How is a click recorded in simulated phishing emails?

Our simulated phishing emails contain links or attachments that you can use to test your users' vulnerability. In addition, email opens can be tracked by a small tracking pixel that we place in each of our emails, which can be optionally turned off.

How are clicks tracked?

Clicks are tracked when a user clicks on any of the links within the received phishing email.

Each phishing email in a phishing campaign will contain a unique URL created for the user who received it, so that the user's individual click can be recorded and their respective Phish-prone Percentage and Personal Risk Score can be updated.

This means that if the user forwards the email to their IT team or a coworker and one of those individuals clicks it instead, the click is still recorded for the original recipient of the email, not the person who actually clicked.

Can I remove clicks?

Yes! Click here to learn how.

Note that clicks that are still present when risk scores are updated will affect the risk score recorded for that day. Remove clicks immediately when you believe they are not accurate to keep an accurate log of your user, group, and organizational risk scores.