06/27/2024 BullPhish ID Release Notes v2.103

New Features

Per Users Subscription card

A new Subscriptions card for partners with the Per Users subscription has been added to the Dashboard, Organizations page and the IT Glue Organization Sync tab. The Subscriptions card enables partners to track their number of active targets and their total number of purchased targets.

Partners with the Per Users subscription must purchase a seat license for each intended campaign participant. If the number of Active Targets is greater than number of Purchased Targets, the number of Active Targets is highlighted in red text on the Subscriptions card. The number by which the limit is exceeded is indicated as well.


While adhering to the number of purchased targets will not be enforced at this time, partners should make sure they purchase the number of seats necessary to cover the number of active targets.

License usage banners

License usage banners are another new feature to help partners with the Per Users subscription track target status. Notification banners will be displayed on each BullPhish ID page when the number of active targets approaches the purchased targets limit.  

Here is an example of the banner displayed when the number of active targets is 95% of purchased targets.

For more information about the Subscription card and usage banners, see the article License limits for Per Users subscription.

Flexibility in scheduling weekly end user reports

Now you can specify the delivery day for automated weekly end user reports so it aligns with your desired reporting period. You can select the day of the week on which the report should be delivered in the User Reports > Frequency section on the Automate Report page. 
In this example, Wednesday is selected. Therefore, the weekly report will include data between Wednesday at 00:00 AM and Tuesday at 11:59 PM. The report will be sent shortly after 12:00 AM Wednesday. 

For more information, see the article Automate business reports and user reports. 


Stronger 2FA security

To prevent an attacker from bypassing the 2FA access requirement, the system will now track the number of times an invalid authentication code is entered and display the result to the user.


After five unsuccessful attempts, the user is redirected to the Login page displaying a message that the user’s account has been locked for 60 minutes.


In addition, the user will receive an account lockout notification email describing next steps.

Automated reports - Captcha requirement removed

The captcha requirement has been removed when accessing an automated report. Now when the user clicks the Download Report button in the automated report email, downloading begins.

Automated reports - Emails updated

The automated business report and user report email content has been updated. The email subject has been customized for the type of report (e.g., Weekly User Report for Training Campaigns, Q1 Business Report) and the content is specific to report type as well.
Also, the three download limit has been removed but reports older than 30 days will not be accessible.

Weekly training campaign user report

Monthly phishing campaign user report

Quarterly business report

CSV report Name field

The Name check box in the Export CSV Report modal has been separated into First Name and Last Name check boxes to provide more flexiblity when generating CSV reports. The Export CSV Report modal is displayed when creating a CSV report from a phishing or training campaign’s Details page (Actions > Generate CSV Report).



A 500 error was displayed when opening a completed training campaign for which the course had been removed.

This issue has been fixed and now the campaign’s Details page is displayed.

Content updates

New phishing kits

New phishing kits are now available. Each is listed below (links to new kit) along with an image of its email template and landing page.

New training courses 

The following translated training courses are now available in the Training portal: 

Baiting: Learn about the social engineering attack known as baiting.

  • Cebo (Spanish)
  • Isca (Portuguese)
  • Appatage (French) 

Smishing and Vishing: Learn about the social engineering attacks through voice and text message phishing, known as vishing and smishing respectively.

  • Smishing e Vishing (Portuguese)

Tailgating And Piggybacking: Learn about the in-person social engineering attacks known as tailgating and piggybacking.

  • Tailgating e Piggybacking (Portuguese) 
  • Tailgating y Piggybacking (Spanish)
  • Passage En Double Et Accès À Califourchon (French) 


Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section