Scheduled maintenance on Saturday, August 8th from 7am to 10am (UTC). Licensing registrations and key activations will be unavailable during this period. More info here.

"Clicked Link" level of confidence?

We use G Suite for our enterprise email. 

I recently conducted a phishing campaign and some of the users that are reported as "Clicked Link" are adamant that they did not click any links in the email.

I cannot find any documentation as to what Sophos' level of confidence is when they report that a user "Clicked Link"

We want to initiate remedial training for users, but we also want to make sure they in fact need it.

 

Thank you in advance.

  • Honestly I went through something similar.  Then I went to select a couple training videos and or sessions from Phish threat and I realized that most can be done in less than 15 minutes.  To keep things fair I just stated that some people failed but training, even additional training never hurts anyone and I scheduled out 2 or 3 of them.  Gave everyone 2 weeks to complete all 3 and had no complaints.  Actually most people found them fun or a good change from their normal routine.  Now I shoot some out every 6 months or so to give everyone a reminder/brush up.  I also try to find an article on a scam that would relate to workers on a personal level and send out an email blast outlining the scam/phish threat and how to avoid it.  I find that a personal level makes things more pertinent to the users and they seem more driven to understand it.  After I started doing that I actual had multiple users come to me with questions.  A good one to start with is haveibeenpwned.com

     

    Just a thought.