Email Impersonation Report 


Early Access customers can now get answers to a critical question: "Which users are being targeted by BEC?" We've recently out impersonating reporting to our EAP customers, providing visibility into users that are being targeted with BEC and other types of impersonation attacks.


Release Highlights 

  • Impersonation customers will notice the At Risk Users report now contains two new fields; 'Risk Index and 'number of impersonation emails'. The risk index is assigned per user based on the total number of impersonation emails received and risky URLs clicked. 

  • Clicking the Risk Index number will provide drill-down access to the email(s) used in the attack. 
  • We've also enhanced the message history reports for impersonated emails to help you understand the type of impersonation attack, and whether the user replied to or not. 


  • As always, you can create one-click training campaigns via Phish Threat from the At Risk Users report. 


How to Take Part

Early Access customers are not required to take additional steps to access the report. It's currently available to all EAP customers.

If you have not joined the EAP, please follow these instructions:

To join the Email Impersonation Protection EAP simply log into Sophos Central > Select Early Access Programs > Select ‘Join’ > Accept the terms and get stated. Note: This EAP is only available to existing Sophos Email Advanced accounts.


Where to Send Your Feedback

Please provide all feedback about this early access program in our Sophos Email Community Forum.



  • Impersonation protection is available to Sophos Email Advanced license customers only.