"Clicked Link" level of confidence?

We use G Suite for our enterprise email. 

I recently conducted a phishing campaign and some of the users that are reported as "Clicked Link" are adamant that they did not click any links in the email.

I cannot find any documentation as to what Sophos' level of confidence is when they report that a user "Clicked Link"

We want to initiate remedial training for users, but we also want to make sure they in fact need it.

 

Thank you in advance.

  • Honestly I went through something similar.  Then I went to select a couple training videos and or sessions from Phish threat and I realized that most can be done in less than 15 minutes.  To keep things fair I just stated that some people failed but training, even additional training never hurts anyone and I scheduled out 2 or 3 of them.  Gave everyone 2 weeks to complete all 3 and had no complaints.  Actually most people found them fun or a good change from their normal routine.  Now I shoot some out every 6 months or so to give everyone a reminder/brush up.  I also try to find an article on a scam that would relate to workers on a personal level and send out an email blast outlining the scam/phish threat and how to avoid it.  I find that a personal level makes things more pertinent to the users and they seem more driven to understand it.  After I started doing that I actual had multiple users come to me with questions.  A good one to start with is haveibeenpwned.com

     

    Just a thought.