Troubleshooting Guide: Phishing Campaign Report Not Recording Opened Emails

This guide aims to help you understand why the "Open" numbers may differ between the PDF/Dashboard and the CSV Report.

PROBLEM: Recipients in Phishing Campaigns are recorded in CSV Reports as having "Clicked" and/or "Shared", but not "Opened".

POSSIBLE CAUSE: Our phishing simulator tracks “opened” emails using embedded images. If a user's email client does not autoload images, our platform will not register it as “Opened” in the CSV data file.

Understanding Auto-loading Images:

It's important to note that in some cases, email clients may not automatically load images, affecting the "Opened" status in the CSV report.

Dashboard UI and PDF Report:

Our dashboard UI will auto-register (assume) the “opened” status as “Open” if the user has gone on to click/share. This is reflected on the campaign dashboard and in the PDF Report (pulled from the dashboard) but unfortunately not in the CSV Report.

Difference in Reporting:

The "Open" number on the PDF Report and Dashboard may be different from the "Open" number in the CSV Report due to this discrepancy.

NOTE: The simulation will still register links that have been clicked and data submitted, even if an image wasn’t auto-loaded. This will therefore have no impact on your campaign's Phishing Rate.

Troubleshooting steps:

1. Future Campaigns consider the following:

Some mail clients will block images by default. They may display a button on the email that says something like "Click here to download pictures". The user may be asked if they'd like to load the downloaded images.
To allow the automatic downloading of images, try adding the sender address to a safe senders list.
To use Group Policy to set up the safe senders list in Outlook, please read the following article by Microsoft: Microsoft Article Link

2. Educate Users:

Inform users about the importance of allowing images to load automatically to ensure accurate tracking of email interactions.