{"id":23829,"date":"2024-06-10T13:56:15","date_gmt":"2024-06-10T11:56:15","guid":{"rendered":"https:\/\/smartfense.com\/sin-categorizar-en\/false-positives-in-simulations-origin-and-solutions\/"},"modified":"2024-06-11T14:19:00","modified_gmt":"2024-06-11T12:19:00","slug":"false-positives-in-simulations-origin-and-solutions","status":"publish","type":"post","link":"https:\/\/smartfense.com\/en\/blog\/false-positives-in-simulations-origin-and-solutions\/","title":{"rendered":"False positives in simulations: origin and solutions"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">In some cases, <\/span><b>evident<\/b><span style=\"font-weight: 400;\">:<\/span><\/p>\n<p><img fetchpriority=\"high\" decoding=\"async\" class=\"aligncenter wp-image-23854 size-full\" src=\"https:\/\/smartfense.com\/file\/2024\/06\/sent.jpg\" alt=\"\" width=\"1200\" height=\"710\" srcset=\"https:\/\/smartfense.com\/file\/2024\/06\/sent.jpg 1200w, https:\/\/smartfense.com\/file\/2024\/06\/sent-300x178.jpg 300w, https:\/\/smartfense.com\/file\/2024\/06\/sent-1024x606.jpg 1024w, https:\/\/smartfense.com\/file\/2024\/06\/sent-768x454.jpg 768w\" sizes=\"(max-width: 1200px) 100vw, 1200px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">In others, <\/span><b>imperceptible<\/b><span style=\"font-weight: 400;\">:<\/span><\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-23860 size-full\" src=\"https:\/\/smartfense.com\/file\/2024\/06\/graphic.jpg\" alt=\"\" width=\"1200\" height=\"708\" srcset=\"https:\/\/smartfense.com\/file\/2024\/06\/graphic.jpg 1200w, https:\/\/smartfense.com\/file\/2024\/06\/graphic-300x177.jpg 300w, https:\/\/smartfense.com\/file\/2024\/06\/graphic-1024x604.jpg 1024w, https:\/\/smartfense.com\/file\/2024\/06\/graphic-768x453.jpg 768w\" sizes=\"(max-width: 1200px) 100vw, 1200px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">False positives in simulations are here to stay. It is a reality faced by virtually all organizations that simulate Phishing, Smishing and Ransomware.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The problem <\/span><b>is independent of the tool<\/b><span style=\"font-weight: 400;\"> used. The solution? That&#8217;s a different story.<\/span><\/p>\n<h2><b>How false positives are generated<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">As explained <\/span><a href=\"https:\/\/smartfense.com\/blog\/sabes-realmente-lo-que-es-una-simulacion-de-phishing-seguro\/\"><span style=\"font-weight: 400;\">in a previous post<\/span><\/a><span style=\"font-weight: 400;\">, the simulation emails contain unique links that uniquely identify a user within a campaign. These links are used to detect the interactions that the user performs, and therefore, measure their behavior.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If a software queries these links, one or more times, it will generate<\/span><b> false positives on behalf of the user<\/b><span style=\"font-weight: 400;\"> to which the simulation was addressed.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To keep in mind: This same problem is present in any tool that tracks people&#8217;s behavior. For example: if your organization uses any marketing tool, I assure you that it also has false positives in its results. Perhaps that statement from the marketing team that was so successful was actually seen by almost no one. Recommendation: do not say anything, as this news usually generates a lot of sadness and sometimes it is better to be happy in a world of lies.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">But well, since in your case you prefer to face reality, even if it is painful, let&#8217;s continue.<\/span><\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-23798 size-full\" src=\"https:\/\/smartfense.com\/file\/2024\/06\/falsos-positivos.jpg\" alt=\"\" width=\"1412\" height=\"977\" srcset=\"https:\/\/smartfense.com\/file\/2024\/06\/falsos-positivos.jpg 1412w, https:\/\/smartfense.com\/file\/2024\/06\/falsos-positivos-300x208.jpg 300w, https:\/\/smartfense.com\/file\/2024\/06\/falsos-positivos-1024x709.jpg 1024w, https:\/\/smartfense.com\/file\/2024\/06\/falsos-positivos-768x531.jpg 768w\" sizes=\"(max-width: 1412px) 100vw, 1412px\" \/><\/p>\n<h2><b>What tools cause false positives?<\/b><\/h2>\n<h4><b>Short answer<\/b><\/h4>\n<p><span style=\"font-weight: 400;\">Almost all of them.<\/span><\/p>\n<h4><b>Elaborated answer<\/b><\/h4>\n<p><span style=\"font-weight: 400;\">The following list of tools<\/span><b> is not exhaustive, <\/b><span style=\"font-weight: 400;\">the origin of false positives is very wide and constantly changing.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For this reason, it is neither possible nor practical to generate a complete listing. