This article defines the various event types tracked during phishing simulations. Understanding these triggers helps administrators accurately interpret user behavior and distinguish between automated system actions and genuine "lured" events.
Event Definitions
| Event Type | Trigger Description | Impact Level |
|---|---|---|
| email_interaction | Tracked when the email client loads a hidden tracking pixel. This requires the recipient to allow image loading. | Low (Not a true lured event) |
| attachment_opened | Tracked when an employee downloads a simulated malicious attachment and enables editing within the document. | High (Compromise) |
| web_page_interaction | Tracked when an employee clicks any link within the email body. This covers all initial activity leading to a landing page. | Medium (Lured) |
| form_interaction | Tracked specifically when a user enters and submits credentials on a landing page. | Critical (Data Breach) |
| qr_fetch | Tracked when the email client automatically loads the QR code image within the message body. | Low (Not a true lured event) |
| qr_interaction | Tracked when an employee successfully scans or clicks the QR code provided in the email. | High (Lured) |
| static_teachable_access | Tracked when an employee successfully reaches the "Teachable Moments" educational webpage. | Neutral (Training) |
| email_reported | Tracked when an employee uses the official reporting tool to flag the phishing simulation. | Positive (Success) |
Key Distinctions
Attachment Security: Merely downloading a file may not trigger an event; the attachment_opened metric specifically looks for the user to bypass security warnings by "Enabling Editing" within the word doc file.
Web Activity: web_page_interaction is a broad category. Any click that directs a user away from their inbox to a URL is captured here.
Comments
0 comments
Please sign in to leave a comment.