Help us enhance your Sophos Community experience. Share your thoughts in our Sophos Community survey.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Phish Threat v2 misreporting campaign results

Hi everyone,

I have recently sent out a campaign to all employee's and some are saying that they did not click on the link but the report shows that they did, I currently have a support case open with Sophos but we was unable to replicate the issue, they advised checking me to check Exchange logs or other appliance for any filtering that might open an email prior to delivery but we are more concerned about the link actually being clicked on.

No users ever reported this issue when I sent out previous campaigns in v1, this is the first time I have sent out a campaign in v2. I know that it is misreporting as it shows two users have clicked on the link when they have never logged onto their AD account as their AD accounts are both set to 'Change passwords at next logon', I have also checked if their emails are being forwarded via a Powershell command to which they are not.

Please can anyone help as we are worried that we will have to stop using Phish Threat due to incorrect results.

Kind regards

Kaylie



This thread was automatically locked due to age.
Parents
  • Wow, I am so sorry that I missed this ! 

    UPDATE: Back then I received this article https://community.sophos.com/kb/en-us/131747 from Sophos Support which basically says if the Phish Threat V2 IP address and domain names are not included in the allow list, Office 365 executes the links making it appear like an end user has clicked on the links. To ensure the proper execution of Phish Threat V2 with Office 365, set up an exception for the Phish Threat V2 IP addresses and domains for both Safe Links and Safe Attachments in Office 365 and provided a link on how to set up these exceptions.

    So I did this, I've now done more campaigns and the results are only showing the emails as being sent despite me opening the email, I have logged another support call with Sophos, I desperately need this working 

    Please help ! I can't be the only one experiencing this :-(

    Kind regards

    Kaylie

Reply
  • Wow, I am so sorry that I missed this ! 

    UPDATE: Back then I received this article https://community.sophos.com/kb/en-us/131747 from Sophos Support which basically says if the Phish Threat V2 IP address and domain names are not included in the allow list, Office 365 executes the links making it appear like an end user has clicked on the links. To ensure the proper execution of Phish Threat V2 with Office 365, set up an exception for the Phish Threat V2 IP addresses and domains for both Safe Links and Safe Attachments in Office 365 and provided a link on how to set up these exceptions.

    So I did this, I've now done more campaigns and the results are only showing the emails as being sent despite me opening the email, I have logged another support call with Sophos, I desperately need this working 

    Please help ! I can't be the only one experiencing this :-(

    Kind regards

    Kaylie

Children