Skip to main content
How we track phishing simulations

Find out how uPhish tracks the open, click and compromise rates of your simulated phishing campaigns.

Micke Ahola avatar
Written by Micke Ahola
Updated over 4 months ago

Here's how we collect statistics from the uPhish simulations you send out.

How are the opens of phishing simulations tracked?

We track the opens of phishing simulations using a tracking pixel in the email. This is the industry-standard way of tracking the opening of emails.

Note: If users have images set to not load automatically in their email client, the tracking pixel can sometimes fail to load. If you suspect some opens are not being recorded, this is likely to be the cause. However, we also infer opens backwards from clicks, so this will not usually result in a major discrepancy in data.

How are clicks of phishing simulations tracked?

Clicks of phishing simulations are tracked by visits to the landing page itself. When a user arrives on the landing page, a click is also inferred automatically.

How are the compromises of phishing simulations tracked?

Compromises are tracked differently for each phishing simulation attack type.

Landing page attack type

These are phishing simulations that only have a link to a landing page and no attachment. Compromises are tracked based on user actions on the landing page - which usually involves the user inputting details and then clicking a button which will activate the compromise.

Attachment open attack type

For phishing simulations that have an attachment and no link to a landing page, a compromise is triggered when the attachment in the email is opened.

For "attachment open" simulations, a compromise message is not displayed, but a compromise is still recorded.

Attachment + Landing page attack type

These are phishing simulations that have an attachment which contains a link to a landing page. A compromise is triggered when the user inserts their credentials on the landing page after clicking on the URL found in the attachment.

Note: Opening a file in Protected View blocks visit and compromise events. They will only be tracked when Enable Editing has been pressed.

What do you do with the information that users submit in phishing simulations?

For security reasons, we do not collect or store any information that users submit on phishing landing pages.

My simulations are showing false positives. What could be the cause?

If your simulation is showing false positives, it may be due to a anti-spam or email monitoring software set up for your end users. These may open the email and landing page and create a false positive. Please review what email monitoring software you are using to find a potential solution.

Next steps

Did this answer your question?