This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Phish Threat v2 misreporting campaign results

Hi everyone,

I have recently sent out a campaign to all employee's and some are saying that they did not click on the link but the report shows that they did, I currently have a support case open with Sophos but we was unable to replicate the issue, they advised checking me to check Exchange logs or other appliance for any filtering that might open an email prior to delivery but we are more concerned about the link actually being clicked on.

No users ever reported this issue when I sent out previous campaigns in v1, this is the first time I have sent out a campaign in v2. I know that it is misreporting as it shows two users have clicked on the link when they have never logged onto their AD account as their AD accounts are both set to 'Change passwords at next logon', I have also checked if their emails are being forwarded via a Powershell command to which they are not.

Please can anyone help as we are worried that we will have to stop using Phish Threat due to incorrect results.

Kind regards

Kaylie



This thread was automatically locked due to age.
Parents
  • I gotta ask, please do not take this as me being a Smart A**

     

    But basically you are saying that you ran the first test with no issues, but when you ran the 2nd test many users are saying they did not click on the link but Sophos shows them doing so?

     

    If that's the case I would suggest that maybe they are just telling you that???  Many people know if they make a big enough stink, things go away.

     

    Also just a thought, but send out another campaign and ask everyone to not even open the email or just send it to a few people you know for sure will follow your instructions, wait a week and see if Sophos reports any as clicking on the link.  This way you would know if something is opening the emails before getting to their mail box.

     

    Also and I just do not remember, but is there a timestamp on when they opened the link?  And if so is it before or after the mail arrived in their mailbox?

    Respectfully, 

     

    Badrobot

     

Reply
  • I gotta ask, please do not take this as me being a Smart A**

     

    But basically you are saying that you ran the first test with no issues, but when you ran the 2nd test many users are saying they did not click on the link but Sophos shows them doing so?

     

    If that's the case I would suggest that maybe they are just telling you that???  Many people know if they make a big enough stink, things go away.

     

    Also just a thought, but send out another campaign and ask everyone to not even open the email or just send it to a few people you know for sure will follow your instructions, wait a week and see if Sophos reports any as clicking on the link.  This way you would know if something is opening the emails before getting to their mail box.

     

    Also and I just do not remember, but is there a timestamp on when they opened the link?  And if so is it before or after the mail arrived in their mailbox?

    Respectfully, 

     

    Badrobot

     

Children
No Data