If you use the Phishing Reporter of the Security Awareness Service, as an administrator you will receive an email from firstname.lastname@example.org containing an .eml file that can be checked,
The .eml file contains the email that was reported with the Phishing Reporter and does not originate from the phishing simulation.
This is a "false negative" or a "valid" e-mail. For security reasons, the user is not immediately visible.
To find out the user who received the e-mail, please proceed as follows:
- Open the file attachment (the .eml file)
- Display the header of the e-mail. (see also: How can I save an e-mail or view the headers?)
- Search for the "To:" header line:
To: Peter Smith <email@example.com
- In this line you will find the recipient and can carry out a corresponding evaluation.