Skip to main content

Call outcomes & taxonomy

Every simulated vishing call resolves to exactly one outcome once it ends. The outcome is what reporting counts and what decides the follow-up each target receives, so it's worth knowing precisely what each one means. There are nine outcomes, framed for security training rather than raw telephony: a target who sees through the call is a positive result, and "nobody answered" is kept distinct from "something broke."

The nine outcomes

OutcomeShown asWhat happened
PhishedPhishedThe target answered and complied with the attack.
DetectedDetectedThe target answered and did not comply: they identified or refused the attack. This is a good result.
No answerNo answerThe call rang but was never picked up.
VoicemailVoicemailAn answering machine or voicemail picked up.
Call screenedCall screenedA phone's AI call-screening assistant intercepted the call.
BusyBusyThe line was busy.
Invalid numberInvalid numberThe number isn't dialable or doesn't exist.
Carrier rejectedCarrier rejectedThe carrier refused or failed to connect the call.
FailedFailedA technical or unknown error, including a call that never reported back.

Only Phished and Detected are "answered" calls that produced a real conversation; those two are the ones you can open to read the transcript. The other seven mean the call never became a conversation.

The outcome board

On a campaign's detail page, calls roll up into summary cards you can click to filter: All Recipients, Scheduled, Called, Vished, Passed, and Call Failed. Two things about the board are easy to misread:

  • "Vished" and "Passed" are the two answered results. "Vished" is the Phished outcome; "Passed" is the Detected outcome, the same positive result the per-call column labels "Detected." Same state, two words depending on where you look.
  • "Call Failed" collapses seven outcomes into one bucket. No answer, voicemail, call screened, busy, invalid number, carrier rejected, and true technical failure all count as "Call Failed" on the board, even though the per-call Outcome column tells them apart. Reading only the card, "nobody was home" and "the dialer errored" look identical; open the per-call list to separate them.

Believability score

Answered calls also carry a believability score from 0 to 100: how convinced the target was on that single call, shown as a badge next to the outcome. It's banded into Low (under 40), Moderate (40 to 69), and Convincing (70 or above). A call that never connected has no score (shown as a dash), which is not the same as a score of zero. Believability is a per-call measure and is deliberately separate from a person's overall risk score.

How the outcome is decided

Resolving a call is a two-step process, and it is built to never over-report a compromise:

  1. Did the target comply? For an answered call, the conversation transcript is evaluated against the scenario's success criteria and graded pass or fail. If that verdict is missing or unclear, it fails safe: the call is scored Detected, never Phished.
  2. What actually happened on the line? Telephony signals take precedence over the transcript verdict. A voicemail is always Voicemail even if the recording "completed"; a busy or unanswered line is Busy or No answer; a connection failure is Carrier rejected or Invalid number. Only a genuine human conversation defers to step 1 to become Phished or Detected. Anything unrecognized resolves to Failed, never Phished.

A call that was dialed but never reports a result (a dropped connection or lost signal) is reconciled to Failed after a short window, so no call stays unresolved forever.

Outcomes drive the follow-up

Each outcome maps to a follow-up action you configure per campaign (see Post-simulation follow-up). The signed-off defaults are:

  • Phished sends a remediation training email.
  • Detected sends a positive-reinforcement email.
  • No answer sends a security-exercise notice.
  • The remaining technical and non-answer outcomes send nothing by default.

You can override the action for any outcome on the follow-up step.

Gotchas & limitations

  • Detected is a win, not a loss. It means the target refused or saw through the attack. Don't read the board's "Passed" and the per-call "Detected" as different things; they're the same positive outcome.
  • The board's "Call Failed" hides real distinctions. No answer and voicemail (the target's line was reached but didn't engage) sit in the same card as invalid-number and technical failures (never reached at all). For a true delivery picture, use the per-call outcomes, not just the summary card.
  • No answer is not a failure. It's tracked as its own outcome, separate from any technical problem, so a quiet phone doesn't inflate your failure rate.
  • Answered rate counts only Phished plus Detected. Phish and detection rates are measured against answered calls, so the seven non-conversation outcomes don't dilute them.
  • A believability dash isn't a zero. Unconnected or unscored calls show no believability; treat that as "not measured," not "completely unconvincing."