False Clicks in Wizer Phishing Simulation Emails

What Are False Clicks?

A false click occurs when a phishing simulation email is marked as “clicked” even though the user did not intentionally click a link. This typically happens due to email security tools, email client features, or improper handling of the simulated email.

False clicks are not caused by Wizer. They result from how email systems (e.g., Microsoft Outlook, Google Workspace, or security gateways) scan, rewrite, preview, or forward emails before or after delivery.

How to Fix and Prevent False Clicks

Follow the steps below to reduce or eliminate false clicks in phishing simulations.

1. Use DED (Direct Email Delivery)

Enable DED) to bypass email security filters that may automatically scan or click links. This is the most effective way to prevent false positives.

Set up Direct Email Delivery (DED):

• Google Workspace: How to set up DED for Google Workspace

• Microsoft 365: How to set up DED for Microsoft 365

2. Review the Phishing Simulation Checklist

Go through the Wizer Phishing Simulation Checklist to ensure your email environment and security tools are properly configured for simulations.

3. Ensure Proper User Handling of Simulation Emails

Users must handle phishing simulation emails correctly:

• Use the Wizer “Report Phishing” button

• Do not use the built-in Gmail or Outlook “Report Phishing” option

• Do not forward the email to IT or other users

Improper handling can trigger automated scans that register as clicks.

4. Outlook Users: Disable Link Preview (Temporarily)

If you use Microsoft Outlook, ensure link preview is disabled for the duration of the phishing campaign. Outlook’s link preview feature can automatically open links and cause false clicks.

Summary

False clicks are caused by email systems and user actions. Using Direct Email Delivery, validating your configuration, and ensuring correct user behavior will eliminate false click events.