Sometimes, discrepancies may arise in phishing test reports. An email might show as "opened" when your employee claims not to have opened it. Or a "click" is being registered when the employee says he didn’t click on the link. These discrepancies can occur due to a variety of reasons. In this article we explain how we track email opens and link clicks. To learn how we register credentials shared by employees, read this article.


Email opens: via tracking pixels:

We track email opens using an invisible tracking pixel. The tracking pixel only registers whether someone has seen the email (unless the email client blocks this). Some email clients or programs generate automatic previews of emails, which can trigger the pixel and register the email as opened, even if the user didn’t manually open it. Conversely, some email clients block tracking pixels, resulting in opens not being registered. 


Email clicks: through unique links:

Clicks are tracked via unique links in the email. Discrepancies can occur if:

  • Automated processes in security software or email filters scan links automatically to check for threats, resulting in false positives.
  • A user accidentally clicks a link without realizing it or forwards the email and someone else clicks on it.
  • Email client settings can cause incomplete data.


Automated processes:
Some security tools or systems automatically click on links to analyze them for potential threats. These clicks are logged, even though the user didn’t interact with the email. Spam filters and virus scanners on the server open links to check if the link is safe. These are registered as clicks. What Lupasafe does at this point is if a click follows within a few seconds of sending, we do not register it, because then it is probably a spam/virus check.


Accidental clicks or forwarding emails:
If a recipient forwards the phishing email to someone else, any activity (opens or clicks) performed by the new recipient will still be logged under the original recipient.


Email client settings:
Extensions like ad blockers, or privacy-focused email clients (e.g., Apple Mail), may block tracking pixels or link tracking, leading to incorrect data. Many email clients will not open the images by default. This only ensures that the email is not marked as read. This does not say anything about clicking on it. Browser adblockers will not be able to prevent the click registration when someone opens the link.