Currently trialling Phish Threat and so far it ticks alot of boxes for us. However there are a few things I can't work out including how the reporting button in Outlook works.
When we send out a phishing campaign the user can click on the reporting button and the portal registers the fact that the user identified it as a phish. However, during general day-to-day usage if the user spots a potential phishing email which is not part of our campaign, and click the reporting button, the feedback suggest that the email is being forward to my IT security here but it doesn't show up anywhere. Looking at the documentation is seems that those notifications just go back to Sophos Support, is that correct?
By the way, I really like how easy the Phish Threat reporting button can be depolyed using Office 365 add-ins. Great for a distributed user base.
What happens when you report?
Instant feedback to employees is a terrific way of improving behaviour. That’s why any employee reporting a Phish Threat simulation will automatically receive an instant confirmation of the test.
Reports of all suspicious emails will be automatically forwarded to your designated Phish Threat inbox for greater visibility into the threats each organization faces. A copy will also be automatically sent to SophosLabs for further threat analysis - helping Sophos in its work to predict and prevent threats for all our customers.
In Central, you can configure additional Recipients for those Reports (like your Ticket System).