Phishing Campaign False Positives 

What’s a false positive? 

A false positive occurs when a system reports an event, such as a target clicking on a phishing email, when in reality the target never clicked. This happens on all types of phishing simulation systems and is not limited to any particular vendor or tool. Furthermore, it is not possible to completely eliminate false positives.  

What’s a click? 

A click is defined as any interaction with a link such as a user clicking with their mouse. However, clicks can also include a system, such as an email security software, inspecting an email prior to it reaching your inbox.  

Phishing Campaign False Positives 

We have investigated this issue and found that it is most likely caused by your email provider’s security filter. Email filters work by inspecting the contents of an email prior to releasing it to the receiver’s inbox. To the phishing tool, this inspection looks the same as a click/open and is reported as such.  

We are actively working on a long term solution to mitigate these false positives and appreciate your patience and understanding. Starting in Q3, we will be filtering out and/or identifying the possible false positives on all phishing reports.  

What can I do to help?

If you have not done so already, please contact your Customer Success Coach and ask for a list of IP addresses to whitelist. If you need assistance with this process, be sure to ask your Coach for the Whitelisting QRG.  

In addition, you can provide your Customer Success Coach a list of internal IP addresses that will be used in the filtering process that’s in development. These IPs need to be in a standardized format, so be sure to reach out to Customer Success for more information.