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">In addition, please note that all of the following apply <\/span><b>for both corporate and personal devices.<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Tools that generate false positives:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">All those security solutions that analyze or intervene in some way in the organization&#8217;s e-mails. Here are some examples: <\/span>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Anti-spam and anti-phishing filters<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">IDS\/IPS<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">DLP<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Email security gateways<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Antivirus<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Analysis and continuous monitoring<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Archiving and Discovery<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Threat Intelligence<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Etc.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Any other software present on the device, browser and application (web or mobile) used to consult corporate mail, such as:<\/span>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Desktop, web or mobile email applications<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Web browser extensions<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Plugins available in the inbox<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Link preview tools<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Etc.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2><b>How to avoid false positives?<\/b><\/h2>\n<h3><b>In the corporate environment<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Within those tools, devices, browsers and applications over which we have control within our organization, we can try to solve the problem through a Whitelist process.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">It is important to note that <\/span><a href=\"https:\/\/smartfense.com\/blog\/sabes-realmente-lo-que-es-una-simulacion-de-phishing-seguro\/\"><span style=\"font-weight: 400;\">the objective of the Whitelist goes elsewhere<\/span><\/a><span style=\"font-weight: 400;\">, is that the simulation is received by the user. In a simulation we want to measure how users behave and for that we need the mail or SMS to be received in the inbox.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">So Whitelist doesn&#8217;t have as much to do with the false positive issue, but it can help.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">However, if we analyze the possible sources of false positives, it is clear that it is very difficult, or in some cases directly impossible, to implement Whitelist in all the technologies involved.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In addition, there is an important point to keep in mind: even when making Whitelist, <\/span><b>there are tools that also analyze e-mails<\/b><span style=\"font-weight: 400;\">. So in these cases there is no escape from the false positive.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-23803 size-full\" src=\"https:\/\/smartfense.com\/file\/2024\/06\/falsos-positivos-1.jpg\" alt=\"\" width=\"1200\" height=\"630\" srcset=\"https:\/\/smartfense.com\/file\/2024\/06\/falsos-positivos-1.jpg 1200w, https:\/\/smartfense.com\/file\/2024\/06\/falsos-positivos-1-300x158.jpg 300w, https:\/\/smartfense.com\/file\/2024\/06\/falsos-positivos-1-1024x538.jpg 1024w, https:\/\/smartfense.com\/file\/2024\/06\/falsos-positivos-1-768x403.jpg 768w\" sizes=\"(max-width: 1200px) 100vw, 1200px\" \/><\/p>\n<h3><b>In the personal environment<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">If the user uses his personal device to check corporate mail, there is very little to do. In any case we should have the user&#8217;s permission to manipulate his device to clean all those technologies that can cause the false positives and implement Whitelists on those that should be maintained. Anyway, is this what I am writing, is it even feasible? I don&#8217;t think so, but it is the only thing I can think of for this environment.<\/span><\/p>\n<h2><b>How to detect false positives?<\/b><\/h2>\n<h4><b>Option 1: let the simulation tool detect them for us<\/b><\/h4>\n<p><span style=\"font-weight: 400;\">The best option for detecting false positives is to use a simulation tool.<\/span><b>that detects them for us and simply alerts us<\/b><span style=\"font-weight: 400;\"> if our campaign is affected.