This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"Clicked Link" level of confidence?

We use G Suite for our enterprise email. 

I recently conducted a phishing campaign and some of the users that are reported as "Clicked Link" are adamant that they did not click any links in the email.

I cannot find any documentation as to what Sophos' level of confidence is when they report that a user "Clicked Link"

We want to initiate remedial training for users, but we also want to make sure they in fact need it.

 

Thank you in advance.



This thread was automatically locked due to age.
Parents
  • Honestly I went through something similar.  Then I went to select a couple training videos and or sessions from Phish threat and I realized that most can be done in less than 15 minutes.  To keep things fair I just stated that some people failed but training, even additional training never hurts anyone and I scheduled out 2 or 3 of them.  Gave everyone 2 weeks to complete all 3 and had no complaints.  Actually most people found them fun or a good change from their normal routine.  Now I shoot some out every 6 months or so to give everyone a reminder/brush up.  I also try to find an article on a scam that would relate to workers on a personal level and send out an email blast outlining the scam/phish threat and how to avoid it.  I find that a personal level makes things more pertinent to the users and they seem more driven to understand it.  After I started doing that I actual had multiple users come to me with questions.  A good one to start with is haveibeenpwned.com

     

    Just a thought.

    Respectfully, 

     

    Badrobot

     

Reply
  • Honestly I went through something similar.  Then I went to select a couple training videos and or sessions from Phish threat and I realized that most can be done in less than 15 minutes.  To keep things fair I just stated that some people failed but training, even additional training never hurts anyone and I scheduled out 2 or 3 of them.  Gave everyone 2 weeks to complete all 3 and had no complaints.  Actually most people found them fun or a good change from their normal routine.  Now I shoot some out every 6 months or so to give everyone a reminder/brush up.  I also try to find an article on a scam that would relate to workers on a personal level and send out an email blast outlining the scam/phish threat and how to avoid it.  I find that a personal level makes things more pertinent to the users and they seem more driven to understand it.  After I started doing that I actual had multiple users come to me with questions.  A good one to start with is haveibeenpwned.com

     

    Just a thought.

    Respectfully, 

     

    Badrobot

     

Children
No Data