Run the Test Summary report
Drill into a single phishing test's funnel — sent, delivered, opened, click rate, report rate — and optionally include the list of users who clicked in the export.
The Test Summary zooms in on one phishing test — a single send to a single target group — and lays out its funnel: how many emails were sent, how many were delivered, opened, clicked, and reported. Where the executive summary rolls a whole campaign up into one risk picture for leadership, the Test Summary answers a narrower question: "How did this specific send, to this specific group, perform?" You'll reach for it when a campaign fanned out to several groups or recurred over time and you want to inspect one test in isolation — and, when needed, pull the exact list of people who clicked.
Before you start
Prerequisites
- You're signed in as an org admin with the right organization selected in the org switcher (if you manage more than one).
- You've run at least one phishing campaign that reached the delivery provider. Only tests under campaigns that have a PhishingBox campaign ID are listed — drafts that never launched won't appear. See Run a phishing campaign.
Find the test
Open the Reports hub
From the left sidebar, open Reports. The hub lists every report type as a card. Click Test Summary.

Pick a test from the selection page
The selection page groups every available test under its parent
campaign. Each campaign heading shows a count (3 tests), and each row
underneath shows the target group name, the test ID, and the
date the test started.
Use the search box to narrow the list — it matches against the group name, the test ID, or the campaign name, so any of those will filter the rows down. Click a row to open that test's report.
Only launched campaigns appear
The selection page lists tests only for campaigns that have a PhishingBox campaign ID and at least one test on record. If you ran a campaign but don't see its tests here, confirm the campaign actually launched — see Troubleshoot phishing delivery.

The report opens at /org/reports/test-summary/<testId>. The detail
page pulls live metrics from the delivery provider, so it can take a few
seconds to load. If it can't finish within 95 seconds, Hook shows a
"Request timed out. Please retry." message — reload or click back in.
Numbers are cached briefly
To keep the report responsive, Hook caches each test's metrics for about 60 seconds. If you just saw a click land elsewhere and the Test Summary hasn't moved yet, give it a minute and reload.
Read the KPI cards
The top of the report is a row of five KPI cards. Rates are calculated against the number of unique people who took each action — not the raw event count — so one user who clicks three times still counts once.
- Sent — the number of messages sent, with a
to N targetssubtitle showing the size of the target group. - Delivered — messages that reached an inbox (sent, minus bounces and unsent), with the delivery rate below it.
- Opens — shown as the open rate percentage, with the count of unique opens underneath.
- Click Rate — the percentage of targets who clicked the phishing link, with the unique click count below. This card is color-banded: it turns red above 20%, orange above 10%, and stays neutral below that.
- Report Rate — the percentage who used the report-phish button to flag the email, with the unique reported count below. It highlights green when more than half the group reported.

The Details card
Below the KPIs, the Details card restates the test name, the launch date and time, and the target group.
Next to it sits a Recommendations list. These three items are fixed — they're the same general best-practice prompts on every test, not generated from this test's numbers:
Give shoutouts to those who reported
Encourage reporting of suspicious emails
Focus training on employees with multiple clicks (3+)Want data-driven recommendations?
If you want recommendations that respond to the actual click and report rates, read the executive summary instead — its recommendation list is generated from the campaign's metrics.
Show the users who clicked
By default the report shows aggregate numbers only. Flip the Show Clicked Users toggle to load a table of the people who clicked (or otherwise failed) the test, listing each person's Name, Email, and Group. The table is read-only — it's for review, not editing.
The toggle also controls the export
Whatever the toggle is set to when you export carries into the PDF and email. Turn Show Clicked Users on before you export if you want the clicker list in the file; leave it off to share metrics only. The clicker table is added as its own page in the exported PDF.

Export the report
The header carries the export controls, the same as on other reports:
- Export PDF renders the report — including the clicker table if the toggle is on — to a downloadable PDF.
- Email opens a dialog where you pick recipients from your organization and Hook sends them the PDF as an attachment.
Both build the file server-side from the same data on screen.
Common pitfalls
- A test you ran is missing from the list. Only tests under campaigns that reached the delivery provider show up. A campaign saved as a draft, or one that failed to sync, won't list any tests here.
- The page times out. Live metrics come from the delivery provider; on a large send the call can run long. Hook gives it up to 95 seconds before showing a retry message — reload and it usually succeeds on the second try.
- Your export is missing the clicker list (or has one you didn't want). The export mirrors the Show Clicked Users toggle. Set the toggle the way you want before you click Export PDF or Email.
- The Recommendations look generic. They are — the Test Summary's three recommendations are fixed prompts, not tailored to this test's numbers. Use the executive summary when you want data-driven advice.
Related
Read the executive summary report
Roll a whole campaign up into one risk picture, with data-driven recommendations and the clicker list.
Monitor a live phishing campaign
Watch sends, opens, clicks, and reports update in real time while a campaign is in flight.
Run the security awareness snapshot
See your organization's overall posture across campaigns and training in one place.
Read the executive summary report
Open, interpret, and share the executive summary for a phishing campaign so leadership sees risk and your team knows what to do next.
Run the Security Awareness Snapshot
Generate a month-scoped, client-ready review combining a phishing funnel and training completion, with an appendix of clickers and incomplete-training users.