A while ago we've been reported that some users received worrying scores, although the customers who allegedly submitted the scores didn't even open the email surveys.
Our product team investigated the issue and concluded that some of the customers had antivirus systems that checked each new email for unsafe/phishing URLs.
These systems were randomly accessing URLs in the email surveys and checking for harmful content.
Until recently, once a score button was clicked in the email survey, the score was automatically added to the customer's dashboard, even if they didn't hit the submit response button. This is known as a first intent score, which can be changed by the respondent before hitting the Submit button.
Following this logic, once an antivirus system checked a link in the email survey, the score was automatically added to the dashboard.
We've replicated this issue with several antivirus systems and implemented an algorithm to avoid it.
Our antivirus detection would automatically block the scores submitted by well-known systems such as Symantec, Microsoft Outlook Protection, Mimecast, Messagelabs, etc.
However as they might also be evolving and other similar systems launched in the future, there is another generic check in place which monitors antivirus-like patterns and logs them.
Once such a score, potentially left by a generic antivirus is detected, it will be displayed in your feedback widget with a warning (!) sign (as per the image below). At this point, it is up to you whether to delete it at all or just ignore it from the NPS calculation.
Since the antivirus has already submitted a score to the initial survey, the original respondent would not be able to submit his feedback. Make sure to resend your email survey and give a chance to the actual respondent to leave his feedback.
We will further monitor our system to make sure our algorithms are continuously improved and such issues are avoided. If you have something to report on the received score, please get in touch with us.