Not so much a feature request as unintentional beta testing, lol
R
Rural Dragon
So... ran into a fun one I'm not sure if you guys would like to address or leave it as an unusual set of circumstances. Had a user use the report-a-phish button to report an email, one of our engineers identified the email headers as all wrong using the pod, then used one of my tools to create a blocked spoof pair for that IP address. Then because something seemed odd, they passed the ticket back to me for a second opinion.
Turns out, this was one of your phish sims. But what happened was the original recipient WAS NOT the one who reported it. The recipient forwarded it to someone else in the org and asked if it was legit, then that someone else is the one who reported it... so the automation which gives the reporter kudos for catching a simulated phish didn't trigger. lol.
Again, not a feature request, just an odd scenario I thought the dev team might be interested in hearing about. I'm guessing there's something in the report button that's configured to check the header for the intended recipient's objectID or something and triggers if it matches up, but since this was forwarded, it was a different user's objectID, so it went through with the ticket creation in our Connectwise PSA instead. lol.
T
Tanner LaMarche
Rural Dragon honestly surprised we haven't heard about this type of thing happening sooner - thanks for the insight Joel!