Phish Threat
Suggest, discuss, and vote on new ideas for Sophos Phish Threat. Phishing attack simulation and training for your end users.
-
attachment campaigns
Ability to choose at which step users will be automatically enrolled in the training. A user opening the email should already be enrolled so It would be great if we can choose the training enrollment trigger.
9 votes -
Adopt a Pet Campaign Enhancement
If I use the Adopt a Pet campaign, you should allow the user to see the actual video of the cute puppies after they take the training.
3 votes -
Automated Reporting / Scheduled Reports
It would be great to have a way to set up automated/scheduled reports to be emailed.
This feature would allow us to easily provide reports to our management team and compliance officers on a consistent schedule without having to tie up an administrators time pulling reports, exporting them and compiling them into email.16 votes -
Resume Training Later
For the Modules that cannot save progress midway through, can a disclaimer please be added, or the wording changed to make it clear that "Don't have time now? Click Here to receive an email to resume training later" actually means that the user will lose all progress and have to start again from the beginning
5 votes -
CrossFit email template
How about a CrossFit themed e-mail template?
4 votes -
Phishing Campaign Employee Data
I see a "search" option within the Employee Data page of a campaign, and it states that I can search by name, department, job title, or email. I typed in a department name which I copied and pasted from the campaign summary page, and it found no results.
In an ideal world, either this would work, or there would be a department drop-down that would allow me to filter.3 votes -
We'd like to assign arbitrary points
The attack sophistication 1 through 5 is perfect. Now we'd like to be able to assign that 1/2/3/4/5 point value to each campaign we run, and have that metric used for evaluating users. A custom report would be good. If one user clicked two 5 point campaigns, he or she is more dangerous to us than someone that has clicked three 1 point campaigns.
We are currently keeping track of these points via spreadsheet and would like it integrated to Phish Threat.2 votes -
On-the-fly Training Reminders
I would like to be able to send reminders for an outstanding campaign. The initially scheduled reminders were not completely effective in getting all participants to complete the training (in fact, just over 50% completed training, with 6 reminder emails sent!). I would like to be able to send reminders for all of those who have not completed training, at the push of a button. As I've requested previously, I'd also like to be able to inform managers of status of their employees at the push of a (different) button.
10 votes -
Specify Work Hours
It would be nice if we could specify our normal business hours under General Settings or for a specific campaign so that emails would only be sent out during that time frame. We're finding that some users are not seeing emails due to sending out at odd hours.
12 votes -
Acknowledgement Message Doesn't Match "Complete Training" Button
The phishing training says the following:
"By clicking "Acknowledge" or "Start Next Module" below, you agree that you have read this training material".There is no Acknowledge button, only a Complete Training button. This is confusing to the users.
2 votes -
Creating Groups Dynamically
I would like the ability to create groups from within the tool, so that I can add people to groups based on how they respond to phish. For example, if someone gets under 100%, they are added to "ongoing training group a", and if they get under 60%, they are added to "ongoing training group b". The tool does not let me automate to that level, and I am not seeing a way to do it easily without adding users one-at-a-time to a new campaign.
6 votes -
Attack Screenshot Too Small To be Read
When some one receives an email after clicking on a phishing email we send the AttachScreenShot is so small they can't read it at all.
Is there a way to make this bigger. Users have no idea what email link they actually clicked on that was the phishing.
4 votes -
Manually Fail Users
Currently, depending on the campaign type, the user fails the campaign when they do the action the campaign is testing. It would be nice to be able to manually fail users in a campaign. For example, if I ran a credentials harvesting campaign and a user clicks the link but doesn't enter their credentials. The system wont mark them as fail. However, in our opinion that is a failure. I would like to be able to manually mark the user as failed the campaign.
7 votes -
Email Report for Campaign Status
Currently, the only way to see the current state of a campaign (i.e. who click, who opened, etc.) is to login to the portal. It would be nice if there where an option to configure for the system to send an email. For example, an email could be sent to a specific address when a user in a campaign opens a phishing email.
5 votes -
Multiple Phased Attacks
Need to be able to create a campaign that sends, in a time phase, multiple emails to the same user list. This would be configured today as multiple campaigns. If I knew I was going to have 3 attacks over time at the same user list, today I would create 3 campaigns. I'm requesting multiple attack <-> training pairs in the same campaign.
7 votesWe are planning to support this in the first half of 2019.
If you have interest in this idea, I’d love to have a quick chat to learn more about your needs. If you’re up for it, please schedule time on my calendar: https://calendly.com/scott-epple-sophos/15min
Thanks,
Scott -
Need a training I can push to users before launch fake phishing emails.
The product really needs a training I can push to users before I launch fake phishing emails. As the product is set up now, users can only be trained after falling for a phishing email. So, we have to just hope they fall for our fake phishing email before they click on a real one?!
Also, we want our users to be really careful. Then we surprise them with a link or a pop up to a training. I think it would be a lot more effective if we could send out a message from our corporate email, timed with…
5 votes -
Add Users to New Campagin
I would like the ability to add a group of users to a new campaign from the campaign results screen.
The idea would be to look at the employee data from one campaign and take all of the users that failed and add them to another campaign in one fell swoop. That way we can target users that failed with another campaign soon after.
12 votes -
Manager Summary Feedback
It would be neat if we could tell PT to send managers a summary of any active campaigns (e.g. once per week) so they know who of their employees is enrolled, and whether they have passed/failed the campaign or quiz.
5 votes -
Manager Notification Options
Currently, Phish Threat will notify a manager if their employee fails a phishing attack. It would be nice if it could also inform a manager if their employee has passed the attack. Absent giving all managers access to the Sophos Cloud console, they have no way of ensuring their employees have taken and passed mandatory training. If this is to be delegated to them to ensure it happens, giving us an option to give them visibility if an employee passes OR fails the campaign or quiz would be valuable.
7 votes -
Phish Threat - time & wrong answers for Failed Trainings are missing
It would be good, that we could see the date and time of the Failed Trainings of enrolled users, also his score and what answers he choosed...
As it is now, when one choose list of users who had Failed the Training, bbut also retake that training again, you won´t see the date of Failed Training. For the system, it is Completed no matter what and it won´t show in statistics.3 votes
- Don't see your idea?