logo_lightAlogo_lightlogo_light
  • About
  • Products
  • Pricing
  • Knowledge Base
  • Login
  • Products
  • Solutions
  • Search

How live phishing test click rates can easily be skewed

[et_pb_section fb_built=”1″ _builder_version=”4.16″ custom_padding=”0px|||||” da_disable_devices=”off|off|off” global_colors_info=”{}” da_is_popup=”off” da_exit_intent=”off” da_has_close=”on” da_alt_close=”off” da_dark_close=”off” da_not_modal=”on” da_is_singular=”off” da_with_loader=”off” da_has_shadow=”on”][et_pb_row _builder_version=”4.16″ custom_padding=”||8px|||” locked=”off” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ global_colors_info=”{}”][et_pb_text _builder_version=”4.18.0″ text_font_size=”20px” text_line_height=”1.8em” global_colors_info=”{}”]

People who don’t open live phishing test messages, don’t count. Well, what I mean is that it’s inaccurate to call this a “pass”. Whether they even see the message at all often depends on the subject line, and  how it resonates with an individual.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure=”1_2,1_2″ _builder_version=”4.16″ min_height=”670px” custom_padding=”5px||8px|||” global_colors_info=”{}”][et_pb_column type=”1_2″ _builder_version=”4.16″ global_colors_info=”{}”][et_pb_text _builder_version=”4.17.6″ text_font_size=”20px” text_line_height=”1.8em” header_2_line_height=”1.4em” min_height=”596px” custom_margin=”||-1px|||” global_colors_info=”{}”]

How can we use that data if we don’t know why they didn’t open it? Did the employee recognize the email as a test, just by seeing the subject line?

If an employee recognizes the subject line as a likely phishing test, that may be a good thing. But, if we don’t know “why” they didn’t open it, we can’t assume they are capable of spotting other key elements of phishing threats.

Different message subject lines will resonate differently with each employee. For example:

– Do they want “concert tickets”?
– Have they already done their holiday shopping?
– Did they just get a payroll deposit, and the subject is suspect?
– Does subject line only matter to some in the organization?

[/et_pb_text][/et_pb_column][et_pb_column type=”1_2″ _builder_version=”4.16″ global_colors_info=”{}”][et_pb_image src=”https://clickarmor.ca/wp-content/uploads/2023/12/unsplashimage-20.png” alt=”A computer mouse representing click through rates ” title_text=”unsplashimage (20)” align=”center” _builder_version=”4.23.1″ _module_preset=”default” module_alignment=”center” hover_enabled=”0″ global_colors_info=”{}” sticky_enabled=”0″][/et_pb_image][et_pb_text _builder_version=”4.23.1″ _module_preset=”default” hover_enabled=”0″ global_colors_info=”{}” sticky_enabled=”0″]

Photo by Markus Spiske on Unsplash

[/et_pb_text][et_pb_cta title=”It’s been a “super-fantastic” experience to see people learning and talking about security threats.” button_url=”https://clickarmor.ca/quick-start-bundle-gamified-security-awareness-training-and-engagement/” button_text=”Start Your 6-Week Quick Start Bundle Now” _builder_version=”4.16″ _module_preset=”default” locked=”off” global_colors_info=”{}”]

For just $325 USD, you can run a 6 week, automated program for gamified phishing awareness training and challenges.  (Limited time offer. Normally valued at $999 USD)

Use Promo Code: 6WEEKS

[/et_pb_cta][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.16″ custom_padding=”8px|||||” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ global_colors_info=”{}”][et_pb_text _builder_version=”4.17.6″ text_font_size=”20px” text_line_height=”1.8em” header_2_line_height=”1.4em” min_height=”8px” custom_margin=”-20px|||||” custom_padding=”22px||0px|||” global_colors_info=”{}”]

These are the kinds of questions that organizations need to consider within each and every live phishing test campaign.

How compelling should the subject line be? This deliberation takes a lot of time and effort, which many organizations don’t recognize. What we decide to put into the subject line has such a great effect on whether the employee even opens the message, that the “click rate” will be far from accurate.

This means there is only marginal value in tracking a trend based only on “click rates”. When you think about it carefully, how much does the “click rate” really mean when the subject line itself can skew the data a lot? And how do you measure employees’ ability to spot other elements of phishing attacks if the “click rate” is the only thing we know?

We need a more accurate and reliable way to measure employees’ capabilities for spotting threats, to manage their vulnerability.

[/et_pb_text][et_pb_button button_url=”https://clickarmor.ca/trial” button_text=”Book a free trial of Click Armor to start strengthening your security culture” button_alignment=”center” _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][/et_pb_button][et_pb_text _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”]

 

Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.16″ global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ global_colors_info=”{}”][et_pb_post_nav prev_text=”Previous Post” next_text=”Next Post” _builder_version=”4.16″ title_text_color=”#ffffff” background_color=”rgba(14,79,136,0.68)” custom_padding=”5px|10px|5px|10px|true|true” border_radii=”on|4px|4px|4px|4px” border_width_all=”1px” global_colors_info=”{}”][/et_pb_post_nav][/et_pb_column][/et_pb_row][/et_pb_section]

Share this article

[vc_empty_space height=”10px”]
[elfsight_social_share_buttons id=”1″]

Recent Posts

  • 0
    Role-Based Targeted Threats: The Phishing Problem Traditional Training Can’t Solve
    June 16, 2025
  • 0
    Addressing AI opportunities and risks in your cyber security program
    March 13, 2025
  • 0
    What makes cyber security training boring
    March 3, 2025
  • 0
    A Canadian cybersecurity company’s lessons on training
    February 20, 2025
  • 0
    Cyber security training for executives: Why and how
    February 6, 2025
Share
0
[vc_empty_space height="40px"] [vc_row][vc_column width="1/2"][vc_column_text css=""]

Subscribe to our newsletter

Stay up-to-date with the latest news, promotions, and offers from Click Armor.
Follow us on Linkedin

You can unsubscribe at any time

[/vc_column_text][/vc_column][vc_column width="1/2"][vc_column_text css=""][vc_empty_space height="10px"]Subscribe [/vc_column_text][/vc_column][/vc_row]

Click Armor helps business managers battling cyber and compliance risks by using gamified simulations and challenges to engage end-users to avoid breaches and build a strong security culture.

[vc_empty_space height=”0px”]

[elfsight_social_icons id=”4″]

Recent Articles

  • Role-Based Targeted Threats: The Phishing Problem Traditional Training Can’t Solve June 16, 2025
  • Addressing AI opportunities and risks in your cyber security program March 13, 2025

Resources

[vc_row][vc_column width=”1/2″][vc_column_text css=””]
News & Insights
Partner and MSP Program
Gamified Learning
About Click Armor
Our Team
Careers
Pricing
[/vc_column_text][/vc_column][vc_column width=”1/2″][vc_column_text css=””]

Take Assessment
Can I be phished?
Community Forum
Contact

Student Login

[/vc_column_text][/vc_column][/vc_row]

© Copyright All Rights Reserved • Click Armor Corp. | Privacy policy • Terms of use