Phish Insight Data Collection Notice : TrendMicro

Summary

Trend Micro Phish Insight is provided with or automatically collects and transmits the following data, some of which may be considered personal data in certain jurisdictions, as part of using the service. It is necessary to collect this data to provide the fullfunctionality of this service. Therefore, you cannot disable these features however you may elect not to use certain functions to avoid certain data being processed. If you do not want Trend Micro to process this data, you should stop using the service.

Signing up

When a user (IT Administrators) signs up, they enter the details below in the sign-up form and receive a verification email.
When the user verifies the email they will have access to the standard level of the product.

Data transmitted to Trend Micro

First Name
Last Name
Email Address
Password
IP

Feature Configuration Location

The Sign Up page can be accessed from the Phish Insight Homepage or directly on this URL https://cloud.phishinsight.trendmicro.com/auth/sign-up.

^{Click the image to enlarge.}

Creating a campaign - Uploading Recipients

Customer’s IT administrators can upload the list of recipients of the service in the following ways:
1. CSV file
2. Active directory integration
3. Manual data entry

Data Collected

First Name
Last Name
Email Address
Manager name (Optional)
Department (Optional)
Office (Optional)
Position (Optional)
Joined On (Optional)
IP
User Agent (Browser and OS)

Console Location

https://cloud.phishinsight.trendmicro.com/user-management/users

^{Click the image to enlarge.}

Campaign interactions

When the employee receives the phishing simulation email they may:

Click on the link and enter data on our simulated phishing webpages
Respond to the email if it is a business email compromise simulation.

We will store both the username (or alternative user identifier credentials as identified below) and the reply received from the employee.

Data Transmitted to Trend Micro

Username or other user identifier for example email address (personal or work)
Email reply data
User may enter their password into the landing page however this data is not transferred to Trend Micro. Trend Micro can only track whether or not a value was entered into this field, Trend Micro records this as “Yes” or “No”.

Feature Configuration Location

User name or other user identifier is collected from our simulated phishing landing pages

^{Click the image to enlarge.}

It is also possible to collect the reply data from a BEC Simulation. Reply data is at the discretion of the employee, it may be an automatic out of office email, a facetious response, it may include the employee’s signature block and any other information provided by the employee.

^{Click the image to enlarge.}