Phish Threat

Suggest, discuss, and vote on new ideas for Sophos Phish Threat. Phishing attack simulation and training for your end users.

Phish Threat

Suggest, discuss, and vote on new ideas for Sophos Phish Threat. Phishing attack simulation and training for your end users.

  1. Acknowledgement Message Doesn't Match "Complete Training" Button

    The phishing training says the following:
    "By clicking "Acknowledge" or "Start Next Module" below, you agree that you have read this training material".

    There is no Acknowledge button, only a Complete Training button. This is confusing to the users.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Creating Groups Dynamically

    I would like the ability to create groups from within the tool, so that I can add people to groups based on how they respond to phish. For example, if someone gets under 100%, they are added to "ongoing training group a", and if they get under 60%, they are added to "ongoing training group b". The tool does not let me automate to that level, and I am not seeing a way to do it easily without adding users one-at-a-time to a new campaign.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  3. Attack Screenshot Too Small To be Read

    When some one receives an email after clicking on a phishing email we send the AttachScreenShot is so small they can't read it at all.

    Is there a way to make this bigger. Users have no idea what email link they actually clicked on that was the phishing.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Manually Fail Users

    Currently, depending on the campaign type, the user fails the campaign when they do the action the campaign is testing. It would be nice to be able to manually fail users in a campaign. For example, if I ran a credentials harvesting campaign and a user clicks the link but doesn't enter their credentials. The system wont mark them as fail. However, in our opinion that is a failure. I would like to be able to manually mark the user as failed the campaign.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Email Report for Campaign Status

    Currently, the only way to see the current state of a campaign (i.e. who click, who opened, etc.) is to login to the portal. It would be nice if there where an option to configure for the system to send an email. For example, an email could be sent to a specific address when a user in a campaign opens a phishing email.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Planned  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  6. Multiple Phased Attacks

    Need to be able to create a campaign that sends, in a time phase, multiple emails to the same user list. This would be configured today as multiple campaigns. If I knew I was going to have 3 attacks over time at the same user list, today I would create 3 campaigns. I'm requesting multiple attack <-> training pairs in the same campaign.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Need a training I can push to users before launch fake phishing emails.

    The product really needs a training I can push to users before I launch fake phishing emails. As the product is set up now, users can only be trained after falling for a phishing email. So, we have to just hope they fall for our fake phishing email before they click on a real one?!

    Also, we want our users to be really careful. Then we surprise them with a link or a pop up to a training. I think it would be a lot more effective if we could send out a message from our corporate email, timed with…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add Users to New Campagin

    I would like the ability to add a group of users to a new campaign from the campaign results screen.

    The idea would be to look at the employee data from one campaign and take all of the users that failed and add them to another campaign in one fell swoop. That way we can target users that failed with another campaign soon after.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Manager Summary Feedback

    It would be neat if we could tell PT to send managers a summary of any active campaigns (e.g. once per week) so they know who of their employees is enrolled, and whether they have passed/failed the campaign or quiz.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  10. Manager Notification Options

    Currently, Phish Threat will notify a manager if their employee fails a phishing attack. It would be nice if it could also inform a manager if their employee has passed the attack. Absent giving all managers access to the Sophos Cloud console, they have no way of ensuring their employees have taken and passed mandatory training. If this is to be delegated to them to ensure it happens, giving us an option to give them visibility if an employee passes OR fails the campaign or quiz would be valuable.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Phish Threat - time & wrong answers for Failed Trainings are missing

    It would be good, that we could see the date and time of the Failed Trainings of enrolled users, also his score and what answers he choosed...
    As it is now, when one choose list of users who had Failed the Training, bbut also retake that training again, you won´t see the date of Failed Training. For the system, it is Completed no matter what and it won´t show in statistics.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. OS, Browser, Email Client should be available for staff who open and click links

    Only when a user clicks a phishing link in an attack is the OS, browser, and other detailed information provided. It would be useful to display those details (such as email client - to distinguish full client/ web/ mobile access) for anyone who opens the email (downloads and displays the hidden tracking image).

    It may not be possible to gather this information without the user clicking a link in the attack, but if they are users of Sophos endpoint protection this information is likely known and available through that platform.

    The reasoning is simple...While clicking a link is most certainly…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Phish Threat - 0% isn´t a good score

    It would be good that we could change, rewrite the "template" of the page after the user has failed the final quiz.

    at 1) the customer would be able to customize the message sent to users, add specific informations or add additional contact within the organisation for help or anything else

    at2) when the user fails the final quiz, 0% score is not simply a good score :)

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Phish Threat - add WYSIWYG editor to the Training module

    The Training Campaign editor does not offer the same level as customisation as the Attack Campaigns. The customer needs to customise the look as the corporate standard.

    The email comming from the Phish Threat platform has Basic Times New Roman font and gray background, content in white. I would suggest white background and Arial font or something simply.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  15. Make it obvious that the employee is going to need to hear the audio within the training material within the Phish Threat console.

    Most of the training we provide customers is in video format and requires the employee to hear what's being said. However most employees will not necessarily have headphones at work to view and hear these training videos. Perhaps consider this when creating more training but also ensure sysadmins are aware the training will require the employee to hear the audio to complete the training. That way they can pick and choose which training is better suited. Some offices allow headphones some might not.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. SMTP Configuration - Add "Send As" Field or modify use of "Sender Name" Field

    Phish Threat SMTP configuration allows the admin to specify a Sender Name which populates part of the the FROM header field on the message. This is not the same as specifying "Send As" which would allow for the proper use of SMTP aliases.

    Currently in the case the primary SMTP address used to authenticate to the mail server only authenticated primary SMTP address is used for the sender.

    Example:
    Sender Name: Helpdesk
    Username: support@example.com

    Results in the mail properties headers
    From: Helpdesk <support@example.com>
    and
    Return-Path: support@example.com

    Meanwhile the mail client displays identity of the authenticating account and not…

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Reporting functionality - Users answers

    Is it possible to produce a report of a user’s answers to all forms of the training questionnaires? Is this information stored and accessible anywhere?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Ability to upload/ edit training material

    Can it please be considered for customers to have the ability to upload their own training documents or videos? Or modify the exiting training documents?

    Customers might like to add their own training material into the Phish Threat site so it's more in line with their company. Would you please consider this or would we be reluctant to do so as we have some sort of duty to ensure the training is of sufficient quality and that covers the security topic well enough?

    39 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Flag idea as inappropriate…  ·  Admin →
1 2 3 4 5 7 Next →
  • Don't see your idea?

Phish Threat

Categories

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.