Depending on the scenario of simulated attacks, emails generated may contain files to test the actions of the users. The effectiveness of training and awareness measures regarding phishing and other fraudulent activities is assessed. When a user interacts with a file, the attack is considered successful and is logged accordingly.
- Any interaction with a file is counted as a successful attack.
- The file can be attached to the email.
- The file can also be provided as a download link.
- Downloading the file is sufficient to be included in the statistics.
When a file is retrieved through a link, there will be one hit each in the "Links" and "Documents" categories for that specific scenario. It will be counted twice but not result in double "punishment". This means that the Employee Security Index (ESI) is not further reduced by this double counting.