Guide: CSV Reports for Phishing Campaigns


CSV Reports outline raw user data from a phishing campaign. The CSV details all learner performance and interactions with the simulated phishing emails. Understanding the data in phishing campaign reports will make identifying your user risk that much easier. When analysing your CSV report, you can opt to easily filter the data to showcase specifics. This allows you to pinpoint certain results - for example: which learners need additional training, which departments may be more susceptible to phishing attacks, and how effective current training programs are. Use this quick guide on how to read your CSV Report data:

What Each Column in the CSV Report Represents:

  • Campaign: The name of the phishing campaign.
  • Firstname: The first name of the learner.
  • Lastname: The last name of the learner.
  • Department: The department with which the learner is grouped within.
  • Email: Indicates whether the learner received the phishing email (TRUE or FALSE).
  • Open: Indicates whether the learner opened the phishing email (TRUE or FALSE).
  • Click: Indicates whether the learner clicked on a link or an attachment within the phishing email (TRUE or FALSE).
  • Shared: Indicates whether the learner shared information by entering data into a landing page within the phishing email (TRUE or FALSE).
  • Training: Indicates whether the learner completed the just-in-time training (TRUE or FALSE).
  • Reported: Indicates whether the learner reported the phishing email (TRUE or FALSE).

User Case

Leaner 1: Abby Hall (Technical)

  • Received the email: TRUE
  • Opened the email: TRUE
  • Clicked the link: TRUE
  • Shared information: FALSE
  • Completed the training: TRUE
  • Did not report the phishing email: FALSE

Interpretation: Abby from Technical engaged with the phishing email by opening and clicking on the link - indicating susceptibility to phishing attacks. However, she completed the just-in-time training deployed to you once she had failed the phish. This behaviour shows a proactive approach to improving her awareness. She did not report the email, which highlights a potential area for improvement in recognising and reporting phishing attempts.

Learner 2: John White (Sales)

  • Received the email: TRUE
  • Opened the email: TRUE
  • Clicked the link: FALSE
  • Shared the email: FALSE
  • Completed the training: FALSE
  • Reported the phishing email: TRUE

Interpretation: John from Sales opened the phishing email but did not click on the link - suggesting some level of caution. Because he did not click on the link, no remedial training was deployed to him. However, he did report the phishing email, showing great secure behaviour, awareness and response to potential phishing threats.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us