<\/span><\/p>\n<p><b>Better yet:<\/b><span style=\"font-weight: 400;\">if this tool also provides us with a series of reports that allow us to better understand the origin of the problem, such as, for example:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">List of IP addresses from which false positives are coming from<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Whois information of these IP addresses<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">User-agent of false positives<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Trace of the HTTP packet that generated the false positive<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Etc.<\/span><\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-23867 size-full\" src=\"https:\/\/smartfense.com\/file\/2024\/06\/campaing-1.jpg\" alt=\"\" width=\"1200\" height=\"978\" srcset=\"https:\/\/smartfense.com\/file\/2024\/06\/campaing-1.jpg 1200w, https:\/\/smartfense.com\/file\/2024\/06\/campaing-1-300x245.jpg 300w, https:\/\/smartfense.com\/file\/2024\/06\/campaing-1-1024x835.jpg 1024w, https:\/\/smartfense.com\/file\/2024\/06\/campaing-1-768x626.jpg 768w\" sizes=\"(max-width: 1200px) 100vw, 1200px\" \/><\/p>\n<p><b>Better yet multiplied by 2: <\/b><span style=\"font-weight: 400;\">If we contract a managed service from a partner that manages SMARTFENSE, we don&#8217;t have to worry about anything.<\/span><\/p>\n<h4><b>Option 2: manually<\/b><\/h4>\n<p><span style=\"font-weight: 400;\">If we don&#8217;t have a tool that detects false positives for us, things get a little uglier.<\/span><\/p>\n<p><b>If the problem is obvious:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Sometimes the problem will be more visible, as the results of the campaign will draw our attention. For example:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Mail sent: 1000<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Open mailings: 900<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Clicks on the link: 900<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">In cases like this, it is clear that something strange has happened. Now, that campaign is going to the trash because: how can we discern which interactions our users actually made?<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In reality we can follow a manual strategy where we search for example the interactions made by each user and observe the range of seconds in which they occurred. So in this way we could rule out:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Those users who interacted at a date and time very close to the date and time the simulation email was sent: in these cases we can assume that it was actually a tool that analyzed the email moments before delivering it to the user.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Those interactions that are very close in time: for example, an email opening and a click on the phishing link that took place within 1 second or less of each other.<\/span><\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-23813 size-full\" src=\"https:\/\/smartfense.com\/file\/2024\/06\/image4.jpg\" alt=\"\" width=\"1440\" height=\"810\" srcset=\"https:\/\/smartfense.com\/file\/2024\/06\/image4.jpg 1440w, https:\/\/smartfense.com\/file\/2024\/06\/image4-300x169.jpg 300w, https:\/\/smartfense.com\/file\/2024\/06\/image4-1024x576.jpg 1024w, https:\/\/smartfense.com\/file\/2024\/06\/image4-768x432.jpg 768w\" sizes=\"(max-width: 1440px) 100vw, 1440px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">If we manually perform this work we will surely clean up several false positives.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">But the campaign has to go down the drain anyway, as unfortunately we are not going to be able to clean them all up. Considering the number of sources of false positives that exist, with this cleaning we will only be covering a minor percentage. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">Each source of false positives generates them at different times (not just upon receipt of the email) and performs different interactions with the emails (not always an open and a click, not always in that order either). That is why there is no logic that allows us to do a reliable manual cleaning.<\/span><\/p>\n<p><b>If the problem is not obvious:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">In some cases the problem is invisible. And these cases are the worst, since we will take as real results that in reality are partially false. And we are going to find out when someone complains about being accused of an action he or she did not perform.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In these cases it is too late and any decision we have thought of based on the results of our simulations will already be made.