Read this tutorial to learn about monitoring phishing campaigns, or watch our Monitoring Phishing Campaigns video.
Monitoring Individual Phishing Campaigns
While under your Phishing tab, you can click on the Campaigns tab to take you to a list of your active phishing campaigns.
Clicking on an individual campaign title will take you to the campaign overview screen for that specific campaign, where you can monitor that campaign and obtain reports.
If you see an icon that says Managed next to your campaign, that means that the phishing campaign was created by your account's managed service provider. Changes to this campaign will break the link between this campaign and the parent managed phishing campaign. If the campaign has editing disabled, there will be a lock icon next to the managed icon (click to view).
Campaign Monitoring screen
One-time Phishing Test
If the campaign was a one-time test, you will see an overview of your phish-prone percentage, clicks in the first eight hours, clicks by day, as well as other information such as the location of where the click came from.
You can also download a list of any phishing test failures by clicking the green Download Failures link on the top right of the overview page.
Overview of One-Time Phishing Test
To see detailed results of who failed your phishing test, click the Users tab beneath that individual campaign. Jump to section: Detailed Results on Users Who Failed
Maps: Where are my Clickers Located?
On any individual phishing campaign screen, you will see a map of exactly where your phishing test failures occurred. This map is generated by geolocating the IP addresses that our system receives upon a phishing test failure. Typically, this will be where your users are physically located. This map is located towards the bottom of the Overview screen.
You can hover over any area of activity on your map to view both the IP address and the number of failures located in that area.
If your phishing test failures only occur in one country, you will see that individual country map only. An example for clickers who are only based in the United States is shown below:
Ongoing or Recurring Phishing Tests
If the campaign was a recurring campaign, running on an ongoing basis, you can see the Phish-prone Percentage over the course of the campaign, as well as the top 50 users that clicked on phishing links over the campaign’s duration.
Overview of Recurring Phishing Test
On recurrent campaigns, you can click on Phishing Security Tests to see a list of all the tests that have run as part of that campaign. You can drill down further and see test-specific information by clicking on each test.
List of Phishing Tests in an Ongoing Campaign
Click on any individual campaign to view that particular campaign's overview screen and results. You can click on the Users tab beneath that campaign to view detailed results on users who failed your phishing test. Jump to section: Detailed Results on Users Who Failed
Detailed Results: Who Failed Your Phishing Test?
The Users tab beneath any individual phishing campaign will show exactly who failed your phishing test. Failures that we track in our console include clicking on links, opening attachments, enabling macros on attachments, or entering data on a landing page. If you've installed our Phish Alert Button, we'll also let you know who reported the email as a phishing email.
If you need to remove a phishing test failure, see this article for more information.
1) Recipients: A list of all users who will receive a simulated phishing email in this campaign.
2) Delivered: When the email is delivered to your mail server.
3) Opened: When a user opens a simulated phishing email, this is recorded using a small tracking image automatically placed in each email. When the image loads, we are able to track the open in our system. We will automatically record a simulated phishing email as "opened" when the user fails your phishing test by clicking a link or opening an attachment.
This tracking image can be removed from all phishing tests in your Account Settings if desired.
Email opens are not considered to be phishing test failures and do not contribute to a user's Phish-prone Percentage calculation.
4) Clicked: A list of all clickers in a campaign, including the date and time they clicked, as well as their browser, operating system, IP address and IP address location (city, state or city, country). You can also preview what email that user received by clicking the small envelope icon to the right of each user. Only the last click will be shown here.
5) Replied: A list of all users who replied to a phishing email in a campaign, if you elected to track these replies. You can also preview the reply they sent (if you chose to "keep reply content" on the campaign) by clicking the arrow to the right of the user. The small envelope icon to the right of each user will display the original phishing template they received. For more information about reply-to phishing campaigns, click here.
6) Attachment Open: If you've sent a simulated phishing email with an attachment on it, any users who opened the attachment will be shown on this list.
7) Macro Enabled: If you've sent a simulated phishing email with an attachment on it which also contains a macro, any users who enable that macro will be shown on this list.
8) Data Entered: If your user is sent to a landing page which entices them to enter information (such as our built-in "Phishing for Sensitive Information" landing pages), you will see who entered their information based on this list.
9) Vulnerable Plugins: The Vulnerable Plugins scan is a retired feature that indicated when a user had a browser extension or plugin that contained a known exploit. If a past campaign used this feature, the results will still display here for historical purposes.
10) Reported: Any users who successfully reported this phishing test using the Phish Alert Button will be listed here.
11) Bounced: If our simulated phishing test was not able to deliver to your mail server, it will bounce. If it bounces, the email address and the reason for the bounce will be listed here.
All information on this detailed report can be downloaded to a .csv file automatically from within the console.