Skip to content
Sign in
  • There are no suggestions because the search field is empty.

False Clicks in Wizer Phishing Simulation Emails

What Are False Clicks?

A false click occurs when a phishing simulation email is marked as “clicked” even though the user did not intentionally click a link. This typically happens due to email security tools, email client features, or improper handling of the simulated email.

False clicks are not caused by Wizer. They result from how email systems (e.g., Microsoft Outlook, Google Workspace, or third party email security tools) scan emails before or after delivery.

How to Fix and Prevent False Clicks

Follow the steps below to reduce or eliminate false clicks in phishing simulations.

1. Use DED (Direct Email Delivery)

Enable DED to bypass email security filters that may automatically scan or click links. This is the most effective way to prevent false positives.

Set up Direct Email Delivery (DED):

2. Review the Phishing Simulation Checklist

Go through the Wizer Phishing Simulation Checklist to ensure your email environment and security tools are properly configured for simulations.

3. Ensure Proper User Handling of Simulation Emails

Users must handle phishing simulation emails correctly:

  • Set up the Wizer Report Phishing button

  • Do not use the built-in Gmail or Outlook “Report Phishing” option

  • Do not forward the email to IT or other users

Improper handling can trigger automated scans that register as clicks.

Recommended: Send our 'phishing drill' template to teach the users how to use the button

4. Outlook Users: Disable Link Preview (Temporarily)

If you use Microsoft Outlook, ensure link preview is disabled for the duration of the phishing campaign. Outlook’s link preview feature can automatically open links and cause false clicks.

5. Check for Additional Email Security Tools

Review whether you have other security tools that may interact with emails after delivery. These tools can automatically follow links or detonate URLs, resulting in false clicks.

Examples include:

  • Secure Email Gateways (SEGs)

  • URL rewriting or time-of-click protection tools

  • Sandboxing or detonation engines

  • Third-party phishing analysis platforms

Ensure these tools are configured to bypass Wizer simulation emails where possible.

6. Verify Automated Processes and Integrations

Check for any automated processes that may access user mailboxes, such as:

  • Shared mailbox monitoring

  • API-based email analysis tools

  • SOC or SIEM integrations that ingest and inspect messages

These processes can unintentionally trigger link clicks during analysis.

Need Help?

If false clicks continue after completing the steps above, contact Wizer Support for assistance:

support@wizer-training.com

Include details about your email provider, security tools, and recent phishing campaigns to help speed up troubleshooting.