<\/span><\/p>\n<h2><b>Final thoughts<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">In 2019 a customer raised the following issue with us: some users denied having fallen for Phishing simulations. While the audit logs indicated actions such as opening emails and clicking on the link, these users claimed that they had not performed these actions.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This was the first encounter we had with false positives. The users had not actually interacted and the statistics recorded on the platform came from a security solution.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">From that moment on, we had two possible paths:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Do the same as our competitors, i.e. tell the customer that the problem was theirs and have them solve it via whitelist.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Helping the customer to obtain reliable results<\/b><span style=\"font-weight: 400;\">.<\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">And as always, we went for option 2. From this was born the algorithm for false positive detection and <\/span><a href=\"https:\/\/smartfense.com\/blog-partners\/caso-de-exito-ocultado-de-estadisticas-generadas-por-software\/\"><span style=\"font-weight: 400;\">our first success story related to this topic<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The SMARTFENSE detection algorithm covers the vast majority of cases and is constantly evolving. In turn, it is<\/span> <b> customizable, <\/b><span style=\"font-weight: 400;\">thus covering the reality of any organization.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Without a feature like this,<\/span><b> it is not possible to obtain reliable results<\/b><span style=\"font-weight: 400;\"> in the simulations. And this applies to any organization. For this reason, it is surprising that the major competitors in the Security Awareness market send their clients to Whitelist. Knowing that this is not the solution and leaving organizations with more problems than solutions.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This is my 190th article in the SMARTFENSE&#8217;s blog. And I always talked about the challenges of the social engineering world without explicitly recommending our platform.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">But this time I will make an exception: If you are going to simulate phishing, use SMARTFENSE. You will save yourself a lot of headaches and get reliable results.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In some cases, evident: In others, imperceptible: False positives in simulations are here to stay. It is a reality faced by virtually all organizations that simulate Phishing, Smishing and Ransomware. [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":23772,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[686],"tags":[1044,1043,853,629,849,730,1047,1041,1042,1045,1046],"class_list":["post-23829","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-antispam-filters","tag-false-positives","tag-hiding-statistics","tag-marketing-en","tag-phishing-en","tag-phishing-simulation-campaign","tag-plugins-en","tag-simulation-en","tag-smishing-en","tag-spam-en","tag-threat-intelligence-en"],"acf":[],"yoast_head":" \n<title>False positives in simulations: origin and solutions - SMARTFENSE - Awareness in Cyber Security<\/title>\n<meta name=\"description\" content=\"antispam filters, false positives, Hiding statistics, marketing, phishing, phishing simulation campaign, plugins, simulation, smishing, spam, Threat Intelligence - In some cases, evident: In others, imperceptible: False positives in simulations are here to stay. It is a reality faced by virtually all organizations The simulation emails contain unique links that uniquely identify a user within a campaign. These links are used to detect the interactions that the user performs, and therefore, measure their behavior.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/smartfense.com\/en\/blog\/false-positives-in-simulations-origin-and-solutions\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"False positives in simulations: origin and solutions - SMARTFENSE - Awareness in Cyber Security\" \/>\n<meta property=\"og:description\" content=\"antispam filters, false positives, Hiding statistics, marketing, phishing, phishing simulation campaign, plugins, simulation, smishing, spam, Threat Intelligence - In some cases, evident: In others, imperceptible: False positives in simulations are here to stay. It is a reality faced by virtually all organizations The simulation emails contain unique links that uniquely identify a user within a campaign. These links are used to detect the interactions that the user performs, and therefore, measure their behavior.