Run the Group Performance (Phishing Trendline) report
Track one group's phishing resistance over time with a click/report rate trendline, monthly performance table, and best/worst-month callouts.
The Group Performance report shows how a single group's phishing resistance has moved over time. It rolls every phishing test the group has taken into a month-by-month trendline of click rate versus report rate, calls out the group's best and worst months, and breaks the numbers down in a monthly table. You run it when you want to answer "is this team getting better at spotting phishing?" — for a department, a location, an exec group, or any pilot cohort you're tracking.
The card and the report have different names
In the report catalog the card is labelled Phishing Trendline. Once you pick a group, the detail page is titled with the group's name (and falls back to Group Performance Report if the name hasn't loaded). They're the same report — the catalog card is the entry point, the group page is the result.
Before you start
Prerequisites
- You're signed in to Hook as an org admin, with the right organization selected in the sidebar org switcher if you manage more than one.
- The organization has at least one group. If there are no groups, the selection page shows a No Groups Available empty state — create a group first under View users and groups.
- The group has been included in at least one phishing campaign. The trendline is built entirely from PhishingBox campaign results, so a group that's never been tested shows the No Campaign Data empty state.
Pick a group
The report opens to a group selection page rather than straight to a chart, because it's scoped to one group at a time.
Open the report
From the left nav, go to Reports, then open the Phishing
Trendline card (under the Groups category). You land on the group
selection page at /org/reports/group-performance.

Find your group
The page lists every group in the selected organization in a table with Group Name, Members, and Phishing Tests columns. Use the Search groups box at the top to filter. The search is fuzzy and ranked: an exact name match ranks highest, then names that start with your text, then a word inside the name that starts with it, then any name that merely contains it. Results re-sort by best match as you type. If nothing matches, you'll see No groups found matching "…" — click the X in the search box to clear it.

Open the group's report
Click anywhere on a group's row to open its trendline at
/org/reports/group-performance/<groupId>. Hook fetches the group's
test history from PhishingBox and renders the report.
Read the report
The detail page has three parts beneath the header: the KPI callouts, the trendline chart, and the monthly table. All three are read-only — this is a reporting view, not an editor.
Best and worst month callouts
Two KPI cards sit at the top:
- Best Report Rate — the single month with the highest share of users who reported the phishing email. The card shows that month and reads N% of users reported phishing.
- Highest Click Rate — the month with the largest share of users who clicked. The card shows that month and reads N% of users clicked phishing.
These are picked from the same monthly data that drives the chart, so they always fall inside the date range you're viewing.

The performance chart
Monthly Performance Trends plots two lines per month: the group's click rate and report rate. By default it covers the last 12 months and the description reads Click rate and report rate over the last 12 months. If you change the range, the description switches to the explicit dates, and when the actual data starts or ends inside the window it appends the real data span — e.g. (data: Mar 2026 – May 2026) — so you can tell when there were quiet months at the edges.
Rates are computed per month as a percentage of emails delivered: click rate is clicks ÷ delivered, report rate is reports ÷ delivered. A month with zero delivered emails reads as 0%.

Adjust the date range
The header has a date range picker (next to the Email and Export
buttons). It has two ways to set the window: a preset dropdown with
Last 30 days, Last 3 months, Last 6 months, and Last 12
months, or a Custom date range calendar where you pick a start
and end date. Either way, the report reloads for that window. The range
lives in the URL as startDate and endDate query parameters, so a
link to the page carries its range with it — handy when you want to
share a specific view or bookmark it. Leaving the range untouched keeps
the default 12-month window.
The Monthly Performance table
Below the chart, the Monthly Performance table breaks the same data down month by month, newest first, with four columns:
- Month
- Delivered — the number of phishing emails delivered to the group that month.
- Click % — with a trend arrow comparing it to the previous month.
- Report % — with a trend arrow comparing it to the previous month.
Every column is sortable. The trend arrows are colored by whether the movement is good, not by direction:
- For Click %, down is good — a down arrow is green, an up arrow is red.
- For Report %, up is good — an up arrow is green, a down arrow is red.
- A flat dash means no change from the prior month (and the oldest row has no prior month to compare against, so it shows a dash).

Export or email the report
The header carries two actions that work on whatever range you're viewing:
- Export PDF — downloads a PDF of the report.
- Email — opens an Email Report dialog. Search your org's user list, check the recipients (or Select All), and click Send Report. You have to pick at least one recipient before it'll send.

Common pitfalls
- "No Campaign Data" means the group hasn't been tested in this range. The trendline is built only from PhishingBox campaign results. If the group has never been in a campaign — or has none inside the selected dates — you'll see the No Campaign Data empty state instead of a chart. Widen the date range, or run a phishing campaign against the group first.
- In the trend arrows, the arrow is direction and the color is the verdict. The arrow tells you whether a rate rose or fell versus the prior month; the color tells you whether that move was good (green) or bad (red). On Click %, a rise is bad, so a red up-arrow means clicks went up. On Report %, a fall is bad, so a red down-arrow means reports went down. Read both together, and don't assume "up = good."
- The catalog name and page title differ. Don't be thrown that the catalog card says "Phishing Trendline" while the page you land on is titled with the group's name — it's the same report.
Related
Review the security watchlist
See which individual users are repeat clickers and need follow-up.
Run the Security Awareness Snapshot
A one-page read on your whole org's phishing and training posture.
Read the executive summary report
Make sense of a single campaign's KPIs, risk score, and recommended training.
Run the Course Enrollment report
Measure completion for a single course, filter by group, and find overdue learners ranked by urgency — exportable to PDF and emailable.
Run the Autopilot (COTM) Campaign report
Generate a client-ready report for a managed Campaign-of-the-Month simulation — results, email preview, training video, educational context, and an optional clicked-users list and note.