Ethical Phishing. Test for the weakest link.

LinkedIn
Twitter
Facebook

Table of Contents

Ethical Phishing

Microsoft365 has a awesome new capability to send phishing emails to your users!  Why would you want to phish your own users? Well its a great way to determine which users in your organisation need further training in identifying dodgy emails.  

How to phish your users:

  1. With your tenant account ready, headover to https://security.microsoft.com
    1. Click on Attack Simulation Trainingphishing
  2.  Launch a simulation
  3. Choose the type of simulation you want to inflict on your users, for this example we are going to do a Credential Harvest and attempt to trick the user into giving us their password!attack simulation
  4.  Give the simulation a name, such as ‘steal passwords’
  5. Select a payload, A payload in this simulation is the email the user will receiveattack simulation
  6. Choose who you want to target, a good idea is to test it on a few people at a time.
  7. Should the users selected fall victim to your nasty trick, you can provide them with training to hopefully help them identify such dodgy emails next time.attack simulation
  8.  Review your simulation and let the games begin!attack simulation

The Aftermath

After the simulation has run the users will receive the email with payload attached:phish payload

Hopefully no users will fall victim to your simulation, should some users launch the payload, its a good idea to follow-up with with related training.  For extra points run another simulation and specifically targeted these users, you will notice it is always the same users that like opening and launching any email, file they can get their hands on!!!

If you are looking for trusted IT security solutions in Australia, look no further than IT Networks. We are proud to be the leading IT support company, trusted by hundreds of businesses across Australia since 1994.

Sign up to receive the latest news and offers from IT Networks​

About IT Networks

At IT Networks, we provide managed IT services designed to keep your business running smoothly and securely. From handling day-to-day IT operations to implementing robust cyber security solutions, we ensure your technology works seamlessly so you can focus on what matters most—growing your business. Let us streamline your IT infrastructure, enhance your security posture, and help you drive greater success.
Kim Pham - IT Network Security