Forum Discussion
Microsoft Attack Simulation Test generating false positive clicks when user forward email
I ran a Microsoft Security phishing simulation test for users. Some users detected it as phishing and forwarded emails to helpdesk to review. It looks like Microsoft does its due diligence when a ema...
You could write a mail flow rule so that any forwarded copy of a simulation goes into a shared mailbox or the hosted quarantine rather than to its destination. The initial delivery might be direct to the mailbox, but any forwarded message is an ordinary e-mail and can be handled as such. Personally I count forwarding as an attempt to report the simulated phish, even though it's not the ideal thing for the recipient to do.