In this article we take a look at Curricula’s Report Phishing Service and how you can use it to build a more fun and engaging security awareness training program.
What is Report Phishing?
Curricula’s Report Phishing service is a new dimension in our simulated phishing training experience that allows learners to report malicious emails sent by DeeDee, and Admins to identify who spotted the email and when.
With Report Phishing, your learners are more involved in training and can fight back against DeeDee!
After a quick setup, your learners can simply forward the email to firstname.lastname@example.org to receive credit for stopping DeeDee in her tracks.
How to Set up Report Phishing
Your learners can get started right away by forwarding emails to email@example.com and Curricula will recognize the phishing campaign as reported by the learner.
If you're a Gsuite user, you can setup your own mailbox to capture and monitor phishing reports internally alongside Curricula using a custom mailbox. Visit our Gsuite article for step by step setup instructions:
Notifications for Reported Phishing Attempts
For both Admins and learners, notifications from reported Curricula phishing attempts will arrive from firstname.lastname@example.org.
When a learner successfully reports an phishing attempt from DeeDee, they’ll receive an email with the subject line ‘’Successfully reported phishing attempt!’
Admins will receive an email notification when the first phishing attempt has been reported. Similar to when DeeDee hacks a learner, it will display how long it took for the first person to report a simulated phishing attack.
When clicking the ‘Reports’ tab on the Curricula Admin dashboard, you’ll notice a data point titled ‘Report Rate’ in the ‘Overview’ section.
Within the ‘Detailed’ reports option, a condition titled ‘Reported’ is available within the ‘Phishing Attempts’ dropdown.
When clicking the ‘Phishing’ tab on the Curricula dashboard, a 'Reported' column is available for all campaigns. Additionally, Reported Rate and Report Time can be found on the 'Summary' section of each campaign.
What if I report a phishing email after I click it?
Phishing emails reported after a click will not register as reported! Your learners must spot DeeDee’s email before they actually get caught.
What if I click a phishing email after I report it?
This would not register as a click.
What if I report a phishing email more than 10 days after I received it?
It will not register as reported. DeeDee’s phishing email must be reported within the 10-day timeframe that a phishing campaign is active.
Can I disable this functionality?
Report Phishing is enabled and available to everyone by default. If you do not want your organization to utilize the Report Phishing service, you can continue with your regular use of Curricula without following the above setup steps.
What do you do with emails we forward you?
We temporarily store them for review before deleting.
Will all phishing emails be available for reporting?
Curricula will only recognize phishing attempts from DeeDee, but you can still utilizing email@example.com to monitor all potential threats, or forward them to firstname.lastname@example.org.
What if someone forwards an email that is not a phishing attempt?
The email will not be recognized by the Curricula reporting service and will be deleted.
If you have additional questions about Report Phishing or need additional assistance, you can submit a support ticket using the link below!