Confirmation Pop-Up For Converting Leads to Customers/Tickets

There should be a pop-up or message that asks for confirmation if you want to convert a lead into a ticket, and especially a customer. With one simple click, I just accidently converted a lead that was clearly a Chinese fishing scam that Synco demands I treat as an authentic lead, even though I had no intention of ever doing so. One click and now this Chinese fishing/malware site just received an email reply from us which could potentially lead to even more malicious emails to be sent to our company email.

From a security stand point, this is unacceptable. It seems to me that a simple message box that asks if I’m ACTUALLY wanting to convert the lead to an email could’ve prevented this. But now I have to worry about the future implications of this action occurring.

Hi @clucas, I have raised this with the engineering team so that they can look into this. Thanks for highlighting this vulnerability. For future reference, you can submit these types of discoveries directly to