Depending on the scenario of simulated attacks, emails generated contain files with macros to test the actions of the users. The effectiveness of training and awareness measures regarding phishing and other fraudulent activities is being evaluated. If a user interacts with a macro in a file, the attack is considered successful and logged accordingly.
Macros must be explicitly executed after that they have to be confirmed.
Only after confirmation is it included in the statistics as an executed macro.