How we track phishing simulations

Find out how SMPhish tracks the open, click and compromise rates of your simulated phishing campaigns.


Here's how we collect statistics from the SMPhish simulations you send out.

How are the opens of phishing simulations tracked?

We track the opens of phishing simulations using a tracking pixel in the email. This is the industry-standard way of tracking the opening of emails.

Note: If users have images set to not load automatically in their email client, the tracking pixel can sometimes fail to load. If you suspect some opens are not being recorded, this is likely to be the cause. However, we also infer opens backward from clicks, so this will not usually result in a major discrepancy in data.


How are clicks of phishing simulations tracked?

Clicks of phishing simulations are tracked by visits to the landing page itself. When a user arrives on the landing page, a click is also inferred automatically.


How are the compromises of phishing simulations tracked?

Compromises are tracked differently for each phishing simulation attack type.


Landing page attack type

These are phishing simulations that only have a link to a landing page and no attachment.

  • Open is triggered when users open emails
  • Visit is triggered when users visit the URL of the landing page
  • Compromise is triggered based on user actions on the landing page - which usually involves the user inputting details and then clicking a button that will activate the compromise.

Attachment open attack type

These are phishing simulations that have an attachment and no link to a landing page.

  • Open is tracked when users open emails
  • Visit is tracked when users open the attachment in preview mode
  • Compromise is triggered when the attachment in the email is opened in edit mode

For these simulations, a compromise message is not displayed, but a compromise is still recorded.


Attachment + Landing page attack type

These are phishing simulations that have an attachment that contains a link to a landing page.

  • Open is triggered when users open emails
  • Visit is triggered when users visit the URL of the landing page or when the attachment in the email is opened in edit mode.
  • Compromise is triggered when the user inserts their credentials on the landing page after clicking on the URL found in the attachment.

Note: Opening a file in Protected View blocks visit and compromise events. They will only be tracked when Enable Editing has been pressed.


What does SiberMate do with the information that users submit in phishing simulations?

For security reasons, we do not collect or store any information that users submit on phishing landing pages.


My simulations are showing false positives. What could be the cause?

If your simulation is showing false positives, it may be due to an anti-spam or email monitoring software set up for your end users. These may open the email and landing page and create a false positive. Please review what email monitoring software you are using to find a potential solution.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.