Tracking simulated phishing emails
CybSafe phishing tracks the "opens" of an email using a unique hidden image pixel to record an open event. This however has some technical limitations:
It will vary amongst mail clients and configuration, but if "automatically download external images" is disabled or blocked, then an open event is not captured.
Some inbound mail gateways open images automatically to scan the contents. We do implement algorithms to reduce the impact of this where possible.
The sender domain will always be cs-mail-sender.com but with a spoofed <from> address.
From June 20th 2024:
The sender domain will always be email.cs-mail-sender.com but with a spoofed <from> address.
Emails contain a tracking URL which uses the domain: https://u6197305.ct.sendgrid.net/
From June 20th 2024 this is changing to: https://l.cs-mail-sender.com
We do not send file attachments in emails.
Users might encounter a simulation that asks for data as part of the phishing simulation, over an encrypted HTTPS connection. CybSafe will only capture the metadata surrounding the event, at no stage is user inputted data recorded permanently, analysed or retained in any way. Users who click through a phishing email are redirected to a learning page that provides information on the simulated attack and advice on how to avoid similar attacks in the future.
