# Phishing Campaign Reports This section describes the basic functionalities of phishing campaign reports, which you can find from the **Phishing Simulator > Campaign Manager** and click the **Instances** button to access the reports of the phishing campaign. Once you go inside the **Instances** of a campaign, you will see reports for that campaign; click on the **View** **Report** button under the **Actions** column to access the phishing campaign report. ## **View Report Details** In a campaign report, there are many sub-menus that provide valuable statistics about your phishing campaign. Here are the following menus on a campaign report: ### **Summary** The **Summary** provides a brief synopsis of the phishing scenario and options for further action.


Download Report	An .xls format version of the phishing scenario report is available for download by clicking the Download Report button.
Resend Campaign	Resend the phishing scenario to the same target user group with the same settings by clicking the Resend Campaign button.

#### Summary Widgets This section provides the opportunity to display the results of the campaign in a useful pie chart presentation.


Opened Email	The number and percentage of target users who opened the phishing email
Clicked Email	The number and percentage of target users who clicked on the URL in the phishing email.
Submitted Data	The number and percentage of target users who submitted data on the landing page of the phishing scenario.
Opened Attachment	The number and percentage of target users who opened the attachment file.
Phishing Reporters	The number and percentage of target users who reported the simulated phishing email by using the platform's suspicious email reporter add-in.
No Response	The number and percentage of target users who did not take any action in response to the phishing e-mail.

### Campaign Info


Target Groups	The total number of target groups selected for the phishing campaign.
Hyper-Personalization	With the 'Preferred Language' option, users will receive scenarios in their preferred language. Those without a preferred language will receive scenarios in the company's default language.
Smart Grouping	If enabled, users who fail at the phishing campaign are automatically added to the selected target group.
Target Users	The total number of users selected to receive the phishing campaign email.
Campaign Lifetime	The date and time the phishing campaign will be terminated. No additional data will be processed in the phishing report after the expired date.
Languages	Language used in the phishing scenario.
Scenario Distribution	Shows which scenario distribution setting is used for the campaign. See more info about the scenario distribution feature here.
Reply Tracking	Shows if the reply tracking feature is enabled or not for the phishing campaign.

### Scenario Info


Number of Categories	The number of categories of selected scenarios.
Languages	The number of languages of selected scenarios.
Method	The list of methods of selected scenarios.
Difficulty	The difficulty levels of selected scenarios.

### Email Delivery


Delivery Start - End	The date and time the campaign was started and was/will be ended to complete sending the email to all selected users.
Duration	It shows how long it took to send the campaign email to all selected users.
Delivery Status	Out of the total number of chosen users, it displays how many of them successfully received the campaign email and how many did not. Please go to Sending Report menu to see more information.

### Phishing Scenarios This section displays general information about the content of the phishing scenario. If you selected multiple scenarios, you can switch between them to preview.


Name	Name of the phishing scenario.
Method	Phishing scenarios can be created in one of several forms. Data Submit = Designed to detect target users who submit data on the landing page. Attachment = Designed to detect users who open the attached file by opening the file attachment in the e-mail. Click-Only = Designed to detect users who click on the phishing link in the email.
Difficulty	Difficulty level of the phishing scenario (easy, medium, hard)
Language	Language used in the phishing scenario.

#### Email that will be sent to users This section displays details of the sender’s name, the difficulty level, and the phishing scenario type sent to the target users. You can preview the email template design of the phishing scenario sent to the target users by clicking on the **Preview** button. #### Landing Page for Users Who Clicked on the Phishing Link The URL, difficulty level, and scenario type of the landing page content of the phishing scenario sent to the target users are displayed here. You can preview the landing page design of the phishing scenario sent to the target users by clicking on the **Preview** button. ### Opened This section displays the information of the target users who opened the phishing scenario email.


