We configured a Phish Threat attachment campaign and sent it to all mail-enabled users. This process worked as expected.
After the emails went out, support tickets began rolling in. Our end users said they never opened the email, much less the attachment.
At first, we were skeptical of the reports and directed our employees to complete the training. Then we got so many comments that we investigated further.
- One employee received the phishing email while they were away from their computer. The email was immediately swipe-left deleted on their iPhone without opening. This employee was flagged as caught and required to take the training.
- A second employee received the email on their iPhone and tapped on it to view the email. The iPhone automatically opened a preview of the attachment at the bottom of the message. This employee was also flagged as caught and required to take the training.
- The third employee received the email in Outlook on their Windows machine. It was immediately deleted without previewing or opening the message/attachment. This employee was NOT flagged as caught.
- We do have a sandboxing tool that is used to scan all inbound emails. If the scanning tool were the culprit, we would expect a 100% catch rate instead of the 42% currently shown in the campaign.
This chain of events leads us to believe there is something with how Apple iPhones manage/handle the receipt and deletion of emails and their attachments.
Has anyone else experienced this issue? Is there anything we can do to reduce the number of false positives?
This thread was automatically locked due to age.