Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 8 replies
  • Subscribers 11 subscribers
  • Views 8558 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Phish Threat v2 misreporting campaign results

Kaylie Watts

Hi everyone,

I have recently sent out a campaign to all employee's and some are saying that they did not click on the link but the report shows that they did, I currently have a support case open with Sophos but we was unable to replicate the issue, they advised checking me to check Exchange logs or other appliance for any filtering that might open an email prior to delivery but we are more concerned about the link actually being clicked on.

No users ever reported this issue when I sent out previous campaigns in v1, this is the first time I have sent out a campaign in v2. I know that it is misreporting as it shows two users have clicked on the link when they have never logged onto their AD account as their AD accounts are both set to 'Change passwords at next logon', I have also checked if their emails are being forwarded via a Powershell command to which they are not.

Please can anyone help as we are worried that we will have to stop using Phish Threat due to incorrect results.

Kind regards

Kaylie



This thread was automatically locked due to age.
Parents Reply Children
  • +1 in reply to FloSupport

    I have a fix! Provided by Sophos

    1. Follow this artice https://community.sophos.com/kb/en-us/131747 to whitelist the Sophos addresses / domains within Office 365 and your spam filter (Mine is Mimecast) - Create the bypass safe links and attachments within Office 365.

    2. The 'Open' statistics will not be reported until the tracking image in the Phish Threat Campaign email has been downloaded. Your current email client settings prevent the automatic download of images in emails, so this is why the 'Open' statistic fails to be reported in the Phish Threat Dashboard. To workaround this issue, follow this article: https://sophos.com/kb/127575 to which it provides this link: https://support.microsoft.com/en-ph/help/2252421/how-to-deploy-junk-email-settings-such-as-the-safe-senders-list-by-usi which is a Microsoft article - This isn't as clear as it needs to be, I followed it to a tea and it caused major issues having the junk email folder setting to Safe Lists Only as it made legitimate emails constantly go to users junk folders, the setting needs to be "No Automatic Filtering":

    The Safe Senders and Safe Recipients need to contain the Sophos domains in, these can be imported via a text file but the text file needs to be stored in a drive where all users have access to.

    I hope this helps! It has worked for me and I am so glad !

    Kind regards

    Kaylie

Unfiltered HTML