Get instant support with our search!
Phishing Interaction Risk Factor Calculations
Phishing interaction risk scores are a valuable metric for measuring employee interactions with phishing simulations. This score provides insight into how effectively employees engage with the phishing simulations that they have been sent and can contribute to a broader understanding of their overall risk profile.
If users negatively interact with a phishing simulation, their score will increase. Negative interactions can include:
- Clicking a link or QR Code scan
- Opening attachments
- Entering data on form pages (e.g. username or password)
Conversely, not interacting with a phishing simulation will decrease their score. Reporting a phishing attempt via the MetaPhish Report button will further reduce the score.
How are the Phishing Interaction Risk Factors calculated?
The phishing interaction risk score is calculated using the following formula:
| Number of Negative Phish Interactions/Total Phishing Simulations Targeted * Phish Risk Factor Weighting |
To break it down:
- Number of Negative Phish Interactions: The total number of negative phish interactions, e.g. clicking on a phish/QR code scan, opening attachments or entering data into a form.
- Total Phishing Simulations Targeted: The number of phishing simulations the user has been targeted with that contribute to that risk score.
- Phish Risk Factor Weighting: The proportion of the phishing score that contributes to the total risk score, e.g. phish clicks/QR scan, attachment opens or Form Data entries.
Example:
For simplicity, the example below focuses only on the Phish Click/QR Code Scan risk factor, which has been allocated a weighting of 50%. The same calculation applies to other factors (i.e. Open Attachments and Data Form Entry) if you decide to enable them.
User 1: Has clicked 3 out of 10 phishing simulations.
- Number of Negative Phish Interactions (3) ÷ Total Phishing Simulations Targeted (10) × Phish Risk Factor Weighting (50) = 0.3 × 50 = 15
- (3 ÷ 10) × 50 = 0.3 × 50 = 15 Phish/QR Scan Risk
User 2: Has clicked 10 out of 10 phishing simulations.
- (10 ÷ 10) × 50 = 1 × 50 = 50 Phish/QR Scan Risk
User 3: Has clicked 0 out of 10 phishing simulations.
- (0 ÷ 10) × 50 = 0 × 50 = 0 Phish/QR Scan Risk
⚠️ Note:
- A risk calculation time period can be set for simulations targeted to users within the last 1-3 years.
- Phishing simulations must have risk scores enabled before they can contribute to a user's risk score.