This document explains how CyberHoot AttackPhish populates the various tracking fields when running phishing simulations. It defines the user actions that trigger each status and describes when additional training is assigned.
Email Sent
Email Opened
Clicked Link
Submitted Data
CyberHoot automatically assigns remedial training when users demonstrate risky behavior:
Simply opening the email does not trigger training, since users may preview messages in the normal course of work.
Training is assigned as a short, targeted awareness assignment, reinforcing how to spot phishing attempts and reminding users not to click or submit information.
Metrics may underreport “opens” if users block image loading in their mail client.
Clicking a link is the most reliable indicator of risky behavior, since it requires an intentional user action.
Submitted data represents the most severe failure point and is treated as a critical incident for awareness training.
Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.
For four years, CyberHoot has argued the same thing on its blog: passwords are major weak link. They get reused,...
Read more
The 2026 FIFA World Cup kicked off on June 11th across the United States, Canada, and Mexico. Six million fans...
Read moreGet sharper eyes on human risks, with the positive approach that beats traditional phish testing.
