/ mobile access) for anyone who opens the email (downloads and displays the hidden tracking image).

                                  It may not be possible to gather this information without the user clicking a link in the attack, but if they are users of Sophos endpoint protection this information is likely known and available through that platform.

                                  The reasoning is simple...While clicking a link is most certainly…

                                  5 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Phish Threat - 0% isn´t a good score

                                    It would be good that we could change, rewrite the "template" of the page after the user has failed the final quiz.

                                    at 1) the customer would be able to customize the message sent to users, add specific informations or add additional contact within the organisation for help or anything else

                                    at2) when the user fails the final quiz, 0% score is not simply a good score :)

                                    2 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Positive Reinforcement

                                      Here is an idea for positive reinforcement for phishthreat.
                                      If a user doesn’t fall victim to a phishing training have a “positive” email sent to them indicating that they successfully passed the training.
                                      Obviously there would have to be time period allocated after the email was sent to determine if they do or do not click.

                                      2 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Phish Threat - add WYSIWYG editor to the Training module

                                        The Training Campaign editor does not offer the same level as customisation as the Attack Campaigns. The customer needs to customise the look as the corporate standard.

                                        The email comming from the Phish Threat platform has Basic Times New Roman font and gray background, content in white. I would suggest white background and Arial font or something simply.

                                        2 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          1 comment  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Phish Threat - ability to add more languages

                                          I would like to ADD new Language Set for PhishThreat, but not just editing the existing set of messages.
                                          SETTINGS - GENERAL SETTINGS - LANGUAGES

                                          My point is, that I can edit just pre-defined languages within central, but when I go to edit for example hindi or spanish language set, I still can´t mark this set as CZ or DE. Which is quite confusing. I only can create a group "DE" of users located in Germany, group "CZ" for users in Czech republic, then create a custom Attack template in appropriate language.

                                          I know I can click on edit language…

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1
                                          • Don't see your idea?

                                          Phish Threat

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.