Ethical Phishing. Test for the weakest link.

Share on linkedin
LinkedIn
Share on twitter
Twitter
Share on facebook
Facebook

Ethical Phishing

Microsoft365 has a awesome new capability to send phishing emails to your users!  Why would you want to phish your own users? Well its a great way to determine which users in your organisation need further training in identifying dodgy emails.  

How to phish your users:

  1. With your tenant account ready, headover to https://security.microsoft.com
    1. Click on Attack Simulation Trainingphishing
  2.  Launch a simulation
  3. Choose the type of simulation you want to inflict on your users, for this example we are going to do a Credential Harvest and attempt to trick the user into giving us their password!attack simulation
  4.  Give the simulation a name, such as ‘steal passwords’
  5. Select a payload, A payload in this simulation is the email the user will receiveattack simulation
  6. Choose who you want to target, a good idea is to test it on a few people at a time.
  7. Should the users selected fall victim to your nasty trick, you can provide them with training to hopefully help them identify such dodgy emails next time.attack simulation
  8.  Review your simulation and let the games begin!attack simulation

The Aftermath

After the simulation has run the users will receive the email with payload attached:phish payload

Hopefully no users will fall victim to your simulation, should some users launch the payload, its a good idea to follow-up with with related training.  For extra points run another simulation and specifically targeted these users, you will notice it is always the same users that like opening and launching any email, file they can get their hands on!!!

Want to stay up to date with useful tech-tips?  

Follow us on LinkedIn, Facebook or Twitter to be notified when we post new content. Or, even better, scroll down to the very bottom of this page to sign up for our Newsletter. We only send them once a month and you can always unsubscribe.