Tagging users by phishing activity
When this feature is turned on, any user who participates in a phishing simulation and either clicks on a link or enters credentials will be flagged as a "previously clicked" user. If that user then clicks on another link with that tag attached to it, they will be moved up into the high-risk tag.
These tags work linearly, meaning they move between:
no tag > previously clicked > high risk
For example, if they are tagged as high risk and don't click on the next simulation link they are part of, they will move down to the previously clicked, but if they click on the next simulation, they will again go into high risk.
These tags are global and will appear under every organisation; these are a new type of tag, which we're calling "restricted tags", so admins and owners cannot manually add or remove people from this tag.
