Read this tutorial, or watch our Monitoring Phishing Campaigns video, to learn more about this topic.
Monitoring Individual Phishing Campaigns
While under your Phishing tab, you can click on the Campaigns tab to take you to a list of your active phishing campaigns. Clicking on an individual campaign title will take you to the campaign overview screen for that specific campaign, where you can monitor that campaign and obtain reports.
Campaign Monitoring screen
One-time Phishing Test
If the campaign was a one-time test, you will see an overview of your phish-prone percentage, clicks in the first 8 hours, clicks by day, as well as other useful information such as the location of where the click came from. You can also quickly download a list of any phishing test failures by clicking the green "Download Campaign Clickers" link on the top right of the overview page.
Overview of One-Time Phishing Test
To see detailed results of who failed your phishing test, click the Users tab beneath that individual campaign. Jump to section: DETAILED RESULTS ON USERS WHO FAILED
Maps: Where are my clickers located?
On any individual phishing campaign screen, you will see a map of exactly where your phishing test failures occurred. This map is generated by geolocating the IP addresses that our system receives upon a phishing test failure (typically, this will be where your users are physically located). This map is located towards the bottom of the Overview screen.
You can hover over any area of activity on your map to view both the IP address and the number of failures located in that area.
If your phishing test failures only occur in one country, you will see that individual country map only. An example for clickers who are only based in the United States is shown below:
Ongoing or Recurring Phishing Tests
If the campaign was a recurring campaign, running on an ongoing basis, you can see the phish-prone percentage over the course of the campaign, as well as the top 50 users that clicked on phishing links over the campaign’s duration.
Overview of Recurring Phishing Test
On recurrent campaigns, you can click on “Phishing Security Tests” to see a list of all the tests that have run as part of that campaign. You can drill down further and see test-specific information by clicking on each test.
List of Phishing Tests in an Ongoing Campaign
Click on any individual campaign to view that particular campaign's overview screen and results. You can click on the Users tab beneath that campaign to view detailed results on users who failed your phishing test. Jump to section: DETAILED RESULTS ON USERS WHO FAILED
Detailed Results: Who failed your phishing test?
The Users tab beneath any individual phishing campaign will show exactly who failed your phishing test. Failures that we track in our console include clicking on links, opening attachments, enabling macros on attachments, allowing an EZXploit applet to run, or entering data on a landing page. If you've installed our Phish Alert Button, we'll also let you know who reported the email as a phishing email.
Phishing Test Users Tab: Overview
1) Recipients: A list of all users who will receive a simulated phishing email in this campaign.
2) Delivered: When the email is delivered to your mail server.
3) Opened: When a user opens a simulated phishing email, this is recorded using a small tracking image automatically placed in each email. When the image loads, we are able to track the open in our system. This tracking image can be removed from all phishing tests in your Account settings if desired. NOTE: We will automatically record a simulated phishing email as "opened" when the user fails your phishing test by clicking a link or opening an attachment.
4) Clicked: A list of all clickers in a campaign, including the date and time they clicked, as well as their browser, operating system, IP address and IP address location (city, state or city, country). You can also preview what email that user received by clicking the small envelope icon to the right of each user.
5) Replied: A list of all users who replied to a phishing email in a campaign, if you elected to track these replies. You can also preview the reply they sent (if you chose to "keep reply content" on the campaign) by clicking the arrow to the right of the user. The small envelope icon to the right of each user will display the original phishing template they received. For more information about reply-to phishing campaigns, click here.
6) Attachment Open: If you've sent a simulated phishing email with an attachment on it, any users who opened the attachment will be shown on this list.
7) Macro Enabled: If you've sent a simulated phishing email with an attachment on it which also contains a macro, any users who enable that macro will be shown on this list.
8) Data Entered: If your user is sent to a landing page which entices them to enter information (such as our built-in "Phishing for Sensitive Information" landing pages), you will see who entered their information based on this list.
9) Vulnerable Plugins: For users who fail your phishing test, we will do a scan to see what extensions, apps, or plugins they are using with their browser. We then compare what we found to a database of extensions and plugins which contain known exploits. If users are present on this list, it means we found vulnerable or potentially vulnerable plugins. You can click the plug next to the affected user to view which plugins were deemed to be vulnerable. For more information about our vulnerable plugins scan, please click here.
10) Exploited: If you added our EZXploit feature to your Phishing campaign, users who were exploited will be on this list, and the information you chose to harvest about those users would be available by clicking the red "cherry bomb" icon next to that user.
11) Reported: Any users who successfully reported this phishing test using the Phish Alert Button will be listed here.
12) Bounced: If our simulated phishing test was not able to deliver to your mail server, it will bounce. If it bounces, the email address and the reason for the bounce will be listed here.
All information on this detailed report can be downloaded to a .csv file automatically from within the console.