In November 2025, Adaptive updated the definition of phishing simulation failure to better align with customer expectations and industry standards.
Failure is now defined as taking any risky action. For example, a user fails if they click a link or scan a QR code. Detailed metrics remain available in the Reports tab, where you can filter results by specific actions such as links clicked or credentials entered.
Previously, failure was defined as taking the highest-risk action offered. For example, if a scenario included a link to a credential harvest spoof page, the user did not fail until they entered credentials (even if they clicked the link).
More information is below.
Overview
This page covers how failure is defined in our phish simulation product and answers commonly asked questions related to failure.
Failure Definition
The definition of failure depends on the attack vector used in the scenario you send to employees. An attack vector is the first risky action the scenario prompts the employee with.
Attack Vector | Failure Definition | Reporting Metric(s) | Spoof Page Compatible? |
Link Click | Employee clicks on a link in a phishing message | Link Clicked | Yes |
QR Code | Employee scans a QR code in a phishing message | QR Code Scanned | Yes |
Text back | Employee texts a number in a message or replies to a text message | SMS Replied | No |
Callback | Employee calls a number listed in an a message | Calls Made | No |
Spoof Pages
A spoof page is a page that impersonates a legitimate vendor page. We currently offer two types of spoof pages that can be embedded in either Link Click or QR Code scenarios. Any actions taken on the spoof page will be tracked in reporting. (Note that a user will already have failed by clicking / scanning, regardless of whether they take action on a spoof page).
Spoof Page Type | Description | Additional Reporting Metric(s) |
Login Spoof | Impersonation of a vendor's login page | Credentials Entered |
Deepfake Voicemail Spoof | Impersonation of Teams or Zoom voicemail page with embedded deepfake audio | Deepfake Played |
Failure Definition Update
In mid-November 2025, Adaptive updated how we define phishing simulation failure to better align with customer expectations and industry standards.
What changed
Previously, users only failed Link Click or QR Code scenarios with spoof pages if they completed the entire attack by entering credentials or viewing deepfake content.
Now, we count failure at the first risky action. Users fail immediately when they click a malicious link or scan a QR code, regardless of subsequent actions.
Impact on your data
This change applies retroactively to all historical data. You may see increased failure rates for past simulations that included spoof pages. You may also see minor adjustments to risk scores. Detailed metrics remain available in the Reports tab, where you can filter results by specific actions such as links clicked or credentials entered.
Additionally this change will flow through to groups you have created based on impacted metrics (primarily phish sim failures).
Questions?
Contact [email protected] for additional information about this update.