Forum Discussion
Phishing attack simulator incorrectly emails people the message, "Because you were recently phished"
Hi folks, * I am evaluating Microsoft Phishing Attack Simulator with a 4 user pilot * None of the 4 users were phished in any of the 3 simulations that I actioned * At the end of each simulatio...
Thanks Myatkyaw for your constructive reply,
"If the email is opened, Microsoft considers that phished"
* This comment is very interesting
* I remark so because I encourage our users to report phishing emails using the feature to do so in Outlook
* From what you are saying, every person who reports one of the phishing emails in the simulation will be marked by the simulation tool as having been phished?
Regards,
Steve
"If the email is opened, Microsoft considers that phished"
* This comment is very interesting
* I remark so because I encourage our users to report phishing emails using the feature to do so in Outlook
* From what you are saying, every person who reports one of the phishing emails in the simulation will be marked by the simulation tool as having been phished?
Regards,
Steve
""If the email is opened, Microsoft considers that phished"... sorry, allow me to elaborate.
I think it is a good feature, but wordings could be better by Microsoft. Opening and reading the email is a level of susceptibility. I think traditional definition of "phished" is credentials were stolen or a malware file was clicked. I think Microsoft considers phished at 3 levels: 1) if an email is opened - i could be wrong on this 2) if an embedded link was clicked 3) if credentials were supplied or file was executed. Depending on susceptibility, customized education would be generated and sent. I hear what you're saying though.... Phished in my vocab before is compromised.
I think it is a good feature, but wordings could be better by Microsoft. Opening and reading the email is a level of susceptibility. I think traditional definition of "phished" is credentials were stolen or a malware file was clicked. I think Microsoft considers phished at 3 levels: 1) if an email is opened - i could be wrong on this 2) if an embedded link was clicked 3) if credentials were supplied or file was executed. Depending on susceptibility, customized education would be generated and sent. I hear what you're saying though.... Phished in my vocab before is compromised.
- If I recollect correctly only the drive-by URL is instant death; the other payload types only count as full compromise if the recipient completes the chain of actions required by the payload. Note that the credential harvester does not verify that the password given is correct (a service Microsoft are in a unique position to offer).
