Reviewing a Campaign
This article follows on from Creating a Phishing Campaign, if you are unsure of any details in this article, please read the linked one first to understand from where this information is derived.
During a Campaign's progress, or after it has finished you will want to know how the Recipients are responding to it so you can learn who requires more training and who poses the lowest/highest threat to your organisation's security.
From the Campaigns page (found by clicking "Campaigns" under the PHISHING heading on the main menu), you will see all your Campaigns, we have recently finished a Campaign and we would like to review the results.
In the image below we can see:
- How many emails have been delivered, all recorded "failures", the number of emails reported using the Phish Hook button, and how many emails have bounced with errors.
- To learn more, click the title of the Campaign.
- You can click directly on any of the doughnut charts to the right, but we want to get an overview of the entire Campaign.
The Campaign Actions page
From here we can see a more detailed look into the Campaign's results:
- All of the results to the right can be clicked for a more granular view of the Recipients involved.
- NOTE: For the "Opened Emails" counter to register, the recipient must have downloaded images within the email. Emails only viewed from the preview pane will not register as opened unless the user has the client set to download images automatically (not recommended).
- As the Campaign progresses, you can see the Click Prone % changing over time.
- This monitors how many recipients click on the Phishing Links within the first 24 hours of the Campaign.
- Here we see the Campaign's failure rate, broken down by each day.
- This is useful for seeing on which days Recipients are more susceptible to Phishing Attempts.
- This is useful for seeing on which days Recipients are more susceptible to Phishing Attempts.
- The world map gives us a quick overview of the location of all campaign failures.
- This is especially valuable when dealing with multiple office locations.
- NOTE: Click on any of the countries to see a list of all campaign failures occurring within it (Pictured below). This can be especially useful for spotting compromised mailboxes.
Viewing recipient actions
In some cases, you may wish to delve into further detail regarding the actions of a recipient during a simulated phishing campaign. Within the campaign actions page you can view a complete timeline of every recipients email interactions. This can be very useful for spotting automated responses (potential false-positives caused by incorrectly configured perimeter protection), and also for real human interaction from other locations, indicating potentially compromised mailboxes.
- From the Campaign Actions page (accessed by clicking the title of a campaign), click the "Total Recipients" doughnut chart.
- Find the recipient whose actions you wish to view, and click any of the RED number boxes to the right of their details.
- NOTES
- Clicking the green box will take you to the "Delivered Emails" page.
- Clicking on any red number will show you ALL failure results for that user, not just those from the column selected, this is done intentionally as seeing all actions in a timeline order makes it simpler to discover mailbox compromises.
- NOTES
- This will show you a timeline of all actions performed by this recipient within the selected campaign event.
That's all there is to it! Enjoy using the Phishing Tackle platform and if you have any questions please don't hesitate to contact our support desk who will be happy to help.