search

pentestgeek / phishing-frenzy

Ruby on Rails Phishing Framework
www.phishingfrenzy.com
GNU General Public License v3.0
768 stars 293 forks source link

Distinguish load embedded picture and open email #332

Open fraf0 opened 7 years ago

fraf0 commented 7 years ago

Hi,

The code flag an email "opened" if the embedded link is open. This is logical : to click on the link, an user must have open the email.

The same flag "opened" is used if the user loads embedded image (pixel tracking).

It would be great to distinguish the 2 actions because they not have the same meaning in analyze for a client and can drive to different messages in future sensibilisation actions.

Regards, fraf

zeknox commented 7 years ago

The opened metric is a tough one. We have decided that any user that clicks on the phishing link will automatically increment the opened metric as well. We also will increment the opened metric if the user has loaded all the remote content.

This really isn't an accurate metric because it all depends on the email client that people are viewing with. Some clients will automatically load remote content where some will not. So really the metric is going to be inaccurate to some extent for the most part no matter how you look at it.

fraf0 commented 7 years ago

Hi,

I understand this.

As I work on professional phishing simulation, I think in most case, I will have a certain insurance for the mua and his configuration. Maybe some time I will recalculate the statistics directly on Apache log, so I can use appropriate rules according to my client situation. In my opinion, it's valuable for a client to understand if the embedded email content is loaded or not.

Thanks you for your answer.

Regards,

Fraf

Le 28 sept. 2016 à 17:13, Brandon McCann notifications@github.com a écrit :

The opened metric is a tough one. We have decided that any user that clicks on the phishing link will automatically increment the opened metric as well. We also will increment the opened metric if the user has loaded all the remote content.

This really isn't an accurate metric because it all depends on the email client that people are viewing with. Some clients will automatically load remote content where some will not. So really the metric is going to be inaccurate to some extent for the most part no matter how you look at it.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

zeknox commented 7 years ago

You bring up a good point. Perhaps it makes sense to have two separate metrics. 1 for Emails Opened Explicitly, and one that is an Assumed Opened Metric using clicks to factor in the result.

fraf0 commented 7 years ago

I would rather say 1 for embedded content loaded and 1 for email assumed opened.