Awareness Training - Phishing Campaign Analytics

Updated

This article describes how to access the analytics collected by a Mimecast Awareness Training Phishing Campaign.

Metrics for Test Campaigns are not included in Phishing Campaign analytics.

Introduction

Once a Phishing Campaign is active (i.e. the start date has been reached) statistical data is collected on each user's participation.

Phishing Campaign Analytics

You can access the Phishing Campaign Analytics, by using the following steps:

  1. Log on to Mimecast Awareness Training.
  2. Select Phishing Training | Campaigns.
  3. Click on the Campaign Name to display analytics for the Phishing Campaign:
  •  
    • The Recipient Status pie chart displays the current aggregated statuses for the Phishing Campaign, namely what percentage of the total users sent the phishing campaign have clicked, opened, submitted and reported.
    • The Clicked Status (All Campaigns) bar chart displays the click rate (%) of the current Phishing Campaign, versus all other phishing campaigns sent.
    • The Search Table allows you to search and filter the Campaign Analytics Details Table by name, email address or department.

  •  

    • If you add Custom Attribute columns, these will be added as additional searchable fields.

    • The Campaign Analytics Details Table contains the user-level analytics related to the phishing campaign.

    • You can edit the columns displayed in the table by clicking on the cog icon image.png  and using the checkboxes to show or hide the columns.

      Custom Attribute columns added will become searchable fields in the Search Table.

  •  

    • You can apply Status filters using checkboxes to show or hide the statuses (Sent, Opened, Submitted, Clicked, Reported).

    • The Campaign Analytics Details Table contains the following information about each user participating in the Phishing Campaign:
Field / Option Description
Name Displays the user's name.
Email Address Displays the user's email address.
Department Displays the user's department.
Status Indicates the end-state related to this Phishing Campaign. Possible status options are:
  • Sent: The user has received the phishing campaign but has not opened the message.
  • Opened: The user has opened the message but has not clicked on the phishing campaign link.

This status is based on a tracking pixel. If you are blocking images, you will not receive an opened status.

  • Clicked: The user has opened the message and clicked on the phishing campaign link.
  • Submitted: The user opened the message, clicked on the phishing campaign link, and submitted their information.
  • Reported: The user has received the phishing campaign, either opens or does not open it, and reports the phishing email.
    • ScheduledWith the new staggered release of phishing campaigns, this status shows users who have not yet received the simulation
  • Error: The phishing campaign could not be sent to the user. This is usually due to the user not having an Outlook license.

External interactions can potentially impact phishing campaign tracking. If a Support Engineer copies a phishing campaign email into a ticket and clicks the link, it may register as a click for the original intended recipient. This occurs because tracking links are uniquely tied to the original recipient's account.
Status will always display the riskiest behavior / end state.

  • If a user clicks on a link in the Phishing Campaign Email, then subsequently reports the Phishing Email, [Status] will show Clicked as this is the riskiest behavior.
  • If a user clicks on a link in the Phishing Campaign Email, then subsequently submits the Phishing Campaign Form, [Status] will show Submitted as this is the riskiest behavior.
  • If a user clicks on a link in the Phishing Campaign Email, then subsequently submits the Phishing Campaign Form, then reports the Phishing Email, [Status] will show Submitted as this is the riskiest behavior.
  • If the user opens the Phishing Campaign Email, does not click on the link, and reports the Phishing Email, [Status] will show Reported.
Reaction Time(s) This is the number of seconds taken between opening a Phishing Campaign Email (and downloading the images or the images auto-download) and clicking on the link in the Phishing Campaign Email.

If Reaction Time is blank but Click Time displays, this is related to the organization's email service not being configured to auto-download images, and if a user does not download the images either, we cannot identify if the email is opened, therefore, we do not calculate a Reaction time, we can only capture the Clicked Time.

Times Clicked Displays the number of Phishing Campaigns the user has received and the number of times the user has clicked on a Phishing Campaign's link. For example, if the column shows "1/3", the user has received three phishing campaigns but only clicked on the link in one.
Clicked Time Displays the date stamp and time when a user clicked on the Phishing Campaign Email link.

We do not record the time a user submitted a Phishing Campaign Form, or the time a user Reported a Phishing Email.

Training Results This column shows how much phishing category video training (both modules & campaigns) has been assigned to the user, how many quiz questions were answered correctly and incorrectly.

  Training Results 

Hover over the bar for more information:
  • Phishing Trainings Sent: Number of phishing category video training modules and campaigns assigned to the user.
  • Correct Responses: Number of correct answers for phishing category video training modules and campaigns.
  • Incorrect Reponses: Number of incorrect answers for phishing category video training modules and campaigns.
  • No Assignments: means no phishing category video training modules and campaigns have been assigned to the user.
Custom Fields If custom fields have been added, these can also be displayed. See Configuring Custom Attributes.

Exporting Campaign Analytics

You can export the user data from any Phishing Campaign to an XLSX file, complete with any custom fields added to the user record, by using the following steps.

  1. Log on to Mimecast Awareness Training.
  2. Select Phishing Training | Campaigns.
  3. Click on the Campaign Name.
  4. To export the Phishing Campaign's analytics, click on Export Data. to download the created file to your browser's download location

If you have applied filters to the table, only the filtered data will be exported.

Scanned Data Field for QR Template

This feature improves data tracking by capturing both QR code scans and link clicks. The new "Times Scanned" field shows user interactions with QR codes, distinguishing between scans and clicks. This data appears in phishing reports and exports.

Creating a Group

You can create a Group from the Phishing Campaign's analytics, by using the following steps:

  1. Log on to Mimecast Awareness Training.
  2. Select Phishing Training | Campaigns.
  3. Click on the Campaign Name.
  4. Select the Users to be added to the group.
  5. Click on the Create Groups button.
  6. Enter a group name.
  7. Click on the Create Group button. Once created, the Group is available from your Settings.

Related to

Was this article helpful?
0 out of 1 found this helpful

Comments

2 comments
Date Votes
  • Avatar
    Dominguez, Javier

    We see a “Times Scanned” column in reports.  Can this documentation be updated to explain the “Times Scanned” column?

    0
  • Avatar
    Admin - LI

    Hi Dominguez

    Thank you for your comment. I can confirm that the this is shown as “Times Scanned” in Reporting. I hope this was helpful. If your issue is more urgent and/or you wish to open a new Support case, please do so here.

    0

Please sign in to leave a comment.