Phish Threat

← Sophos Ideas

Suggest, discuss, and vote on new ideas for Sophos Phish Threat. Phishing attack simulation and training for your end users.

Suggest an Idea..

Search or create a new suggestion

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

Phish Threat - time & wrong answers for Failed Trainings are missing

It would be good, that we could see the date and time of the Failed Trainings of enrolled users, also his score and what answers he choosed...
As it is now, when one choose list of users who had Failed the Training, bbut also retake that training again, you won´t see the date of Failed Training. For the system, it is Completed no matter what and it won´t show in statistics.
3 votes
Sign in
prestine

Your name

Your email address
Check!

invalid email

(thinking…)

Reset

or sign in with

UserVoice password

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea
0 comments · Flag idea as inappropriate… · Delete… · Admin →
OS, Browser, Email Client should be available for staff who open and click links

Only when a user clicks a phishing link in an attack is the OS, browser, and other detailed information provided. It would be useful to display those details (such as email client - to distinguish full client/ web/ mobile access) for anyone who opens the email (downloads and displays the hidden tracking image).

It may not be possible to gather this information without the user clicking a link in the attack, but if they are users of Sophos endpoint protection this information is likely known and available through that platform.

The reasoning is simple...While clicking a link is most certainly bad, just opening an email (downloading the images) increases the likelihood they will be phished/ spammed in the future by validating to the sender the address has a reader.

Our staff using company provided laptops have the setting to disallow automatic downloading of images in their email client, however, 20% of our staff opened the emails in our first campaign, and probably were guilty of doing so via a mobile device without such a setting by default. Knowing the cause of the opened emails will allow us to provide direct guidance to prevent staff from validating their accounts to spammers and phishers.

Only when a user clicks a phishing link in an attack is the OS, browser, and other detailed information provided. It would be useful to display those details (such as email client - to distinguish full client/ web/ mobile access) for anyone who opens the email (downloads and displays the hidden tracking image).

It may not be possible to gather this information without the user clicking a link in the attack, but if they are users of Sophos endpoint protection this information is likely known and available through that platform.

The reasoning is simple...While clicking a link is most certainly…
7 votes
Sign in
prestine

Your name

Your email address
Check!

invalid email

(thinking…)

Reset

or sign in with

UserVoice password

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea
0 comments · Flag idea as inappropriate… · Delete… · Admin →
Phish Threat - 0% isn´t a good score

It would be good that we could change, rewrite the "template" of the page after the user has failed the final quiz.

at 1) the customer would be able to customize the message sent to users, add specific informations or add additional contact within the organisation for help or anything else

at2) when the user fails the final quiz, 0% score is not simply a good score :)
2 votes
Sign in
prestine

Your name

Your email address
Check!

invalid email

(thinking…)

Reset

or sign in with

UserVoice password

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea
0 comments · Flag idea as inappropriate… · Delete… · Admin →
Phish Threat - add WYSIWYG editor to the Training module

The Training Campaign editor does not offer the same level as customisation as the Attack Campaigns. The customer needs to customise the look as the corporate standard.

The email comming from the Phish Threat platform has Basic Times New Roman font and gray background, content in white. I would suggest white background and Arial font or something simply.
4 votes
Sign in
prestine

Your name

Your email address
Check!

invalid email

(thinking…)

Reset

or sign in with

UserVoice password

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea
1 comment · Flag idea as inappropriate… · Delete… · Admin →
Make it obvious that the employee is going to need to hear the audio within the training material within the Phish Threat console.

Most of the training we provide customers is in video format and requires the employee to hear what's being said. However most employees will not necessarily have headphones at work to view and hear these training videos. Perhaps consider this when creating more training but also ensure sysadmins are aware the training will require the employee to hear the audio to complete the training. That way they can pick and choose which training is better suited. Some offices allow headphones some might not.
3 votes
Sign in
prestine

Your name

Your email address
Check!

invalid email

(thinking…)

Reset

or sign in with

UserVoice password

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea
0 comments · Flag idea as inappropriate… · Delete… · Admin →
SMTP Configuration - Add "Send As" Field or modify use of "Sender Name" Field

Phish Threat SMTP configuration allows the admin to specify a Sender Name which populates part of the the FROM header field on the message. This is not the same as specifying "Send As" which would allow for the proper use of SMTP aliases.

Currently in the case the primary SMTP address used to authenticate to the mail server only authenticated primary SMTP address is used for the sender.

Example:
Sender Name: Helpdesk
Username: support@example.com

Results in the mail properties headers
From: Helpdesk <support@example.com>
and
Return-Path: support@example.com

Meanwhile the mail client displays identity of the authenticating account and not the configured alias.

Phish Threat SMTP configuration allows the admin to specify a Sender Name which populates part of the the FROM header field on the message. This is not the same as specifying "Send As" which would allow for the proper use of SMTP aliases.

Currently in the case the primary SMTP address used to authenticate to the mail server only authenticated primary SMTP address is used for the sender.

Example:
Sender Name: Helpdesk
Username: support@example.com

Results in the mail properties headers
From: Helpdesk <support@example.com>
and
Return-Path: support@example.com

Meanwhile the mail client displays identity of the authenticating account and not…
10 votes
Sign in
prestine

Your name

Your email address
Check!

invalid email

(thinking…)

Reset

or sign in with

UserVoice password

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea
0 comments · Flag idea as inappropriate… · Delete… · Admin →

Under Review · AdminScott Epple (Admin, Sophos Features & Ideas Laboratory) responded

Thanks for the suggestion. We are considering this for a future update of Phish Threat.
Reporting functionality - Users answers

Is it possible to produce a report of a user’s answers to all forms of the training questionnaires? Is this information stored and accessible anywhere?
1 vote
Sign in
prestine

Your name

Your email address
Check!

invalid email

(thinking…)

Reset

or sign in with

UserVoice password

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea
0 comments · Flag idea as inappropriate… · Delete… · Admin →
Ability to upload/ edit training material

Can it please be considered for customers to have the ability to upload their own training documents or videos? Or modify the exiting training documents?

Customers might like to add their own training material into the Phish Threat site so it's more in line with their company. Would you please consider this or would we be reluctant to do so as we have some sort of duty to ensure the training is of sufficient quality and that covers the security topic well enough?
30 votes
Sign in
prestine

Your name

Your email address
Check!

invalid email

(thinking…)

Reset

or sign in with

UserVoice password

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

We’ll send you updates on this idea
3 comments · Flag idea as inappropriate… · Delete… · Admin →

← Previous 1 2 3 4 Next →

Don't see your idea?

Ideas / Phish Threat

Phish Threat

Phish Threat

Suggest an Idea..

Phish Threat - time & wrong answers for Failed Trainings are missing

OS, Browser, Email Client should be available for staff who open and click links

Phish Threat - 0% isn´t a good score

Phish Threat - add WYSIWYG editor to the Training module

Make it obvious that the employee is going to need to hear the audio within the training material within the Phish Threat console.

SMTP Configuration - Add "Send As" Field or modify use of "Sender Name" Field

Reporting functionality - Users answers

Ability to upload/ edit training material

Feedback

Phish Threat

Feedback and Knowledge Base

Searching…

Give feedback

Sophos Features & Ideas Laboratory

Your password has been reset