Reporting - Introduction

This introduction will take you through the full functionality available with CanIPhish Reporting.

1. What reporting information is available?

Phishing Success Dashboard

The phishing success dashboard provides a rolling 12-month window showing the aggregate success of all phishing campaigns. This includes emails sent, emails viewed, phishing links/attachments clicked and targets compromised.

This information is designed to provide you with a single-pane of glass view on how your organisation is tracking with month-on-month click rates, ultimately equipping you with the information to show the gradual security risk reduction to your executive stakeholders.

Campaign Reporting

Campaign reporting provides you with a real-time view on how your active phishing campaigns are tracking. Using this view you can see:

• Campaign Name: The name given to the campaign.
• Status: A campaign can be in one of three states:
  • Finished: The campaign has completed. Email delivery to all targets has been attempted or cancelled before completion.
  • In Progress: The campaign is scheduled and email delivery has not yet completed.
  • Pending: The campaign has been created but is not yet scheduled.
• Scheduled Date: The date-range in which campaign emails will be delivered (e.g. Monday - Friday).
• Emails Delivered: The total number of emails that have been successfully delivered
• Emails Viewed: The total number of emails that have been viewed (Informational Only)
• Replies Received: The total number of employees that have sent a reply back to the sender
• Payload Interactions The total number of phishing links/attachments that have been interacted with
• Employees Compromised: The total number of targets compromised. Either by entering sensitive information into a phishing website or opening a payload on their endpoint.

Active Campaign Reporting

Historic Campaign Reporting

2. Viewing Campaign Statistics

The status of a phishing campaign can be viewed by clicking the 'View Campaign' hyperlinks within the 'Campaign Name' table column. Viewing a campaign provides you with all necessary information as to who has been targetted to-date and whether emails have been successfully delivered.

If email delivery has been successful, you then get a full picture on the overall success of the phishing material delivered - with indicators around who has viewed an email, clicked the relevant link and/or been compromised by either entering their credentials in a phishing website, responding to an email or executing a potentially malicious file.

Viewing a campaign, provides you with the following information and reporting capabilities:

• Campaign Statistics:

  • Email Address: The email address targeted
  • Email Delivered: The status of email delivery. Email delivery is either "Success" or "Failure"
  • Email Viewed: The "Yes" or "No" status of whether the phishing email was viewed/opened.
  • Reply Received: The "Yes" or "No" status of whether the phishing email was replied to.
  • Payload Interaction: The "Yes" or "No" status of whether the employee interacted with the phishing payload.
  • Employee Compromised: The "Yes" or "No" status of whether the employee entered data into a phishing website, opened an attachment on their endpoint or provided sensitive information over email.
  • Email Reported: The "Yes" or "No" status of whether the employee reported the email.
  • Actions: Additional actions that be taken on an individual level
    • False Positive: Mark as false positive. More information on how to mitigate false positive can be found here
    • Manual Report: Marks the email as reported if the employee reported the email to the IT or Security Team.
    • Remove: Removes employee from the campaign
    • Resend Email: If the email was not delivered, resend manually

• Toggle Columns: 

  • Delivery Date: The date the email was delivered
  • View Date: The date the email was viewed
  • Reply Date: The date a reply was sent to the email
  • Reply Evidence: Evidence showing that a reply was sent that includes a transcript of the conversation
  • Interaction Date: The date of any interaction with the email (e.g., clicking a link)
  • Interaction Evidence: Evidence showing interaction with the email, including location, IP and ISP details
  • Compromise Date: The date of the compromise event
  • Compromise Evidence: Evidence showing the compromise event, including location, IP and ISP details
  • Report Date: The date the email was reported as a phish
  • Sender Profile: Information about the sender profile used for phishing email
  • Email Template: The template used for the phishing email
  • Payload: The attack type of the email (Attachment, Information Request or Website)
  • Actions: Additional actions that be taken on an individual level

• Reporting:

  • Print: Print the campaign statistics in a table format.
  • PDF: Display the campaign statistics in a PDF with table formating.
  • Excel: Downloads the campaign statistics in an Excel document.
  • CSV: Downloads the campaign statistics in a CSV document.
  • Copy: Copies the campaign statistics into the clipboard with tabular formating.

Frequently Asked Questions

Why isn't email view tracking accurate?

Email view tracking is performed through use of tracking pixels (images) that are embedded into each simulated phishing email. When a user views an email and downloads/views the images within it, our servers are contacted and notify us of the view event. The issue is that some email clients (e.g. Outlook) don't download images by default for external senders. Because of this, if a user views an email but doesn't download/view the images within it, we won't be notified of the view event. Because of this, the email view statistic isn't 100% accurate, and should only ever be treated as informational in nature.