First Name	First name of the target user
Last Name	Last name of the target user
Email Address	Email address of the target user
Department	Department of the target user
Preferred Language	User's preferred language that is set from the Target Users menu.
Scenario Name	Name of the phishing scenario that is sent to user
Scenario Language	Language of the related scenario that was sent to user.
Last Opened	Date and time a target user last opened the phishing email
Times Opened	Number of times a target user opened the phishing email
Hide Sandbox Activity	If a sandbox solution has analyzed the simulated phishing email that is generated for the target user, you can choose to show or hide this false positive information in the menu.
Activity Type	List the human or sandbox activities by using one of the following options. Human Activity: The human has opened the simulated phishing email. Sandbox Activity: The sandbox solutions have opened the simulated phishing email.
Action	The Resend button allows you to resend the same phishing email. The Details option shows the date and time a user opened the phishing email, the user agent, browser information, geolocation, IP information, and other information.

### Clicked This section provides details of the target users who clicked on the phishing link.


First Name	First name of the target user
Last Name	Last name of the target user
Email Address	Email address of the target user
Department	Department of the target user
Preferred Language	User's preferred language that is set from the Target Users menu.
Scenario Name	Name of the phishing scenario that is sent to user
Scenario Language	Language of the related scenario that was sent to user.
Last Clicked	Date and time the user last clicked on the URL in the phishing email
Times Clicked	Number of times the user clicked on the phishing link
Hide Sandbox Activity	If a sandbox solution has analyzed the simulated phishing email that is generated for the target user, you can choose to show or hide this false positive information in the menu.
Activity Type	List the human or sandbox activities by using one of the following options. Human Activity: The human has clicked the simulated phishing link. Sandbox Activity: The sandbox solutions have clicked the simulated phishing link.
Action	The Resend button allows you to resend the same phishing email. The Details option shows the date and time a user opened the phishing email, the user agent, browser information, geolocation, IP information, and other information.

### Submitted Data This section displays details of a target user who submitted data on the landing page of the phishing scenario.


First Name	First name of the target user
Last Name	Last name of the target user
Email Address	Email address of the target user
Department	Department of the target user
Preferred Language	User's preferred language that is set from the Target Users menu.
Password Complexity	Complexity level of the password submitted on the landing page of the phishing email. (very weak, weak, medium, strong, very strong) TIP: The platform only captures the length and the first character of a password. Click here for more information.
Scenario Name	Name of the phishing scenario that is sent to user
Scenario Language	Language of the related scenario that was sent to user.
Last Submission	Date and time that the user last submitted data on the landing page of the phishing scenario
Times Submitted	Number of times that the target user submitted data on the landing page of the phishing scenario
Action	The Resend button allows you to resend the same phishing email. The Details option shows the date and time a user opened the phishing email, the user agent, browser information, geolocation, IP information, and other information.

### Opened Attachment This section displays the details of a target user who opened the attachment file.


First Name	First name of the target user
Last Name	Last name of the target user
Email Address	Email address of the target user
Department	Department of the target user
Preferred Language	User's preferred language that is set from the Target Users menu.
Scenario Name	Name of the phishing scenario that is sent to user
Scenario Language	Language of the related scenario that was sent to user.
Last Opened	Date and time that the user last opened the attachment file
Times Opened	Number of times that the target user opened the attached file
Activity Type	It shows if the user has Bot Acvitiy or Human Activity data for the campaign.
Action	The Resend button allows you to resend the same phishing email. The Details option shows the date and time a user opened the phishing email, the user agent, browser information, geolocation, IP information, and other information.

### No Response This section displays the details of target users who did not take any action in response to the phishing email.


First Name	First name of the target user
Last Name	Last name of the target user
Email Address	Email address of the target user
Department	Department of the target user
Preferred Language	User's preferred language that is set from the Target Users menu.
Scenario Name	Name of the phishing scenario that is sent to user
Scenario Language	Language of the related scenario that was sent to user.
Last Send Date	Date and time that the phishing email was sent to the target user
Action	The Resend button allows you to resend the same phishing email.

### Phishing Reporter This section provides details of target users who reported phishing emails using the phishing reporter add-in. {% hint style="info" %} Additional information on the Phishing Reporter is available [here](https://doc.keepnetlabs.com/next-generation-product/platform/phishing-reporter). {% endhint %}


First Name	First name of the target user
Last Name	Last name of the target user
Email Address	Email address of the target user
Department	Department of the target user
Preferred Language	User's preferred language that is set from the Target Users menu.
Scenario Name	Name of the phishing scenario that the user reported.
Scenario Language	Language of the related scenario that was sent to user.
Last Reported	Date and time when a user reported the phishing email using the phishing reporter add-in.
Times Reported	Number of times that a user reported the phishing email using the phishing reporter add-in.
Action	The Resend button allows you to resend the same phishing email. The Details option shows the date and time a user opened the phishing email, the user agent, browser information, geolocation, IP information, and other information.

