Phish Insight is a SaaS service for enterprise users. Its purpose is to raise an employee's security awareness so they can protectselves them from internet fraud, phishing, and many other cyber security threats.  


Phish Insight - Key Features

  • Phishing Simulation 
  • Security Awareness Training 

Phish Insight User Roles

  • Administrator
  • Recipients


Once configured by the administrator Phish Insight sends simulation emails to recipients. Depending on the recipients level of security awareness they may click on simulated phishing links, land on simulated phishing landing pages or open simulated malicious attachments. The administrator will have access to metrics on how the recipients responded after receiving the phishing simulation and will also see statistics on overall risk level of the target group of recipients.



TABLE OF CONTENTS


Does Phish Insight have ISO certification?

Yes, we are dedicated to ensuring our offerings meet critical industry certification and compliance requirements. The Phish Insight product has ISO 27001 and ISO 27017 certification




What data does Phish Insight collect?

  1. For the Administrator
    • First Name
    • Last Name
    • Email and Password
    • Phone
    • Company name
    • Company size
    • Department
    • Industry
    • IP address
    • OS
    • Browser

  2. For the Recipient
    • Manual Input
      • Name
      • Email
      • Office
      • Department
      • Joined Date
      • Username (if entered on a landing page)
    • Synchronized Active Directory (AD) Data
      • AD Users
        • Full Name (Distinguished Name) 
        • Manager Full Name (Manager Distinguished Name)i 
        • Identifier in Active Directory (GUID) 
        • Email Address (Mail) 
        • Department 
        • Office 
        • Display Name 
        • Last Log In Date (Last Updated) 
        • Last Updated Date of AD data (Last Modified)
      • AD Groups
        • Domain Name (Distinguished Name) 
        • Common Name (CN) 
        • Identifier in Active Directory (GUID) 
        • Members Display Name 
    • Phishing Simulation Campaign Data
      • IP address
      • OS
      • Browser


How is recipient data managed on Phish Insight?

Phish Insight provides multiple solutions for managing recipient data. 

  • Manual input 
  • Proprietary AD (Active Directory) Sync Tool 
  • Azure AD (Active Directory) (will be available in Q4 of 2020)


How is the data entered on the simulation landing pages handled?

Phishing simulation landing pages will generally have two fields, a username field and a password field. We do not collect, transfer or store password data that is entered on the landing pages. We will only indicate with a Yes or No if a value was entered in the password field. 


The username that is entered is stored by Phish Insight. We collect this data to allow customers determine if the employee really did enter their credentials. This data is only used for reporting and is not used for any other purposes.


Does Phish Insight use the recipient's data for marketing purposes?

No, Phish Insight does not use the recipient data for marketing purposes. The only data that will be used for marketing purposes belongs to the administrator who signed up for the service. The Phish Insight team will send administrators email updates about the product every month and make them aware of other products they may be interested in. Administrators can opt out of marketing emails at any time. The Phish Insight Customer Success Team may also contact Administrators to make sure they are having a good experience with the product.


The recipient data loaded into Phish insight is not accessed by Trend Micro unless the customer has an issue with a campaign that involves a review of recipients data. An example of this would be a recipient who did not receive the phishing simulation email. The Phish Insight Team can check the error logs and investigate its cause. 


The Phish Insight Customer Success Team and/or local account managers may review summary results of the campaigns that took place when discussing the customer’s experience with the product. E.g. in your first campaign 20% of recipients opened the simulation, in the second campaign 15% of recipients opened the email etc, individual recipient data is not part of this review


Why does Phish Insight collect this data?

This data is required to fulfill the purpose of the product i.e. providing our customers with the tools to make their employees aware of the latest cyber threats. 

Where does Phish Phish Insight store the data?

All Phish Insight customer's signed up since March 11, 2019 have their administrator data (username and password) stored in an AWS data center in Dublin, Ireland. Customer's that have not logged in since March 11, 2019 will have their administrator data stored in Oregon,USA these customers will have their data migrated to Dublin on their next login.

How long does Phish Insight store the data?

If the customer has not used the product for a duration of three years we will irreversibly obfuscate their data. A customer can request to have their data obfuscated at any time.

Who can access the data?

We have three teams globally that work on the Phish Insight product.

  • Business development and Customer Success - Cork, Ireland
  • Product development – Taipei, Taiwan and Manila, Philippines
  • Customer Success and Product Development – Manila, Philippines

Technically, all the teams above have access to the data however like mentioned previously they will only review Employee data if that is requested by the customer. The table that stores our employee data is audited and we treat this with high sensitivity.


How is data transferred in and out of the Phish Insight service?

  • Customer connects to the service console using browser via HTTPS connections.

  • AD Sync Tool sends a POST request to the back-end portal with the encrypted AD Information. The back-end portal will then upload the encrypted AD information to S3.


How does Phish Insight log and monitor data transmissions?

  • Data for administrator: The service logs of data transmissions, which are written to a central-log system. The service’s operation team can manually access the log for issues or troubleshooting.

  • Data for recipients: transmission logs are logged in the central-log system too.

What type of logs does Phish Insight generate?


Log TypeInformation StoredLocation of DataRetention Period
Back-end logsApplication error /
Debug logs
AWS - Ireland
AWS - Frankfurt
1 year
CloudWatch logs


  1. If the service collects data from European customers, will their data be transmitted outside of the Europe boundary?
  2. Trend Micro is a global organization and has dispersed teams. The Phish Insight product team has engineers based in Taiwan and the Philippines. While we heavily restrict access to customer data some employees will have access to customer data for development and support purposes. Queries to tables that contain employee personally identifiable data are logged. 


    Phish Insight uses the following sub processors to provide its service

  3. Name 
    Location
    Type of data
    Amazon Web Services
    Ireland and Germany
    All product data
    FreshWorks
    USA
    Administrator data
    Gainsight
    USA
    Administrator data


  4. Does Phish Insight have a disaster recovery plan?

  5. Phish Insight is hosted on AWS. Most AWS resources are managed by Terraform and Serverless framework. Phish Insight use Infrastructure as Code to provision and manage any cloud, infrastructure, or service. For the stateless part (no data) of our product, Phish Insight can recover in days. For the stateful part (database, s3 bucket), Phish Insight has a recovery procedure to recover in hours.



Trend Micro Privacy Statement

https://www.trendmicro.com/en_us/about/legal/privacy.html 


Phish Insight Terms and Conditions

https://success.phishinsight.trendmicro.com/support/solutions/articles/61000290553-terms-and-conditions