When any unauthorized user who does not have access to the ticket replies to a ticket via email, then those messages will be marked as suspicious and will be added to the private note instead of public comment, this message will be private and not visible to the customer until an agent reviews it manually and move it to public comment.
A suspicious note will be denoted by a tag Suspicious on the note and there will be a default message appended on the note.
When a user who is not a part of the ticket (For example, does not have permission to the ticket) the suspicious note will be added. Cases on which message will be added are listed below
- The user is not part of CC.
- The user is not part of the requester company (if access to share tickets in the organization is enabled).
- The user might have used an alternate email ID to reply to a ticket email (A different Email ID that he used for creating the ticket)
- The user forwards an email to some other user who is not part of the ticket, and that user has replied to the ticket.
- An attacker might have gained access to the email and replied to the ticket.
Purpose of suspicious note:
The main purpose of the suspicious notes is to prevent security flaws. Sometimes an attacker may gain access to the email and may reply to a ticket to gain access. If this comment is considered as a public comment directly instead of marking suspicious, it will add the attacker’s email in the ticket loop and consider that user as part of the ticket which will create a security flaw. This feature is implemented to avoid this flaw and not to allow any unauthorized user to have access to the ticket via email.
Convert to public comment:
When the agent finds that the suspicious message is valid, then it can be moved to public comment.
To move the suspicious messages to public comment, follow the given steps:
- Select the Move comment to public option to open a dialog box.
- Select Move to move the suspicious messages to public comment.
- The comment is moved from private to public and will be visible to the end-user.
- The end-user will be notified by email.