How to Determine If a User Has Failed a Phishing Simulation in HacWare

Understanding how employees interact with phishing simulations is essential for reducing human-related risk. HacWare gives administrators clear visibility into which users failed a simulation, what actions caused the failure, and where additional training may be required.

This guide walks you through the exact steps to verify simulation results inside the HacWare client portal.

1. Log in to the HacWare client portal

   Use your administrator credentials to access the dashboard. From here, you will manage simulations, view reports, and monitor user activity.

   
   

2. Go to the Simulations section

   On the left menu, select Simulations.

   Next, choose History. This opens the complete record of every phishing simulation sent to your organization.

   
   

3. Review the Simulation Message table

   Inside the History view, you will see the Simulation Messages table. Each row represents one message sent to a user.

   
   

   The key column to review is the Status column. This is where HacWare shows whether the user successfully avoided the message or engaged with it in a risky way.

   
   

4. How to Identify a Failure

   A failure is indicated by a red thumbs-down (👍🏽) icon in the Status column. This icon signals that the user interacted with the message in a way that would be considered unsafe in a real attack.

   
   

   

   
   

   Below is what each Type means:

   
   

Link / Clickable Link

This means the user clicked on at least one link inside the phishing message. Clicking is considered a failure because it simulates falling for a credential harvesting or malicious redirect attack.

Attachment

This means the user opened the attachment included in the message. Opening unknown attachments is one of the top attack vectors used to deliver malware or ransomware.

Direct Email

This means the user pressed reply and attempted to respond to the phishing message. Responding indicates that the user believed the message was legitimate and would have engaged with the attacker.

What to Do After Identifying a Failure

Once a failure is found, administrators can take several actions:

• Enroll the user in corrective training to reinforce safe behavior.

• Monitor repeat failures using High Risk Monitoring.

• Review future simulation reports to measure improvement.

• Share insights with leadership through Executive Reports.

HacWare is designed to make human risk easy to understand and even easier to reduce. By regularly reviewing simulation results, organizations can strengthen security culture, identify high-risk behavior early, and build a more resilient workforce.