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/smartfense.com\/en\/blog\/false-positives-in-simulations-origin-and-solutions\/\" \/>\n<meta property=\"og:site_name\" content=\"SMARTFENSE - Awareness in Cyber Security\" \/>\n<meta property=\"article:published_time\" content=\"2024-06-10T11:56:15+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-06-11T12:19:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/smartfense.com\/file\/2024\/06\/portada.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Nicol\u00e1s Bruna\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Nicol\u00e1s Bruna\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/false-positives-in-simulations-origin-and-solutions\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/false-positives-in-simulations-origin-and-solutions\\\/\"},\"author\":{\"name\":\"Nicol\u00e1s Bruna\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/#\\\/schema\\\/person\\\/5494c12e79213c554fa449135589c24c\"},\"headline\":\"False positives in simulations: origin and solutions\",\"datePublished\":\"2024-06-10T11:56:15+00:00\",\"dateModified\":\"2024-06-11T12:19:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/false-positives-in-simulations-origin-and-solutions\\\/\"},\"wordCount\":1404,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/false-positives-in-simulations-origin-and-solutions\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/smartfense.com\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/portada.jpg\",\"keywords\":[\"antispam filters\",\"false positives\",\"Hiding statistics\",\"marketing\",\"phishing\",\"phishing simulation campaign\",\"plugins\",\"simulation\",\"smishing\",\"spam\",\"Threat Intelligence\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/false-positives-in-simulations-origin-and-solutions\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/false-positives-in-simulations-origin-and-solutions\\\/\",\"url\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/false-positives-in-simulations-origin-and-solutions\\\/\",\"name\":\"False positives in simulations: origin and solutions - SMARTFENSE - Awareness in Cyber Security\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/false-positives-in-simulations-origin-and-solutions\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/false-positives-in-simulations-origin-and-solutions\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/smartfense.com\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/portada.jpg\",\"datePublished\":\"2024-06-10T11:56:15+00:00\",\"dateModified\":\"2024-06-11T12:19:00+00:00\",\"description\":\"antispam filters, false positives, Hiding statistics, marketing, phishing, phishing simulation campaign, plugins, simulation, smishing, spam, Threat Intelligence - In some cases, evident: In others, imperceptible: False positives in simulations are here to stay. It is a reality faced by virtually all organizations The simulation emails contain unique links that uniquely identify a user within a campaign. These links are used to detect the interactions that the user performs, and therefore, measure their behavior.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/false-positives-in-simulations-origin-and-solutions\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/false-positives-in-simulations-origin-and-solutions\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/false-positives-in-simulations-origin-and-solutions\\\/#primaryimage\",\"url\":\"https:\\\/\\\/smartfense.com\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/portada.jpg\",\"contentUrl\":\"https:\\\/\\\/smartfense.com\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/portada.jpg\",\"width\":1200,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/false-positives-in-simulations-origin-and-solutions\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\\\/\\\/smartfense.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"False positives in simulations: origin and solutions\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/smartfense.com\\\/en\\\/\",\"name\":\"SMARTFENSE - Concienciaci\u00f3n en Ciberseguridad\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/smartfense.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/#organization\",\"name\":\"SMARTFENSE\",\"url\":\"https:\\\/\\\/smartfense.com\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/smartfense.com\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-smartfense-240x40-1.png\",\"contentUrl\":\"https:\\\/\\\/smartfense.com\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-smartfense-240x40-1.png\",\"width\":241,\"height\":40,\"caption\":\"SMARTFENSE\"},\"image\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/#\\\/schema\\\/person\\\/5494c12e79213c554fa449135589c24c\",\"name\":\"Nicol\u00e1s Bruna\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b03096bf4c3dd886cfcffd7415eadf6f80d2c8126188409e7d4d1d1b6b911fcb?