Question

How does a user's account register a click?  Is there something embedded in the email that shows the click?

Answer

A Click event is registered in a  phishing campaign email when a GET request is made to the URL in the phishing link.  This URL includes a GUID that allows the event to be associated with an individual user.  When the GET call is made, the URL reports back to Proofpoint that the user whose GUID was included in the URL made the request, and that they have therefore failed when the failure is measured by Clicks (such as in Drive By campaigns).
 

See User Click Recorded  for more information.