Our simulated phishing emails contain links or attachments that you can use to test your users' vulnerability. In addition, email opens can be tracked by a small tracking pixel that we place in each of our emails, which can be optionally turned off.

How are clicks tracked?

Clicks are tracked when a user clicks on links within the received phishing email.

Each phishing email in a phishing campaign will contain a unique URL created for the user who received it so that the user's click can be recorded and their respective Phish-prone Percentage and Personal Risk Score can be updated.

So, if the user forwards the email to their IT team or a coworker and one of those individuals clicks it instead, the click is still recorded for the original recipient of the email, not the person who clicked.

Can I remove clicks?

Yes! For more information, see our Remove Failures from Phishing Test Results article. 

Note that clicks still present when Risk Scores are updated will affect the Risk Score recorded for that day. Remove clicks immediately when you believe they are not accurate to keep an accurate log of your user, group, and organizational Risk Scores.