There should be a pop-up or message that asks for confirmation if you want to convert a lead into a ticket, and especially a customer. With one simple click, I just accidently converted a lead that was clearly a Chinese fishing scam that Synco demands I treat as an authentic lead, even though I had no intention of ever doing so. One click and now this Chinese fishing/malware site just received an email reply from us which could potentially lead to even more malicious emails to be sent to our company email.
From a security stand point, this is unacceptable. It seems to me that a simple message box that asks if I’m ACTUALLY wanting to convert the lead to an email could’ve prevented this. But now I have to worry about the future implications of this action occurring.