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b03096bf4c3dd886cfcffd7415eadf6f80d2c8126188409e7d4d1d1b6b911fcb?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b03096bf4c3dd886cfcffd7415eadf6f80d2c8126188409e7d4d1d1b6b911fcb?s=96&d=mm&r=g\",\"caption\":\"Nicol\u00e1s Bruna\"},\"description\":\"Product Manager de SMARTFENSE. Su misi\u00f3n en la empresa es mejorar la plataforma d\u00eda a d\u00eda y evangelizar sobre la importancia de la concientizaci\u00f3n. Ha escrito dos whitepapers y m\u00e1s de 150 art\u00edculos sobre gesti\u00f3n del riesgo de la ingenier\u00eda social, creaci\u00f3n de culturas seguras y cumplimiento de normativas. Tambi\u00e9n es uno de los autores de la Gu\u00eda de Ransomware de OWASP y el Calculador de costos de Ransomware, entre otros recursos gratuitos.\",\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/in\\\/nicolasbruna\\\/\"],\"url\":\"https:\\\/\\\/smartfense.com\\\/en\\\/author\\\/nicolas\\\/\"}]}<\/script>\n ","yoast_head_json":{"title":"False positives in simulations: origin and solutions - SMARTFENSE - Awareness in Cyber Security","description":"antispam filters, false positives, Hiding statistics, marketing, phishing, phishing simulation campaign, plugins, simulation, smishing, spam, Threat Intelligence - In some cases, evident: In others, imperceptible: False positives in simulations are here to stay. It is a reality faced by virtually all organizations The simulation emails contain unique links that uniquely identify a user within a campaign. These links are used to detect the interactions that the user performs, and therefore, measure their behavior.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/smartfense.com\/en\/blog\/false-positives-in-simulations-origin-and-solutions\/","og_locale":"en_US","og_type":"article","og_title":"False positives in simulations: origin and solutions - SMARTFENSE - Awareness in Cyber Security","og_description":"antispam filters, false positives, Hiding statistics, marketing, phishing, phishing simulation campaign, plugins, simulation, smishing, spam, Threat Intelligence - In some cases, evident: In others, imperceptible: False positives in simulations are here to stay. It is a reality faced by virtually all organizations The simulation emails contain unique links that uniquely identify a user within a campaign. These links are used to detect the interactions that the user performs, and therefore, measure their behavior.","og_url":"https:\/\/smartfense.com\/en\/blog\/false-positives-in-simulations-origin-and-solutions\/","og_site_name":"SMARTFENSE - Awareness in Cyber Security","article_published_time":"2024-06-10T11:56:15+00:00","article_modified_time":"2024-06-11T12:19:00+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/smartfense.com\/file\/2024\/06\/portada.jpg","type":"image\/jpeg"}],"author":"Nicol\u00e1s Bruna","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Nicol\u00e1s Bruna","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/smartfense.com\/en\/blog\/false-positives-in-simulations-origin-and-solutions\/#article","isPartOf":{"@id":"https:\/\/smartfense.com\/en\/blog\/false-positives-in-simulations-origin-and-solutions\/"},"author":{"name":"Nicol\u00e1s Bruna","@id":"https:\/\/smartfense.com\/en\/#\/schema\/person\/5494c12e79213c554fa449135589c24c"},"headline":"False positives in simulations: origin and solutions","datePublished":"2024-06-10T11:56:15+00:00","dateModified":"2024-06-11T12:19:00+00:00","mainEntityOfPage":{"@id":"https:\/\/smartfense.com\/en\/blog\/false-positives-in-simulations-origin-and-solutions\/"},"wordCount":1404,"commentCount":0,"publisher":{"@id":"https:\/\/smartfense.com\/en\/#organization"},"image":{"@id":"https:\/\/smartfense.com\/en\/blog\/false-positives-in-simulations-origin-and-solutions\/#primaryimage"},"thumbnailUrl":"https:\/\/smartfense.com\/file\/2024\/06\/portada.jpg","keywords":["antispam filters","false positives","Hiding statistics","marketing","phishing","phishing simulation campaign","plugins","simulation","smishing","spam","Threat Intelligence"],"articleSection":["Blog"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/smartfense.com\/en\/blog\/false-positives-in-simulations-origin-and-solutions\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/smartfense.com\/en\/blog\/false-positives-in-simulations-origin-and-solutions\/","url":"https:\/\/smartfense.com\/en\/blog\/false-positives-in-simulations-origin-and-solutions\/","name":"False positives in simulations: origin and solutions - SMARTFENSE - Awareness in Cyber Security","isPartOf":{"@id":"https:\/\/smartfense.