PhishSim Events
PhishSim campaigns will have results related to the interactions with phishing emails that are sent to learners. Below is a list of all different events that are tracked in the platform and what will trigger that result in campaign details or reporting.
| EVENT | DEFINITION |
|---|---|
| Avoided | If the learner clicks “Report Phishing”, “Report Spam” or “click here” in the footer of the Phishing Simulation email. (Legacy. The footer has been deprecated.) |
| Completed Education | This indicates that not only has the learner started watching the educational asset associated with the phishing attack but have completed watching this. Some training assets are only a single page which means by going to the page they were directed to the learner has viewed all one of the one slides of the training. This will also show complete if you are using a blind education or any external page as a training asset. |
| Delivered | A delivered event is shown in the campaign details when the receiving email server sends a confirmation back to Infosec IQ. Receiving email servers may not necessarily send a confirmation and a lack of delivered event doesn’t necessarily mean the email wasn’t received. |
| Emails Bounced | The email could not be delivered and our sending server received a bounced response. |
| Enabled Macros | Learner downloaded and opened the attachment then enabled macros. (Legacy. Macros are no longer present in attachments.) |
| Fast Click | A phishing related event occurred within the specified fast click threshold time. |
| Opened | Infosec IQ utilizes a unique 1x1 tracking image in the email learners receive. If that tracking image is downloaded, then it reports back to us that the learner opened the phishing email. Emails that are viewed in the reading pane of Outlook may not have this image downloaded and so may not register as an opened event. |
| Opened Attachment | Learner downloaded and opened the attachment. |
| Phished | If the learner clicks the unique phishing link in the body of the email they will be taken to the expected URL and it will report back to Infosec IQ that the learner accessed that specific URL and indicate the user has been Phished. |
| Phished and Entered Data | Learner has entered information into the simulated Data Entry page. |
| PhishNotify Reported | Learner reported the phishing simulation using the PhishNotify add-in. |
| Replied | Learner replied to email message. This will also be counted as a phished event. |
| Replied Match Reg Ex | Learner replied to the email and the reply matched an expression or string defined in the campaign. |
| Started Education | When a learner is “phished” there will be a training asset that will provide information to help them avoid future phishing emails. If the learner begins watching the training video it will show they have started watching that training. |