Phish Threat

Suggest, discuss, and vote on new ideas for Sophos Phish Threat. Phishing attack simulation and training for your end users.

Phish Threat

Suggest, discuss, and vote on new ideas for Sophos Phish Threat. Phishing attack simulation and training for your end users.

Suggest an Idea..

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Anonymization/Pseudonymization of users

    While administrators and managers shall be able see on a per-campaign-basis the percentage of tests which failed and trainings which were begun/finished - they must not see the individual results of each users.
    The users must not be displayed in clear text, only anonymized/pseudonomized.
    Access to this individual information must only be accessible either using 4-eyes-principle authentication for this information or by creating a special administrator role which may see this kind of personally identifiable information.

    39 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      2 comments  ·  Flag idea as inappropriate…  ·  Admin →
    • Ability to upload/ edit training material

      Can it please be considered for customers to have the ability to upload their own training documents or videos? Or modify the exiting training documents?

      Customers might like to add their own training material into the Phish Threat site so it's more in line with their company. Would you please consider this or would we be reluctant to do so as we have some sort of duty to ensure the training is of sufficient quality and that covers the security topic well enough?

      30 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • sso
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        3 comments  ·  Flag idea as inappropriate…  ·  Admin →
      • Landing Page - No Training Option

        We would like to be able to let the user know that they have made a mistake by opening the attachment on the attachment campaign but we do not want them to be enrolled in training as it is too Americanised for us and we already have our own cyber security training.

        Is there a way to send them the caught page with no training, or send them the caught page and add our own training.

        17 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • sso
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
        • Clear Dashboard/Reporting Data

          We performed thorough testing during our trial phase of Phish Threat. Now our dashboard and reports are skewed, due to the test campaigns we ran. The ability to delete or clear data, so you can begin fresh would be great.

          14 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • sso
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
          • domain

            Add ability to add domains.

            For example if I registered sophsos.com, I would like to be able to add it to my Phish Threat account and use it for a campaign.

            11 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • sso
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              1 comment  ·  Flag idea as inappropriate…  ·  Admin →
            • SMTP Configuration - Add "Send As" Field or modify use of "Sender Name" Field

              Phish Threat SMTP configuration allows the admin to specify a Sender Name which populates part of the the FROM header field on the message. This is not the same as specifying "Send As" which would allow for the proper use of SMTP aliases.

              Currently in the case the primary SMTP address used to authenticate to the mail server only authenticated primary SMTP address is used for the sender.

              Example:
              Sender Name: Helpdesk
              Username: support@example.com

              Results in the mail properties headers
              From: Helpdesk <support@example.com>
              and
              Return-Path: support@example.com

              Meanwhile the mail client displays identity of the authenticating account and not…

              10 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • sso
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
              • Need more options for training email reminders frequency

                It appears that there is currently only the option to email users daily if they have not completed their training or to disable the reminders completely. It would be beneficial to be able to change the frequency of these emails and to specify when to start sending reminders.
                1. Please allow the option to choose the amount of days between reminders. At a minimum allow to choose 1 to 7 days.
                2. Allow to select when to start sending reminders. For example, if the campaign runs for 2 months, start sending reminders at the 1 month mark, and then send…

                8 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • sso
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  Under Review  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
                • Add Users to New Campagin

                  I would like the ability to add a group of users to a new campaign from the campaign results screen.

                  The idea would be to look at the employee data from one campaign and take all of the users that failed and add them to another campaign in one fell swoop. That way we can target users that failed with another campaign soon after.

                  8 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • sso
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    Under Review  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                  • OS, Browser, Email Client should be available for staff who open and click links

                    Only when a user clicks a phishing link in an attack is the OS, browser, and other detailed information provided. It would be useful to display those details (such as email client - to distinguish full client/ web/ mobile access) for anyone who opens the email (downloads and displays the hidden tracking image).

                    It may not be possible to gather this information without the user clicking a link in the attack, but if they are users of Sophos endpoint protection this information is likely known and available through that platform.

