In this article, you will learn the meanings of each status in a phishing campaign and how to activate the phishing report button.
When an admin creates a phishing campaign for all users or departments, they can access a list of existing campaigns.
Every Phishing campaign has statuses: SENT, OPENED, CLICK PHISH, CRED PHISH, and REPORTED.
When users start receiving phishing emails, open them, click on phishing links, and enter their credentials, the phishing campaign statuses change.
SENT Status: The user has received a phishing email
The user receives an email from an active phishing campaign in the inbox:
The percentage displayed shows how many emails were sent in total during the campaign.
By clicking on any status button OPENED (here and further the percent and number will be shown as an example), or by hovering over it with a mouse, the admin can check the emails of users who have already received phishing emails, as well as the total number of emails sent. To sort them, click on the arrow.
For example, 3% of emails were Sent (Emails sent: 1/35), and one user from the IT department received a phishing email.
OPENED Status: The user has opened a phishing email
The campaign status board 'Opened' reflects the percentage of users who opened a phishing email.
By clicking on the status button OPENED (Emails Opened: 1/35) and, clicking on it, the admin can check the emails of users who have already opened phishing emails. To sort them, please, click on the arrow .
If the simulation phishing email was forwarded by the user, the report will show two events: Sent and Opened. Forwarding the email is not defined as a click. However, if the link from the forwarded email was opened (even by another recipient), it will be registered as Clicked.
CLICK PHISH Status: The user has clicked on a phishing link or attachment and has been forwarded to a landing page "YOU GOT PHISHED".
By clicking on the status button (Phishing Link Clicked: 1/35) the admin can check the emails of users who have already clicked on the phishing link or attachment. To sort them, please, click on the arrow .
The phished users can find information on how to detect phishing on this page.
These users are marked as vulnerable. More information about the most vulnerable users can be found here.
How to manage false opened and clicked statuses
1. If you're using Office365, please follow this article to disable link preview and allow image downloading for tracking open events.
2. If you are experiencing an issue with Google, we suggest checking if your Google moderation is turned off. Please find more information on this in the article from Google support.
CRED PHISH Status: The user has been forwarded to a familiar landing page with a credential form, and entered their email and password.
NOTE: The CRED PHISH status is available only for the 3-step phishing templates, when after clicking the phishing link a user is asked to enter their credentials and submit the form. In this case in the report there will be Clicked and Phished Statuses. The 2-step templates and custom templates do not have the form submission, so when the user clicks on the phishing link, they got phished by clicking on the link, not by entering their credentials. In this case, the report will show Clicked Status.
By clicking on the status button CRED PHISH (Data Submitted: 1/35) the admin can check the emails of users who have submitted their credentials and have got phished (were transferred to the "Got Phished" page. To sort them, please, click on the arrow .
REPORTED Status: The phishing report button has been activated, and a user has reported the phishing email.
To activate the phishing report button, please follow the guides below:
- How to Get the Report Phishing Extension for Google Workspace
- How to Get the Report Phishing Extension for Office 365
Please, reach out to our support team at email@example.com for more details.