This article depicts the problem of false clicks, its origin, and mitigation methods.
False clicks on my phishing campaign results, how come?The tracking mechanism of the phishing simulations implies that the links should be open and publicly accessible.
Such links are used for Opened and Clicked Link events on our end.
Those links have to be publicly available for the recipient (end-user) that receives the simulation to avoid additional authorizations, as this may lead to decreased quality of the simulation itself.
The link includes the tacker which helps us to determine to which user a specific event belongs.
If anything else clicks the link instead of the user, i.e. 3rd party software, antivirus, security check, security manager to whom the email was forwarded for review/analysis, or an email preview, we register the Clicked link event and connect it to the user in question.
Mitigation options:
As of now, we can offer 2 ways to deal with this matter.
1st is to remove the root cause of the issue, this should be done by adjusting the settings on the customer's end.
We are offering an option of having a custom X-Test-Phish header if the security software on the client's end allows configuring an exclusion list for Wizer only, which would allow to keep the security software running on the customer's end and will prevent false clicks.
2nd is to use an event rule set on our end.
Depending on the indicators we see on our end, we can form a set of rules that will mark false click events as deleted on our end and exclude them from being used in reports.
This, however, has to be a precise and constant indicator that should be found by the customer.
As a side note, one more possible solution is to turn off the security measures software at least for Wizer emails only.