How attachment opened and macros enabled are tracked
Attachment opens are tracked by a small tracking image placed within the attachment. If that image is allowed to load (i.e. the user opens the file), then your console will report the attachment as being opened.
For macro attachments, the file is "beaconized" and will "call home" to our servers when the macro is enabled, and the enabled macro will be recorded in your phishing campaign results.
Why are my attachments not showing as open?
If you have conducted an attachment phishing test and you find your results to potentially be inaccurate, then the following may be occurring:
- Your user must open the attachment in its native program in order for it to be tracked. (Adobe for PDF attachments, Excel for .XLS attachments, Word for .DOC attachments, and so on.)
- If your users are only using a preview method to look at the attachment, this may not count as an opened attachment.
- If a user clicks on the link in the attachment preview, this will be tracked as an attachment opened and clicked.