### Sending Report This section provides a summary report of the delivery of the phishing email to the target users.


First Name	First name of the target user
Last Name	Last name of the target user
Email Address	Email address of the target user
Department	Department of the target user
Preferred Language	User's preferred language that is set from the Target Users menu.
Scenario Name	Name of the phishing scenario that is sent to user
Scenario Language	Language of the related scenario that was sent to user.
Email Delivery	Which SMTP is used to deliver the simulation emails to the users.
Date Sent	The last date and time that the email has been sent to target user.
Delivery Status	Status of the phishing email sent to the target user In Queue = The phishing email is in the queue to be sent. Successful = The phishing email was sent successfully. Error = An error occurred in the delivery of the phishing email. Cancelled = This user was eliminated as a target for this phishing campaign.
Action	The Resend button allows you to resend the same phishing email. The Details button allows you to see the email delivery details.

## How Password Complexity is Calculated When a user submits a form containing a password field, we evaluate the password using a scoring system that determines how strong or weak it is. This score is based on the structure and patterns used in the password. {% hint style="warning" %} We do not store or receive full user passwords. Before the form is submitted: * Only the first character of the password is kept. * All remaining characters are replaced with asterisks (\*), e.g. P\*\*\*\*\*\*\*\*. This ensures that no actual password is transmitted or stored, supporting both user privacy and compliance with security best practices. {% endhint %} **Positive Scoring Factors** | Feature | Scoring Logic | Description | | ---------------------- | ------------------------------ | ------------------------------------------------ | | Length | length \* 4 | Longer passwords score higher | | Uppercase letters | (length - uppercaseCount) \* 2 | More uppercase letters (A–Z) = more points | | Lowercase letters | (length - lowercaseCount) \* 2 | More lowercase letters (a–z) = more points | | Numbers | count \* 4 | Numbers increase the score | | Symbols | count \* 6 | Symbols (!@# etc.) give a strong boost | | Middle numbers/symbols | count \* 2 | Placing numbers/symbols in the middle adds bonus | | Meets requirements | # of types used \* 2 | Bonuses for using at least 3–4 character types | **Negative Scoring Factors** | Weak Pattern | Penalty Logic | Description | | ------------------------ | ----------------- | ---------------------------------------------- | | Only letters | -length | No digits or symbols = deduction | | Only numbers | -length | No letters or symbols = deduction | | Repeated characters | -variable penalty | Penalized based on how often characters repeat | | Consecutive uppercase | -count \* 2 | Sequences like "AAA" are discouraged | | Consecutive lowercase | -count \* 2 | Same logic as above with lowercase | | Consecutive numbers | -count \* 2 | Same logic with digits | | Sequential letters (abc) | -count \* 3 | Penalizes predictable patterns | | Sequential numbers (123) | -count \* 3 |

| | Sequential symbols (!@#) | -count \* 3 |

| **Complexity Rating (Based on Score)**

Score Range	Complexity Rating	Description
0–19	5 (Very Weak)	Needs major improvement
20–39	4 (Weak)	Below average
40–59	3 (Moderate)	Meets some standards
60–79	2 (Strong)	Good overall security
80–100	1 (Very Strong)	Excellent password

