What information does Spotted track?

Spotted aims to help you and your team get better at identifying suspicious emails, so we track some information to report back to you after each campaign.

After each simulated phishing campaign, we’ll send you a high level report so you can keep track of your progress. This shows you how your team is doing as a whole and keeps the experience safe and supportive by not identifying individuals. 

The actions we track are:

  • Emails sent.
  • Emails opened. Some email clients allow disabling inline images (this is good!) so the number of opened emails may not be 100% accurate.
  • Clicks. Depending on the goal of each simulated phishing campaign, this could be a link click or a file download.

To collect these metrics, we use the unique views to a tracking image and spotted landing page. We also use the IP address and browser user agent to differentiate between spam filters and user browsers. We deliberately do not store which user email address corresponds to the randomly generated tracking link.

Some campaigns may ask people to enter usernames and / or passwords, but we don't collect this information.

Here’s a sample report if you want a sneak peek.

Example Results for the Spotted Campaign:

  • 26 emails were sent in total.
  • 14 people opened the email.
  • 3 people followed the call-to-action, which was the "activate my account" link.
  • 1 people followed other links in the email.
  • 0 people attempted to unsubscribe.