When running phishing campaigns, even after a successful manager’s test, you may sometimes notice false positive clicks.
During whitelisting, you must analyze (together with your IT/Security team) any additional security systems or configuration that your organization has implemented which may impact or interfere with email delivery and processing. Our whitelisting documentation covers the setup of such security systems, however some customers may have a different system in place which we are not aware of.
OutThink detects user clicks by monitoring a unique hyperlink for each user, which opens the campaign landing page URL. Once this URL is visited, we know the user has clicked. If you see an unusually high click rate, you should first analyze the open vs clicked times using the dashboard’s Export CSV feature.
Typically, users take between 5-20 seconds to click on the link after opening an email. If you see that the email open time vs click time is identical, or is just a few seconds apart, it usually means there is some security tool or setting that is automatically following the link, resulting in a falsely registered click. You can download the full CSV report from:
We have outlined below the most common reasons:
- EDR or antivirus software
- Mail filters with security add-on packs that have their own whitelisting settings
- Link preview functions as part of some devices (mostly mobile and tablet)
- Spam filter misconfiguration, or lack of whitelisting configuration
- Device management systems (MDM) security options on mobile devices.
To solve False Positive clicks, you need to work with the team that has most in-depth understanding of your security infrastructure. We are happy to assist and help you to solve this problem.