English (US)
  1. Zendesk help
  2. Agent guide
  3. Ticket management

About flagged tickets

Jennifer Rowe
  • Edited
Zendesk Documentation Team

What's my plan?

Suite allall plans

Depending on how your account is set up, there may be times when tickets are flagged to bring attention to a potential risk. When a ticket is flagged it means that a flag appears as a warning icon beside a comment in the ticket. The ticket is not flagged in any ticket views but you can hover over the warning flag to see more information.

Your workflow isn’t affected when tickets are flagged but there are certain actions you can take to handle flagged tickets. Read this article to understand when tickets are flagged and the options available to handle them.

This article inclues these sections:

Understanding when tickets are flagged

Tickets may be flagged when a customer submits a ticket without signing in or when an unknown user, who was not added to the ticket as a CC, updates an existing ticket.

  • Flagged tickets from registered users who are not signed-in

    With an open Zendesk Support instance you can allow customers to submit tickets without registering for an account or signing in to an existing account. This lets your customers to get help quickly, without taking extra time to register or log in.

    However, if a customer submits a ticket without signing in, it will be flagged. This is done because the user supplies an email address when they submit the ticket, and it is relatively easy for a user to pretend to be someone else by using an email address they don't own. So there is an inherent risk that comes with allowing ticket submission by users who are not signed, and it can be an opportunity for social engineering.

  • Flagged tickets from unknown users

    Tickets are also flagged if an unknown user, who was not added to the ticket by the requester or an agent as a CC, updates an existing ticket. The unknown user’s comment is flagged and added to the comment stream as a private note. Most likely the email was forwarded by the requester to an unknown user or to an unverified email account (such as a secondary email address), and then replied to.

Handling flagged tickets

Consider the following options when handling a flagged ticket.

To handle a flagged ticket
  • If you're comfortable with the comment, ignore the warning flag and handle the ticket as you normally would. You cannot remove the flag.
  • If you're not comfortable with the comment, you can raise a concern with your manager or consider temporarily suspending the user.

    Depending on the nature of the comment, you might want to raise a concern about the ticket with your manager. Also, you can consider temporarily suspending the user, to prevent them from submitting more tickets, until you can investigate and feel comfortable enough to reinstate the user. (See Suspending a user).

  • To allow the new user to comment publicly on the ticket, an agent, the requester, or a CC on the ticket must add the user as a CC. The Make email comments from CCed end users public (not recommended) option must also be enabled. See Changing the default comment privacy for end user CCs for why we don't recommend enabling this option.
Note: If you continue to see flagged comments by the same user, and you think that person might be trying to gain unauthorized access, contact our customer service team.
Return to top

6 Comments

  • Tommy

    Hi Jennifer,

    Is there any way to add this flag from the Zendesk API? Currently when I try to do it, it adds the flag to the 'custom' section of the metadata, as opposed to actually editing the 'flags' section of the metdata? Thanks!

    0
  • Erica Girges
    Zendesk Developer Advocacy

    This request was closed and merged into request #9708925 "[Community Post] Adding Flags to...".

    0
  • Ksenia Shanyuk

    Reference above, we have some users who have multiple sites with us. And at times they raise tickets from a different email domain, i do not recall below message pops before, but will this fall under this scenario where it is just ZD flagging the fact the the ticket is raised by a person with a different email address as opposed to what is registered under this particular site?

    0
  • Justin Near

    How do you remove the flag "This ticket is flagged as a potential risk"?

    0
  • Matan Arik

    I'm a little confused as to why it suddenly started happening after over a year. But every ticket from our typeform is now being flagged. 
    How can we remove this potential risk flagging? 

    Can we not have a - This message is not suspicious for me to cancel it?
    Or have the allowlist option to affect "This message is suspicious"? 


     

    0
  • Anne Ronalter
    Zendesk Customer Care
    Hello Ksenia and Justin,

    it seems like both of you are referring to the new feature that has already been rolled back due to customer Feedback which is using ticket alerts to help defend against email phishing attacks.

    You can read more about it in this article:
    https://support.zendesk.com/hc/en-us/articles/4538847988378--Rolled-back-Using-ticket-alerts-to-help-defend-against-email-phishing-attacks
    0

Please sign in to leave a comment.

Related articles

Powered by Zendesk