How We Track Phishing Interactions
Our methodology combines multiple tracking vectors to provide comprehensive visibility into user interactions with simulated phishing campaigns, enabling organizations to understand their security posture and improve awareness training.
Email Open Detection
Email opens are detected through multiple embedded tracking assets, each tied to unique tokens for precise attribution.
Token-Based Tracking
Each recipient receives a unique set of tracking tokens tied to their dispatch record.
Multi-Vector Asset Tracking
Emails include the following assets with tokenized URLs:
- 1×1 pixel image (
/x/open/{token}) - CSS file for styling elements
- Font file for custom typography
- Background image for visual elements
Event Logging
When any of these assets are requested, the event is logged as a potential open, including:
- Timestamp of access
- IP address of requester
- User-agent string
- Asset type accessed
Click Detection
All interactive elements in emails and SMS messages are instrumented for click tracking.
Link Rewriting
All links in the email or SMS are rewritten to tokenized redirects (/x/click/{token}).
Redirect Tracking
When clicked, the request is logged before redirecting to the original target URL, capturing:
- Click timestamp
- Original destination URL
- Client IP and user agent
- Referrer information
SMS Link Tracking
SMS-based phishing simulations use personalized tracking links for comprehensive engagement monitoring.
Personalized Links
SMS messages contain a personalized tracking link unique to each recipient.
Instant Tracking
A click is recorded the moment the link is visited, providing real-time engagement data.
Data Collection & Privacy
Our approach prioritizes minimal data collection while maximizing actionable insights.
Minimal Metadata
Each event logs only essential metadata:
- IP address
- User agent
- Token type
- Timestamp
Privacy-First Design
This approach allows inference of opens and interactions with minimal user friction and no reliance on external tracking services.