Skip to main content

Reporting - Introduction

Sebastian Salla
Updated

This introduction will take you through the full functionality available with CanIPhish Reporting.

1. What reporting information is available?

Primary Dashboards

The Phishing, Training, and Voice Phishing dashboards (available to Enterprise customers) provide a rolling 12-month view of high-level performance across your organisation. Each dashboard tracks aggregate metrics such as emails delivered, viewed, and reported, clicks on phishing links or attachments, training completions, voice call interactions, and the number of users compromised.

This data gives you a clear, at-a-glance understanding of how your organisation is tracking over time. By comparing month-on-month trends, you can measure risk reduction, spot problem areas early, and confidently report progress to executive stakeholders.

Campaign Reporting

Campaign reporting provides you with a real-time view on how your active phishing campaigns are tracking. Using this view you can see:

  • Campaign Name: The name given to the campaign.
  • Status: A campaign can be in one of three states:
    • Finished: The campaign has completed. Email delivery to all targets has been attempted or cancelled before completion.
    • In Progress: The campaign is scheduled and email delivery has not yet completed.
    • Pending: The campaign has been created but is not yet scheduled.
  • Scheduled Date: The date-range in which campaign emails will be delivered (e.g. Monday - Friday).
  • Emails Delivered: The total number of emails that have been sent (Informational Only)
  • Emails Viewed: The total number of emails that have been viewed (Informational Only)
  • Replies Received: The total number of employees that have sent a reply back to the sender
  • Payload Interactions The total number of phishing links/attachments that have been interacted with
  • Employees Compromised: The total number of targets compromised. Either by entering sensitive information into a phishing website or opening a payload on their endpoint.

Active Campaign Reporting

Historic Campaign Reporting

 

2. Viewing Campaign Statistics

The status of a phishing campaign can be viewed by clicking the 'View Campaign' hyperlinks within the 'Campaign Name' table column. Viewing a campaign provides you with all necessary information as to who has been targetted to-date and whether emails have been successfully delivered.

If email delivery has been successful, you then get a full picture on the overall success of the phishing material delivered - with indicators around who has viewed an email, clicked the relevant link and/or been compromised by either entering their credentials in a phishing website, responding to an email or executing a potentially malicious file.

Viewing a campaign, provides you with the following information and reporting capabilities:

Campaign Statistics:

  • Email Address: The email address targeted
  • Email Delivered: This indicates if the email was successfully sent. Email delivery is either "Success" or "Failure".
  • Email Viewed: The "Yes" or "No" status of whether the phishing email was viewed/opened.
  • Reply Received: The "Yes" or "No" status of whether the phishing email was replied to.
  • Payload Interaction: The "Yes" or "No" status of whether the employee interacted with the phishing payload.
  • Employee Compromised: The "Yes" or "No" status of whether the employee entered data into a phishing website, opened an attachment, or provided sensitive information over email.
  • Email Reported: The "Yes" or "No" status of whether the employee reported the email.
  • Actions: Additional actions that can be taken on an individual level
    • False Positive: Mark as false positive. More information on how to mitigate false positives can be found here.
    • Manual Report: Marks the email as reported if the employee reported the email to the IT or Security Team.
    • Remove: Removes employee from the campaign.
    • Resend Email: If the email was not delivered, resend manually.

Configure Columns (Supplementary Phishing Information):

These columns provide you with supplementary information about the campaign. For example, viewing the interaction evidence to determine the IP address of the click associated with the click event.

  • Delivery Date: The date the email was delivered
  • View Date: The date the email was viewed
  • Reply Date: The date a reply was sent to the email
  • Reply Evidence: Evidence showing that a reply was sent, including a transcript of the conversation
  • Interaction Date: The date of any interaction with the email (e.g., clicking a link)
  • Interaction Evidence: Evidence showing interaction with the email, including location, IP, and ISP details
  • Compromise Date: The date of the compromise event
  • Compromise Evidence: Evidence showing the compromise event, including location, IP, and ISP details
  • Report Date: The date the email was reported as a phish
  • Sender Profile: Information about the sender profile used for the phishing email
  • Email Template: The template used for the phishing email
  • Payload: The attack type of the email (Attachment, Information Request, or Website)
  • Actions: Additional actions that can be taken on an individual level

Reporting:

  • Print: Print the campaign statistics in a table format.
  • PDF: Display the campaign statistics in a PDF with table formatting.
  • Excel: Download the campaign statistics as an Excel document.
  • CSV: Download the campaign statistics as a CSV document.
  • Copy: Copy the campaign statistics to the clipboard in tabular format.

Frequently Asked Questions

Why isn't email delivery tracking always accurate?

The "Email Delivered" status indicates whether the email was successfully sent from our servers or through your chosen sending method. It confirms that the message was dispatched, but not necessarily that it landed in the recipient’s inbox.

If allow listing is not correctly configured, especially in environments with strict filtering or quarantine policies, emails may be blocked or silently dropped after being sent. This means a campaign email can show as “delivered” even though it never reached the user’s mailbox. Because of this, the delivery status should be treated as a confirmation of sending, not of inbox placement.

Why isn't email view tracking accurate?

Email view tracking is performed through use of tracking pixels (images) that are embedded into each simulated phishing email. When a user views an email and downloads/views the images within it, our servers are contacted and notify us of the view event. The issue is that some email clients (e.g. Outlook) don't download images by default for external senders. Because of this, if a user views an email but doesn't download/view the images within it, we won't be notified of the view event. Because of this, the email view statistic isn't 100% accurate, and should only ever be treated as informational in nature.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk