The inbox displays only the specific simulated phishing emails that the individual user has received as part of their security awareness training; it is not a collective list of all organisational simulations. To maintain the integrity of active tests, these emails only become available in the user's list after the campaign concludes, or after the user has interacted with or reported the email. By understanding this personalised interface, Admins can more effectively support their users and manage expectations during training cycles.
- How to Set Up the End-User Inbox
- User Inbox Admin Settings
- Where to Locate the End-User Inbox
- Different Phishing Failures Within The Inbox
- Utilising the AI Assistant
How to Set Up the End-User Inbox
Before recipients can access their personal inbox, an Admin must enable the feature at the organisation level. This can only be performed within an Admin account.
In the Admin portal, navigate to the left-hand menu. Under Setup, click Organisation and then select Settings.
Locate and click the User Inbox section.
Select the checkbox labelled "Enable End-User Inbox".
After clicking Save, the feature will be live for all end-users.
User Inbox Admin Settings
- Admins can customise how "locked" emails (those part of an active, uninteracted campaign) appear to the user. You have two primary visibility options:
- Hide locked emails completely: These emails remain invisible until a trigger condition is met. Users will not know a phishing simulation has been scheduled or received.
- Show locked emails blurred: Emails which are still locked are shown within the Inbox email list, but blurred so that end-users are unable to view the content that they have yet to interact with, or that is scheduled.
- Unlock when the phishing campaign has ended: Emails are revealed only after the linked phishing campaign has officially concluded. Once the campaign finishes, the simulated email will automatically appear in the user's Inbox.
- Unlock when the user has interacted with the email: The email is unlocked immediately after the recipient interacts with the simulation. For example, as soon as a user clicks a link within the simulated phishing email, that specific email becomes visible in their Inbox.
- Unlock when the user has reported the email: The email appears in the Inbox as soon as the user successfully reports the simulation via the organisation's reporting tool.
Where to Locate the End-User Inbox
After an end-user logs in, in the left-hand menu under Simulated Phishing, they can click Emails.
Once selected, end-users will be brought to their inbox, where they are able to view previous simulated phishing emails, their failure type for each email (if interacted), the from address for each email, and the date on which the email was received.
Different Phishing Failures Within The Inbox
When looking at the emails located within the end-user inbox, they are able to view the failure type which they had for specific emails. The following are presented:
No Action: The end-user did not interact with this email.
Clicked Link: The end-user had clicked a link within the email.
Entered Details: The end-user entered personal details within the email through a link.
Opened Attachment: The end-user had opened an attachment within the email.
Reported: The end-user had successfully reported the simulated phishing email.
Utilising the AI Assistant
When an email is selected within the end-user inbox, a button located at the top right of the page "Ask AI For Advice About This Email" will be presented.
When the button has been pressed, the simulated phishing email is reviewed by our AI tool. It will then provide you with a description of the phishing email, the failure type within the email (if any), and advice on what to look for when you next receive a similar email to be able to tell if it is a phishing email.
Please let us know if you require any further assistance, you can contact our support team by clicking here. Or by sending an email to support@phishingtackle.com