Troubleshooting Guide: Phishing Campaign Report Not Recording Opened Emails
This guide aims to help you understand why the "Open" numbers may differ between the PDF/Dashboard and the CSV Report.
PROBLEM: Recipients in Phishing Campaigns are recorded in CSV Reports as having "Clicked" and/or "Shared", but not "Opened".
POSSIBLE CAUSE: Our phishing simulator tracks “opened” emails using embedded images. If a user's email client does not autoload images, our platform will not register it as “Opened” in the CSV data file.
- Understanding Auto-loading Images:
- It's important to note that in some cases, email clients may not automatically load images, affecting the "Opened" status in the CSV report.
- Dashboard UI and PDF Report:
- Our dashboard UI will auto-register (assume) the “opened” status as “Open” if the user has gone on to click/share. This is reflected on the campaign dashboard and in the PDF Report (pulled from the dashboard) but unfortunately not in the CSV Report.
- Difference in Reporting:
- The "Open" number on the PDF Report and Dashboard may be different from the "Open" number in the CSV Report due to this discrepancy.
NOTE: The simulation will still register links that have been clicked and data submitted, even if an image wasn’t auto-loaded. This will therefore have no impact on your campaign's Phishing Rate.
Troubleshooting steps:
1. Future Campaigns consider the following:
- Some mail clients will block images by default. They may display a button on the email that says something like "Click here to download pictures". The user may be asked if they'd like to load the downloaded images.
- To allow the automatic downloading of images, try adding the sender address to a safe senders list.
- To use Group Policy to set up the safe senders list in Outlook, please read the following article by Microsoft: Microsoft Article Link
2. Educate Users:
- Inform users about the importance of allowing images to load automatically to ensure accurate tracking of email interactions.