                    The reasoning is simple...While clicking a link is most certainly…

                    7 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • sso
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                    • Rename or update an existing campain

                      It would be helpful to have the ability to edit an exisitng campain so that you can rename it, maybe add more users etc.

                      6 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • sso
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                      • Phish Threat Admin Role needed

                        To access Phish Threat, a user has to be granted Admin role. I would like more granual control over roles and permissions, so i can give the ownership of Phish Threat to someone without giving them access to everything else - Encryption, Endpoint Protection, Email Gateway, etc.

                        6 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • sso
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                        • attachment campaigns

                          Ability to choose at which step users will be automatically enrolled in the training. A user opening the email should already be enrolled so It would be great if we can choose the training enrollment trigger.

                          6 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • sso
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            Under Review  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                          • Automated Reporting / Scheduled Reports

                            It would be great to have a way to set up automated/scheduled reports to be emailed.
                            This feature would allow us to easily provide reports to our management team and compliance officers on a consistent schedule without having to tie up an administrators time pulling reports, exporting them and compiling them into email.

                            6 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • sso
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                            • On-the-fly Training Reminders

                              I would like to be able to send reminders for an outstanding campaign. The initially scheduled reminders were not completely effective in getting all participants to complete the training (in fact, just over 50% completed training, with 6 reminder emails sent!). I would like to be able to send reminders for all of those who have not completed training, at the push of a button. As I've requested previously, I'd also like to be able to inform managers of status of their employees at the push of a (different) button.

                              6 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • sso
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                2 comments  ·  Flag idea as inappropriate…  ·  Admin →
                              • Specify Work Hours

                                It would be nice if we could specify our normal business hours under General Settings or for a specific campaign so that emails would only be sent out during that time frame. We're finding that some users are not seeing emails due to sending out at odd hours.

                                6 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • sso
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  Under Review  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                • Export and Import the customized attack template between tenants

                                  As SaaS Provider of Phish Threat, they would like to share the same customized attack mail template between multiple tenants. Therefore, export/import feature is necessary for avoiding customizing per each tenant.

                                  5 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • sso
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Assign multiple training for a training only campaign

                                    Currently, it appears you are only allowed to choose 1 training for a training campaign. For us, it is a requirement to assign multiple videos/training to users. For example, we would like to assign both "Intro to Phishing and Password Overview" to all users in our organization to meet policy requirements. However, it is cumbersome and confusing to users if we assign multiple campaigns. Users then get multiple emails. Please introduce the feature to assign multiple training for one campaign.

                                    5 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • sso
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      Under Review  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Add ability to modify campaign data during or after a campaign has launched

                                      PhishThreat (PT) data cannot be modified during or after a campaign goes live. Since PT currently uses an independent user database (not tied to cloud AV - which is tied to Active Directory (AD)) user details can be incorrectly and permanently captured.

                                      Scenario1: A staff member is listed in a specific department in AD. The user list is exported from AD and imported to PT prior to the launch of a campaign. The campaign begins and the user is promoted/ transferred to a different department or the original department was wrong, the change is made in AD, and the export/…

                                      5 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • sso
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Manually Fail Users

                                        Currently, depending on the campaign type, the user fails the campaign when they do the action the campaign is testing. It would be nice to be able to manually fail users in a campaign. For example, if I ran a credentials harvesting campaign and a user clicks the link but doesn't enter their credentials. The system wont mark them as fail. However, in our opinion that is a failure. I would like to be able to manually mark the user as failed the campaign.

                                        5 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • sso
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          Under Review  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Manager Summary Feedback

                                          It would be neat if we could tell PT to send managers a summary of any active campaigns (e.g. once per week) so they know who of their employees is enrolled, and whether they have passed/failed the campaign or quiz.

                                          5 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • sso
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            1 comment  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4
                                          • Don't see your idea?

                                          Phish Threat

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.