Why Do Some of My Users Have a Phish-Prone Percentage Greater Than 100%?
We count all of the different “failure points” in an email template as separate tests. The failure points include the following actions:
- Clicking the embedded link
- Entering data on a landing page
- Opening an attachment
- Enabling a macro on an attachment
- Replying to the simulated phishing email
If a user receives one of our Simulated Phishing Email templates and clicks the embedded link, they have failed a link test. If there is an attachment on the same simulated phishing email and they choose to open the attachment, they have failed a second test in the same email template. As a result, this user will have a 200% Personal Phish Prone Percentage, because the user failed two tests.
A PST (Phishing Security Test) can actually contain all of these tests in a single email template. If a user clicks on a link, enters data on a landing page, opens an attachment and enables the macro, and then replies to the email, the user has a 500% Phish Prone Percentage on this one email.
Note: This is not a common scenario and we recommend including no more than two tests in any given simulated phishing template. Most of your Phishing Campaigns will only utilize one test – either a link test or an attachment test.
A higher Personal Phish Prone Percentage indicates the individual user may be more vulnerable to an email-born social engineering attack. Consider this: if a user opens a simulated phishing email and clicks the embedded link, then also opens an attachment, or enters data, this user is not spotting what should be “red flags” to them and needs some additional training.