An issue has been reported wherein the result of ATTACK Simulator Phishing Campaign incorrectly returns a 100% click-rate, even though the customer is certain that not all of their end-users would have clicked on the test email as some employees are absent when they simulate the campaign.


To resolve the issue, deliver ATTACK Simulator campaigns without scanning the URLs on the test email.

1. On the Trend Micro Email Security (EMS) console, go to Administration > Policy Objects > Keyword Expressions.

2. Create/Add a new keyword expression for ATTACK Simulator.

  1. Set Match to Any Specified.
  2. Click the Add button.
  3. Enter the following keywords/phrase:
    • ATTACK Simulator
    • This is a phishing security test from ATTACK Simulator that has been authorized by the recipient organization.
  4. Click Save.


3. Go to your policies and select Inbound Protection > Content Filtering.

4. Choose the domain where you want to apply the policy to, and then click Add.



5. Under the Basic Information Setting, set a name for your new policy and tick Enable.


6. Under the Recipients and Senders, set the following:

  • In the Recipients section, choose My domains and select from the available domains, then click Add.
  • In the Senders section, choose Anyone to use any email addresses for a rule, since ATTACK Simulator uses random email addresses to send its phishing campaign emails.

7. Under the Scanning Criteria, configure the following:

    a. Click Advanced.

    b. Enable the Specified header matches checkbox.

    c. Click the keyword expressions link. It will show a new window where you can select the keyword expression you created earlier.



    d. Under Specified Header Matches, select Other and type "x-ats-token".

    e. Choose the keyword expression you have created and click Add.

    f. Click Save.



8. Under the Actions setting, choose the intercept action to Deliver now, and select To the default mail server.



9. Review the summary of your policy. It should look similar to the image below:





10. Once verified, click Submit.

11. Make this new policy the first rule on your list of policies in order for it to take precedence before the other policies. Click the up arrow button to move this rule to the top of your policy list.