Overview
This article is a glossary of phishing terms we use at PhishingBox. This list includes action types associated with how a target handles phishing attacks. When you generate a report, these action types will appear in the Action Type column.
NOTE: Some landing page templates may be configured with custom action types. See Landing Page Template Editor for more information.
When generating a report, you can choose to append a phishing term appendix to the report by enabling the Phishing Term Appendix option.
Phishing Terms
The phishing terms we use at PhishingBox are as follows:
NOTE: This is not a comprehensive list, and new terms are being added over time.
- Auto-Reply - An action tracked when a phishing email has been replied to from an auto-responder set up for the target. The system looks for key phrases to help discern if user legitimately replied to a phishing email or not. Auto-Replies do not result in a target failure in tests.
- Bot: Page Crawl - Software that systematically visits and analyzes web page pages on the internet. Typically, software performing these crawls are from network security providers looking to find malicious content, or from a search engine to gather information for indexing purposes. When you see this action type, inspect the IP address to see who/what is crawling the page.
- Bot: Email Crawl - Software that systematically opens and analyzes emails. Typically, software performing these crawls are email security tools, like spam filters and anti-malware, that are analyzing emails to find malicious content. When you see this action type, inspect the IP address to see who/what is crawling the email.
- Clicked Link in Email - A Hook Link was clicked in the phishing email and the user was taken to the landing page.
-
Completed Training Page Material - The target navigated to the training page and completed the training materials (this requires the target to click the "Complete Training" button on the training page).
NOTE: The "Completed Training Page Material" action does not mean the target completed a course, it simply means they completed the training found on the Training Page.
-
Custom Landing Page Actions - It's possible to provide a custom landing page action name by using the "Form Submission Report Action" field in the template editor. When a landing page has a value for this field, actions (clicked link, clicked button, or submitted a form) committed on the landing page will be recorded as this action type. Some of PhishingBox templates will provide value for this field, such as Clicked Completion, Login Submitted, Performed Update, etc. When no value is provided for this field, the action will simply be "Performed Action".
NOTE: The "Form Submission Report Action" is configured under Completion Settings in the Landing Page tab of the template editor. See our Landing Page Template Editor article for more details.
- Data Extended - Any action more severe than Clicking Link in Email (Performed Action, Performed Update, Download Started, and Replied).
- Delivered - The count of emails that the receiving server has accepted. This does not confirm that the emails have reached the inbox of the target (the emails could have landed in Junk or Quarantine).
- Email Opened - The email was opened by either the target, security software, or email client.
- False Positive - An action that may not have been committed by the target. Security software can open and navigate links in an email and would trigger the same actions as a target. Once false positives are identified, the IP addresses associated with these actions can be filtered (IP Filters) out and no longer count against the target.
- Hook Link - The URL link(s) in the phishing email that leads to the Landing Page or Training Page.
- No Action - The target did not perform any actions on the phishing email (e.g., Opening the email, Clicking Hook Link, etc.).
- Opened Attachment - The target opened the attachment included in the phishing email.
- Performed Action - The generic term for completing the Phishing Hook action on a landing page template. This action type is recorded when "Form Submission Report Action" has no value.
- Phish Time - The time it took for the phishing action to occur after it was sent.
-
Received Training - The count of targets that have viewed the training page attached to a phishing campaign.
NOTE: URL redirects will also be recorded as "Received Training".
- Replied - An action tracked when a target replies to a campaign phishing email. This means PhishingBox has determined the reply as authentic and not an auto-reply.
- Targets - The users/email addresses that you are testing.
- Target Email - One email sent to one Target during a campaign.
-
Test - A phishing simulation sent to single Group of Targets.
NOTE: A campaign is a collection of one or more tests.
- Unique - A flattening filter placed on the data so that each target is only counted once per category. For example, a user may have opened the email three times but will only be counted once in the metrics. That same user may have clicked on the link in the email twice but will only be counted once for clicking.
- Viewed Landing Page - The Landing Page was refreshed or navigated to by means other than a click from the phishing email. This action, along with Clicked Link in Email, makes up reported Clicks.
- Viewed Training Page - The target viewed the training page. This does not mean the target completed the training included on the training page -- targets will also receive the "Completed Training Page Material" if they complete the training.
- Worst Action - The most severe action that the target committed during the test. If a target opened the email, clicked on a link, attempted a download, and then opened the email again, their worst action would be attempted a download since it was the most severe action they performed.
Comments
0 comments
Please sign in to leave a comment.