1. Opened – We have a tracking image in the email learners receive. If that tracking image is loaded, then it reports back to us that the learner opened the phishing email
2. Phished – If the learner clicks the phishing link, once they are taken to the expected URL (based on what was selected in the phishing template) it reports back to SecurityIQ that the learner accessed that specific URL, and they are marked as Phished.
3. Avoided. This can happen in one of two ways. If Advisor Armor has kept the footer on the email, and the learner clicks the link that they understand it is a phishing message, they are noted as avoided for that phishing email. Alternatively, if Advisor Armor is using Phish Reporter and has that deployed to the learner clients, if the learner clicks on Phish Reporter for that SecurityIQ generated email, it will log an avoided status.