Clients Forwarding Phish Tests to Our Help Desk Triggers Link

  • 23 February 2023
  • 2 replies

Userlevel 7
Badge +6

Hi there,

I am wondering if anyone else has encountered this issue and has any advice:

Every time we push a phish test, we have partners forward the phishing email to our help desk. What we discovered recently is that when someone forwards the email our outbound mail filter “clicks” the link.

I have discussed this with our spam filter and there is no workaround. They have to protect their IPs from being blacklisted as a source of spam.

I’m just curious if anyone else has encountered this and ask what you’ve done.

Seems to me the only way to prevent this is to educate users NOT to forward the emails. But we also don’t want to discourage partners reporting security concerns.

Open to suggestions. What do you guys do?


Best answer by ggreenbaum 23 February 2023, 23:30

View original

2 replies

Userlevel 7
Badge +25

@ggreenbaum Any idea?

Userlevel 2

Administrators can use the CSV exports from WSAT to examine the origin for click events in question to conclusively determine whether the events are valid clicks (phishing simulation fails) or false positives (generated by an automated system such as a secure gateway or outbound filter).

The issue of false positives is challenging. Hopefully we see some responses here to see how others are dealing with the issue.

Here are Webroot are currently exploring a feature to help with this on the reporting side but overall I agree with the approach outlined by @kleinmat4103  - we want to encourage users to report phishing simulations as a matter of building up an organization’s security-oriented culture.