It is common to see Click Prone % greater than 100% on individual recipients.
During each simulated Phishing campaign, there can often be more than one test within each email that the Recipient can either pass or fail.
We class each test as a separate point of strength or weakness on the part of the Recipient, if they reply to a simulated Phishing email, they have failed the reply test. If they open an attachment on the same email, they have failed a 2nd test on the same email. In this scenario, this Recipient would gain a Click-Prone percentage of 200%, they have failed 2 tests within one email.
There are several factors used within an email, each one adding to the Recipients Click-Prone percentage , should they fail the test.
These factors within our simulated phishing emails include the following:
- Clicking a link within an email;
- Opening an attachment;
- Entering data into a landing page;
- Replying to an email;
- Enabling macros within an attachment.
All of these can be used within a single email, meaning a Recipient could end up with a Click-Prone percentage of 500% after a particularly effective email.
Recipients with higher Click-Prone percentages tend to be more vulnerable to phishing attacks and other forms of cyber crime. They should be offered more extensive training as they are the final line of defence between your organisation and cyber criminals.
How does Phishing Tackle calculate a Campaign's Click-Prone Percentage?
For each campaign we take the sum of all test failures and divide it by the total number of emails delivered.
E.g. Our campaign delivers a simulated phishing email to 100 Recipients:
- 38 Recipients click the landing page link
- Of these recipients, 12 enter data into the Landing page
This totals 50 test failures, divided by the emails (100) gives us a campaign click prone percentage of 50%