Proofpoint: User Click Recorded

Carlos Rios
Carlos Rios
  • Updated

Question

How is a click recorded for a user in a Phishing campaign?

Answer

The Phishing tool works by capturing the HTTP and HTTPS calls from the links embedded in the emails of the phishing campaigns. Each URL in the phishing email contains a unique identifier (GUID) which associates the user in a specific campaign.

If our servers receive a request for the URL, we record that as an event (click, attachment open, etc.) in the campaign results. This exchange also provides the User Agent String that allows us to identify the web browser and operating system of the failed recipient.

Additionally, this is what makes the phishing emails sensitive to security systems and end point protection that could sand-box the URL while the message is in route or as it sits in the recipient's Inbox.

See User Failures Associated with Click events  for additional information.