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/smartfense.com\/en\/blog\/false-positives-in-simulations-origin-and-solutions\/#primaryimage"},"image":{"@id":"https:\/\/smartfense.com\/en\/blog\/false-positives-in-simulations-origin-and-solutions\/#primaryimage"},"thumbnailUrl":"https:\/\/smartfense.com\/file\/2024\/06\/portada.jpg","datePublished":"2024-06-10T11:56:15+00:00","dateModified":"2024-06-11T12:19:00+00:00","description":"antispam filters, false positives, Hiding statistics, marketing, phishing, phishing simulation campaign, plugins, simulation, smishing, spam, Threat Intelligence - In some cases, evident: In others, imperceptible: False positives in simulations are here to stay. It is a reality faced by virtually all organizations The simulation emails contain unique links that uniquely identify a user within a campaign. These links are used to detect the interactions that the user performs, and therefore, measure their behavior.","breadcrumb":{"@id":"https:\/\/smartfense.com\/en\/blog\/false-positives-in-simulations-origin-and-solutions\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/smartfense.com\/en\/blog\/false-positives-in-simulations-origin-and-solutions\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/smartfense.com\/en\/blog\/false-positives-in-simulations-origin-and-solutions\/#primaryimage","url":"https:\/\/smartfense.com\/file\/2024\/06\/portada.jpg","contentUrl":"https:\/\/smartfense.com\/file\/2024\/06\/portada.jpg","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/smartfense.com\/en\/blog\/false-positives-in-simulations-origin-and-solutions\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/smartfense.com\/en\/"},{"@type":"ListItem","position":2,"name":"False positives in simulations: origin and solutions"}]},{"@type":"WebSite","@id":"https:\/\/smartfense.com\/en\/#website","url":"https:\/\/smartfense.com\/en\/","name":"SMARTFENSE - Concienciaci\u00f3n en Ciberseguridad","description":"","publisher":{"@id":"https:\/\/smartfense.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/smartfense.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/smartfense.com\/en\/#organization","name":"SMARTFENSE","url":"https:\/\/smartfense.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/smartfense.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/smartfense.com\/file\/2023\/08\/logo-smartfense-240x40-1.png","contentUrl":"https:\/\/smartfense.com\/file\/2023\/08\/logo-smartfense-240x40-1.png","width":241,"height":40,"caption":"SMARTFENSE"},"image":{"@id":"https:\/\/smartfense.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/smartfense.com\/en\/#\/schema\/person\/5494c12e79213c554fa449135589c24c","name":"Nicol\u00e1s Bruna","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/b03096bf4c3dd886cfcffd7415eadf6f80d2c8126188409e7d4d1d1b6b911fcb?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/b03096bf4c3dd886cfcffd7415eadf6f80d2c8126188409e7d4d1d1b6b911fcb?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b03096bf4c3dd886cfcffd7415eadf6f80d2c8126188409e7d4d1d1b6b911fcb?s=96&d=mm&r=g","caption":"Nicol\u00e1s Bruna"},"description":"Product Manager de SMARTFENSE. Su misi\u00f3n en la empresa es mejorar la plataforma d\u00eda a d\u00eda y evangelizar sobre la importancia de la concientizaci\u00f3n. Ha escrito dos whitepapers y m\u00e1s de 150 art\u00edculos sobre gesti\u00f3n del riesgo de la ingenier\u00eda social, creaci\u00f3n de culturas seguras y cumplimiento de normativas. Tambi\u00e9n es uno de los autores de la Gu\u00eda de Ransomware de OWASP y el Calculador de costos de Ransomware, entre otros recursos gratuitos.","sameAs":["https:\/\/www.linkedin.com\/in\/nicolasbruna\/"],"url":"https:\/\/smartfense.com\/en\/author\/nicolas\/"}]}},"_links":{"self":[{"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/posts\/23829","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/comments?post=23829"}],"version-history":[{"count":6,"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/posts\/23829\/revisions"}],"predecessor-version":[{"id":23873,"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/posts\/23829\/revisions\/23873"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/media\/23772"}],"wp:attachment":[{"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/media?parent=23829"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/categories?post=23829"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/tags?post=23829"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}