How to fix false positives with phish test results?

Question

How to fix false positives with phish test results?

Cedric R. Porties 0

Why am I getting false positives with phish simulation training results?

Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator

2025-01-29T22:40:56.15+00:00

Hi @Cedric R. Porties
May I know where you have configured the phish test, is it in Microsoft Defender for Office 365? if not please let us know where you have configured and which Defender service it is, please share if you have followed any document.

Thanks,

Akhilesh.

1 answer

Your answer

Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator

2025-01-29T22:40:56.15+00:00

Hi @Cedric R. Porties
May I know where you have configured the phish test, is it in Microsoft Defender for Office 365? if not please let us know where you have configured and which Defender service it is, please share if you have followed any document.

Thanks,

Akhilesh.

Answer 1

Hi @Cedric R. Porties,

Welcome to the Microsoft Q&A platform!

According to your description, you are experiencing false positive issues in phishing simulation training. Here are some common reasons why they may occur:

Many organizations use security tools to automatically scan and click links in emails to check for malicious content. These automated clicks may be mistaken for user interactions, resulting in false positives.
Some third-party email security services scan and detonate links in emails as part of their protection measures. If these actions are recorded as user clicks, this can also lead to false positives.
When using third-party reporting tools, simulated phishing emails may be scanned, trigger links and cause false positives.
Sometimes, checking the IP addresses associated with clicks can reveal that they come from security services rather than actual users.

To mitigate these issues, you can:

Implement allowlist measures for your phishing simulation emails to prevent security tools from interacting with them.
Utilize dedicated phishing simulation reporting tools designed to minimize false positives.
Conduct detailed investigations to determine the source of false positives and adjust security settings accordingly.

Please feel free to contact me for any updates. And if this helps, don't forget to mark it as an answer.

Best,

Jake Zhang

Anonymous

2025-02-05T01:29:54.9166667+00:00

Hi @Cedric R. Porties,

Please kindly consider this comment as a warm follow up, I want to know if your problem has been solved. If you still have any other questions, please feel free to comment here and I'm glad to provide further support.If the above info is helpful to this question, you can click "Accept Answer". Have a nice day!

Best,

Jake Zhang

Share via

How to fix false positives with phish test results?

1 answer

Your answer