The new Phishing reports are designed to provide faster, more insightful, and consistent data, enabling you to better understand user behaviour, identify risks, and improve your phishing simulations. This guide will walk you through how to use the new Phishing reports effectively.
Accessing the new Phishing reports
Log in to your account.
Navigate to the Admin menu.
Select "Phishing Reports" under the Reports section.
If you don't see this option, ensure the feature flag for your account is enabled. Contact your administrator if required.
Key features of the new reports
The new Phishing reports are people-based rather than email-based, reflecting a shift towards understanding human behaviour. Key features include:
Overview page: View core metrics, such as the number of people who received, opened, clicked, or were phished. Identify trends over time with visual charts for phishing and reporting behaviours, and spot individuals with repeated high-risk behaviours.
Campaigns page: Explore metrics for specific phishing campaigns. View details such as the number of emails sent, actions taken by recipients (e.g., clicked, phished, reported), and overall campaign performance.
Groups page: Analyse phishing behaviours by user groups. View the number of phishing emails sent, group actions, and detailed group metrics.
People page: Access detailed metrics for individual users. See user-specific actions, group associations, and responses to phishing emails.
Activity log: A comprehensive log showing both user actions (e.g., clicks, reports) and delivery statuses (e.g., sent, bounced). Apply filters to focus on specific events, campaigns, groups, or date ranges.
How to use the new reports
Step 1: Analyse high-level metrics
Start on the Overview page to get a summary of key metrics. Look at:
How many people received phishing emails
How many people clicked, were phished, or reported phishing emails
Trends over time to identify patterns or spikes in risky behaviour
Step 2: Deep dive into campaigns
Go to the Campaigns page to assess the performance of specific phishing simulations. Examine:
Which campaigns had the highest phishing or reporting rates
The effectiveness of different phishing scenarios
Step 3: Assess group behaviour
On the Groups page, review how different groups within your organisation responded to phishing emails. Use this data to:
Identify high-risk groups that may need additional training
Compare group-level performance across different campaigns
Step 4: Review individual metrics
Navigate to the People page to drill down into individual user behaviour. This is useful for:
Identifying individuals with repeated risky behaviour
Providing targeted feedback or training to specific users
Step 5: Use the activity log
The Activity Log offers a detailed view of all actions and events. Use filters to:
Focus on specific time periods, campaigns, or user actions
Quickly identify and address delivery issues or anomalies
Best practices
Monitor trends regularly: Use the Overview page to track trends over time and identify when behaviours improve or worsen.
Target training efforts: Use data from the Groups and People pages to focus training resources where they're needed most.
Leverage reporting metrics: Encourage users to report phishing emails and use the data to highlight positive behaviours.
Compare campaign effectiveness: Use the Campaigns page to refine phishing scenarios and improve future simulations.
Frequently asked questions
What's the difference between email-based and people-based metrics?
Email-based metrics (the older approach) count individual emails—how many were sent, opened, or clicked. People-based metrics (the new approach) count unique individuals who performed actions—how many people received, opened, or clicked on phishing emails.
This shift aligns with human risk management by focusing on behaviour patterns of individuals rather than raw email statistics. For example, if one person clicks on 10 different phishing emails, people-based metrics would count this as 1 person exhibiting risky behaviour, whilst email-based metrics would count it as 10 separate clicks.
How can I see who fell for phishing AND reported it?
To identify users who both fell for phishing AND reported it:
Navigate to the People page in the Phishing reports
Use the filters to show people who were "Phished"
Then apply a second filter for people who "Reported"
The resulting list will show individuals who both fell for phishing and later reported it
This data is valuable for identifying users who recognise their mistakes and take appropriate action afterwards.
How can I see all non-reporters?
To identify users who didn't report phishing emails:
Go to the People page in the Phishing reports
Apply a filter for the relevant time period and campaigns
Click on the filter button and select "Reported" = "No"
The resulting list will show all users who received phishing emails but did not report them
This information helps identify users who may need additional training on the importance of reporting suspicious emails.
How do I identify people who clicked but didn't report?
To find users who clicked on phishing links but didn't report the emails:
Navigate to the People page
Apply a filter for "Clicked" = "Yes"
Add another filter for "Reported" = "No"
The resulting list will show all users who clicked on phishing links but failed to report the suspicious email
This group represents a high-risk segment that requires focused training on recognising and reporting phishing attempts.
How do I connect phishing reporting to our existing systems?
CybSafe can integrate with your existing security systems to streamline phishing reporting. For detailed instructions on setting up integrations with your email client or security tools, please refer to our Report Phish Button Integration Guide. This guide covers API connections, email forwarding options, and how to set up seamless reporting workflows that connect to your existing security infrastructure.
How do I provide instant feedback when users report simulations?
To provide automatic feedback when users report phishing simulations:
Set up a workflow using our RESPOND feature that triggers when a user reports a phishing simulation
Configure the feedback message or learning content to be delivered immediately
Customise the response based on the user's actions (e.g., different feedback for users who reported without clicking versus those who clicked first)
For detailed instructions on setting up these automated feedback workflows, please refer to our Workflows and RESPOND Integration Guide.