Thank you — here is the final version incorporating that **bot activity may apply to both "Opened Email" and "Clicked Link" events**, and still maintaining the correct documentation format with only one Heading 2 and one Subheading 3: ## Understanding Bot Activity vs. Human Activity in Reports In phishing campaign reports, **Human Activity** refers to real actions taken by users, such as opening emails, clicking links, or submitting data. In contrast, **Bot Activity** represents automated interactions triggered by email security systems, spam filters, or sandboxing tools. These bots scan emails and follow links as part of their protective duties—sometimes even before users see the message. Bot activity may appear in both **Opened Email** and **Clicked Link** sections of the report. For example, if a security system opens an email to analyze it, or clicks a link to test the destination, these actions may be captured and flagged as bot interactions. To ensure accurate reporting, the platform automatically detects and labels such activity based on predefined detection rules. Any record classified as **Bot Activity** will carry a special tag and can be excluded from the view by clicking the **“Hide Bot Activity”** button. Admins can also hover over the info (ⓘ) icon in the **Activity Type** column to see which rule was triggered. The detection rules are: * **A1 – Unusual User-Agent Interacted:** Triggered when an atypical or suspicious user-agent (browser identifier) is detected. * **A2 – Honeypot Link Reused:** The hidden phishing link inside of the email clicked multiple times by the same IP and user-agent within 5 minutes—indicating automation. * **A3 – Same-Second Activity Spike:** Multiple activities occurred at the exact same time, which is unlikely for human users. * **A4 – Stop Bot Activity Challenge Failed:** * **A4.1** – The phishing link was clicked, but the invisible browser javascript challenge was not passed. * **A4.2** – The browser failed to load required scripts that a real user’s browser would normally execute. If customers see several entries marked as **Bot Activity**, it typically means that their security tools pre-screened the phishing simulation links. To evaluate real user behavior, they should filter the report by **Activity Type** or use the **“Hide Bot Activity”** toggle. For better accuracy in future simulations, they may consider allow listing Keepnet domains to reduce interference from automated systems. By filtering out bot noise, organizations gain a clearer understanding of **true user actions and risk levels**. ## Tutorial Video This tutorial describes the basic functionalities of phishing campaign reports which you can find in the Campaign Reports menu. {% embed url="" %} ## FAQ ### Q: Can I download a phishing scenario report? A: Yes. You can download a report that provides details of the campaign by clicking on the **Download Report** button. ### Q: Can I change the content of the report of the phishing scenario? A: No. The information in the report cannot be changed. ### Q: Can I resend the scenario to users who did not open the email? A: Yes. The resend function allows you to send the phishing scenario to any user you select. ### Q: Can I check on the status of the campaign? A: Yes. The Sending Report option provides you with a view of the current activity of the phishing scenario. ### Q: **Can I import reports into my own reporting tool (e.g., Qlik Sense, Tableau, PowerBI)?** A: Yes. You can transfer all of our reports through an API, enabling you to use the information as needed to suit your business. Additional information on APIs is available [here.](https://doc.keepnetlabs.com/next-generation-product/platform/company/company-settings/rest-api) ### Q: What are the differences between the Only Opened Emails, Only Clicked Links vs Opened Emails and Clicked Links tabs in the downloaded excel report? A: The differences are explained below. * "Only Opened Emails" will show the users who only opened the email and didn't go further, such as clicking the link. * "Only Clicked Links" will show the users who opened the email and then clicked the link and didn't go further, such as data submission. * "Opened Emails" will show the users who opened emails. It doesn't matter if user clicked the link or submitted any data. * "Clicked Links" will show the users who opened and then clicked the link. It doesn't matter if the user submitted any data. ### **Q:** How do you determine if a "user agent" belongs to a sandbox or a real email user? **A:** Please see below how the **Sandbox** **Activity** **Detection** feature works to identify false positive clicks. 1. **Rule 1: User Agent Signatures:** We have a list of 10+ sandbox user agent patterns. If a user action matches these, it's flagged as sandbox activity. 2. **Rule 2: Honeypot Link:** We embed invisible "Honeypot" links in our emails. While humans can't see or click them, sandboxes often access them, revealing their presence. 3. **Rule 3: Request Header Analysis:** By examining request headers, we can identify unique characteristics that differentiate sandbox activities from real user actions. ### Q: Some users failed to receive the simulation via DEC and show the error 'The process failed to get the correct properties.' A: If users did not receive the simulation email via DEC and show the error 'The process failed to get the correct properties' in the Sending Report section of the campaign report, it may indicate that these users have been deleted, do not have an email license, have no inbox, or have been deactivated. Please check the users in your Microsoft 365 admin panel to ensure they are all active and have a valid mailbox license. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://doc.keepnetlabs.com/next-generation-product/platform/phishing-simulator/phishing-campaign-reports.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.