False clicks for phishing campaigns

Hi

I have been experiencing false clicks while running a number of simulated phishing exercises for my company. IP addresses appear to be coming from AWS and the links seem to be getting examined first before getting delivered to the recipient.

We are using an Exchange connector to connect directly from the partner organisation that we use for the phishing simulations to M365. This is bypassing our message filtering service. There has been several message traces and nothing is showing any kind of filtering.

Any help would be appreciated. This has been an ongoing issue for a while,

thanks in advance,