Why are there more clicks than opens in my phishing campaign results?

If your report shows more users clicking than opening phishing emails, it might seem like an error, but it’s actually expected in some cases due to how open tracking works.

How Open tracking works:

Our platform tracks email opens using an invisible image pixel embedded in each phishing email. This tracking pixel only loads (and is recorded as an “open”) when:

  • The recipient opens the email in a way that loads images
  • Their email client permits image loading

Common reasons why an email may be viewed or even clicked, but not recorded as opened:

Preview mode: If a learner views the email in a preview pane (especially in Outlook), it may not trigger image loading.

Image blocking: Some email clients or security settings block images by default, preventing the pixel from loading.

In both cases, the learner may have seen and interacted with the email, but our system cannot confirm the open, as the tracking image was not loaded.

Clicks Without Opens:

Click tracking does not rely on image loading, so it is always captured reliably. This means you may see learners who:

  • Clicked a phishing link
  • But did not trigger an “open” event due to one of the scenarios above

This explains why your report might show more clicks than opens - the user interacted with the email, but we were unable to detect a confirmed “open” based on standard image tracking.

Note: The goal is to reduce the click and phished rates over time, ideally educating learners to recognise and avoid phishing emails.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us