Phish Threat

Suggest, discuss, and vote on new ideas for Sophos Phish Threat. Phishing attack simulation and training for your end users.

Phish Threat

Suggest, discuss, and vote on new ideas for Sophos Phish Threat. Phishing attack simulation and training for your end users.

Suggest an Idea..

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Connect users to Sophos cloud / synced users

    Connect Phish threat users to Sophos Central users synced from AD.

    2 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    • Status Page - A web page showing the health of Sophos Central Phish Threat

      Just like we have for Central but for Phish Threat: http://centralstatus.sophos.com

      Perhaps Phish Threat needs it's own page or it can be included into the existing one for Central. It would be good to show customers any issues with email flow, log in issues etc. This would help to deflect cases as well in the event of an outage which would cause many customers to call in.

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
      • Manager Summary Feedback

        It would be neat if we could tell PT to send managers a summary of any active campaigns (e.g. once per week) so they know who of their employees is enrolled, and whether they have passed/failed the campaign or quiz.

        2 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
        • Manager Notification Options

          Currently, Phish Threat will notify a manager if their employee fails a phishing attack. It would be nice if it could also inform a manager if their employee has passed the attack. Absent giving all managers access to the Sophos Cloud console, they have no way of ensuring their employees have taken and passed mandatory training. If this is to be delegated to them to ensure it happens, giving us an option to give them visibility if an employee passes OR fails the campaign or quiz would be valuable.

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
          • Phish Threat - time & wrong answers for Failed Trainings are missing

            It would be good, that we could see the date and time of the Failed Trainings of enrolled users, also his score and what answers he choosed...
            As it is now, when one choose list of users who had Failed the Training, bbut also retake that training again, you won´t see the date of Failed Training. For the system, it is Completed no matter what and it won´t show in statistics.

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
            • Allow a CSV export of information from the employee data page

              When identifying staff from the campaign's employee data page we'd like to be able to export that information as CSV to better identify, and address various scenarios, for instance those users who have "opened" an attack email (see: https://ideas.sophos.com/forums/593590-phish-threat/suggestions/19574035-os-browser-email-client-should-be-available-for) for more detail.

              Allowing an export of this information will enhance our ability to identify staff and provide proper guidance.

              4 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
              • OS, Browser, Email Client should be available for staff who open and click links

                Only when a user clicks a phishing link in an attack is the OS, browser, and other detailed information provided. It would be useful to display those details (such as email client - to distinguish full client/ web/ mobile access) for anyone who opens the email (downloads and displays the hidden tracking image).

                It may not be possible to gather this information without the user clicking a link in the attack, but if they are users of Sophos endpoint protection this information is likely known and available through that platform.

                The reasoning is simple...While clicking a link is most certainly…

                4 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                • Phish Threat - 0% isn´t a good score

                  It would be good that we could change, rewrite the "template" of the page after the user has failed the final quiz.

                  at 1) the customer would be able to customize the message sent to users, add specific informations or add additional contact within the organisation for help or anything else

                  at2) when the user fails the final quiz, 0% score is not simply a good score :)

                  2 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                  • Positive Reinforcement

                    Here is an idea for positive reinforcement for phishthreat.
                    If a user doesn’t fall victim to a phishing training have a “positive” email sent to them indicating that they successfully passed the training.
                    Obviously there would have to be time period allocated after the email was sent to determine if they do or do not click.

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                    • Phish Threat - add WYSIWYG editor to the Training module

                      The Training Campaign editor does not offer the same level as customisation as the Attack Campaigns. The customer needs to customise the look as the corporate standard.

                      The email comming from the Phish Threat platform has Basic Times New Roman font and gray background, content in white. I would suggest white background and Arial font or something simply.

                      2 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        1 comment  ·  Flag idea as inappropriate…  ·  Admin →
                      • Phish Threat - ability to add more languages

                        I would like to ADD new Language Set for PhishThreat, but not just editing the existing set of messages.
                        SETTINGS - GENERAL SETTINGS - LANGUAGES

                        My point is, that I can edit just pre-defined languages within central, but when I go to edit for example hindi or spanish language set, I still can´t mark this set as CZ or DE. Which is quite confusing. I only can create a group "DE" of users located in Germany, group "CZ" for users in Czech republic, then create a custom Attack template in appropriate language.

                        I know I can click on edit language…

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                        • Make it obvious that the employee is going to need to hear the audio within the training material within the Phish Threat console.

                          Most of the training we provide customers is in video format and requires the employee to hear what's being said. However most employees will not necessarily have headphones at work to view and hear these training videos. Perhaps consider this when creating more training but also ensure sysadmins are aware the training will require the employee to hear the audio to complete the training. That way they can pick and choose which training is better suited. Some offices allow headphones some might not.

                          2 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                          • Sophos to create new training material in other languages

                            At present the training material is only available in English and the user has no option to change this. Can we please look at creating more training material and make it available in other languages? Or, perhaps edit the existing training to make this available in other languages?

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                            • SMTP Configuration - Add "Send As" Field or modify use of "Sender Name" Field

                              Phish Threat SMTP configuration allows the admin to specify a Sender Name which populates part of the the FROM header field on the message. This is not the same as specifying "Send As" which would allow for the proper use of SMTP aliases.

                              Currently in the case the primary SMTP address used to authenticate to the mail server only authenticated primary SMTP address is used for the sender.

                              Example:
                              Sender Name: Helpdesk
                              Username: support@example.com

                              Results in the mail properties headers
                              From: Helpdesk <support@example.com>
                              and
                              Return-Path: support@example.com

                              Meanwhile the mail client displays identity of the authenticating account and not…

                              3 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                              • Reporting functionality - Users answers

                                Is it possible to produce a report of a user’s answers to all forms of the training questionnaires? Is this information stored and accessible anywhere?

                                1 vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                • Ability to upload/ edit training material

                                  Can it please be considered for customers to have the ability to upload their own training documents or videos? Or modify the exiting training documents?

                                  Customers might like to add their own training material into the Phish Threat site so it's more in line with their company. Would you please consider this or would we be reluctant to do so as we have some sort of duty to ensure the training is of sufficient quality and that covers the security topic well enough?

                                  6 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Whitelist by email headers

                                    On behalf of a customer - You need to have the option that most other phishing simulators have which is "Whitelist by Email Headers" Most other vendors have some kind of customer headers so that they can be whitelisted by rule in Office 365 mail. Without this feature Office 365 will mark all your simulation email as as spam.

                                    How knowbe4 does it: https://knowbe4.zendesk.com/hc/en-us/articles/212723707

                                    * I understand we provide details on how to whitelist by domain and IP so perhaps we can provide details on the email headers?

                                    2 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Don't see your idea?

                                    Phish Threat

                                    Feedback and Knowledge Base

                                    icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.