We configured a Phish Threat attachment campaign and sent it to all mail-enabled users. This process worked as expected.
After the emails went out, support tickets began rolling in. Our end users said they never opened the email, much less the attachment.
At first, we were skeptical of the reports and directed our employees to complete the training. Then we got so many comments that we investigated further.
This chain of events leads us to believe there is something with how Apple iPhones manage/handle the receipt and deletion of emails and their attachments.
Has anyone else experienced this issue? Is there anything we can do to reduce the number of false positives?
Hi Bonnie,
Thanks for reaching out to the Sophos Community Forum.
I'd suggest raising a case with our support team if you have not already, as this sounds quite unusual. To ensure your email filtering tools aren’t affecting the results reported back, I'd suggest trying to white-list the sender domains from your email filter.
On your end-users iPhones is the default mail app being used?
Hi Kushal,
Yes, a support request has been raised and I’m awaiting their response (#05715918).
On the suggestion to white list the domains, we did this when we began using the product. If we hadn’t done it correctly, none of our users would have received the emails to begin with. In this campaign, all 200 messages were delivered and 84 people were reported as having opened the attachment.
And we have a mixed bag of default mail app as well as the Microsoft Outlook app. Both apps are providing false positive reports.