In phishing with an attachment, custom attachment has an embedded link in the attachment. The size of the link is invariably large, which disturbs the content which is meant for the custom attachment. Kindly either decrease the size of the link or remove the link. This would enable the user to have a more customized experience and required content can be added on the landing attachment flawlessly. Moreover, the size of the link makes the user susceptible about the mail and chances of the user opening the training link and training mail followed by the phishing process decreases.

When conducting Pishing campaigns, many times, the personnel in charge of the companies that hire us, want to receive a test email before launching the campaign to the target users. Currently, to send a test email to the company, it is necessary to launch the campaign, but once launched, it does not have the option to modify it, so it is necessary to create it and launch it again to make changes. Could you enable editing of ongoing (launched) campaigns?

Add the ability to strip hyperlinks from incoming emails at the enterprise or user level.

We deal with Phish Threat reports for multiple organisations and need a way to differentiate between them. Having the option to customise the subject line would be an easy way of achieving this, e.g. "Client A - phish threat report", "Client B - phish threat report" etc.

Ability for Sophos to send phish emails directly to an email gateway IP address, instead of relying on the MX record, bypassing any 3rd party web services (such as Symantec/Broadcom Email Cloud services) that check emails for spam and malware before forwarding onto the email gateway.

Give the ability to modify the end date of a campaign after it has started to extend it.

Currently, when running a Credential Harvesting campaign, users are only "Caught" once they have entered credentials. This means that the users that are only clicking the link are not properly being notified that they too have failed. In "real life" a link can contain malware and ask for credentials as well.

Please count the users that are only clicking links as caught victims as well. I understand that they will not have the typical splash page to notify that they have failed. But they could receive an email after with the link for training.

add Arabic characters in importing users on Sophos Central

Ability to sign in and sync (and keep in sync) user accounts for phishing campaigns.
It should be possible to have a campaign that automatically enrolls new users as they are onboarded & remove users are as they are deleted/archived.

Apart from a single example called 'Encrypted Message' I couldn't see anything relating to Microsoft Office 365 in your campaigns.

Given this is one of the main cloud based business services (and we often get phishing emails trying to steal these credentials) we could really do with some decent Office 365 Templates for Credential Harvesting, Phishing and Attachments.

Hello Team,

We have customer here requesting to have the quiz option to be much more visible or emphasize upon completion of training that user need to take and pass the quiz in order for them to complete the training.

The sample provided is the Phishing Training Module: Office Attachments

User advise that It appears when users see a “100% complete” message they don’t consider taking the quiz is required to record the users training as completed. This impacts how many users actually report as completed the training.

For your assistance please

Thank You

Hello Team,

We have customer here requesting to have the quiz option to be much more visible or emphasize upon completion of training that user need to take and pass the quiz in order for them to complete the training.

The sample provided is the Phishing Training Module: Office Attachments

User advise that It appears when users see a “100% complete” message they don’t consider taking the quiz is required to record the users training as completed. This impacts how many users actually report as completed the training.

For your assistance please

Thank You

If a new campaign will be created and "no training" is selected, only a standard 404 error page will be displayed, if the user clicks on the fake link.

Would be nice, if it is also possible to customize the caught / landing page like we have it, if we choose a trainings video.

Thanks, Markus

The "Sending Increment" option currently is only available on a New Campaign for Training.

Please the add this option for creating a "New Series" for training also.

When scheduling a new campaign, you can choose the start time only on even hours. When the emails arrive for example exactly at 8:00 AM, it's suspicious to a lot of people and they correctly assume that something is going on. I heard this as a feedback from some of our campaigns.

Better would be to be able to customize the start time, for example 8:12 AM. If the emails are sent in multiple batches, it would be nice to be able to schedule these more in depth as well.

There is currently no way to change the phishing Link in the e-mail body. The link always shows the same address: "https://xx0q9nhk.r.eu-west-1.awstrack.me". Clever users can immediatly tell when they are beeing tested because this link is always the same. We would like you to add a link spoofer like bit.ly so you can't immediatly tell it's a Sophos phish threat e-mail.

This is not about the e-mail Domains but the link in the e-mail body.

Currently, a customer can only have one customized procedural template (per-type) on their account .This means that if a customer is using the custom version of a procedural template (i.e. the Training Reminder template) in Campaign A, then the customer customizes this same template in Campaign B, the changes made to this templates in Campaign B will also apply to the template being used in Campaign A.

This is an important feature.

As we are currently using HCL Notes, it would be nice to have an Report-Addin similar to the Outlook Version.

provide function to manually edit the recipient email's when campaign is still enrolling.
This could prevent delay in resending the email to those recipients if they have their email changed or updated prior/during the campaign period.