Forum Discussion

SteveCRF's avatar
SteveCRF
Copper Contributor
Mar 02, 2022

Phishing attack simulator incorrectly emails people the message, "Because you were recently phished"

Hi folks,   * I am evaluating Microsoft Phishing Attack Simulator with a 4 user pilot * None of the 4 users were phished in any of the 3 simulations that I actioned * At the end of each simulatio...
attack simulation training
email security
myatkyaw's avatar
myatkyaw
Copper Contributor
Mar 02, 2022

You can edit the message under

 

  • Attack Simulation Training > End-user notifications > Tenant Notification 
  • Choose the notification (e.g. "Microsoft default simulation notification")
  • On the Define Content section you can choose the language you want to edit 
  • Edit the content & Save

I like there's different level of triggering and education.  If the email is opened, Microsoft considers that phished.  There's also different trainings for a) if the link is clicked and b) if credentials were supplied or file was downloaded.  

 

I hope it helps.  I think the tool is still lacking a lot of features still, but for us it's better than nothing.  User reporting is weak and I can't find the life of me how to remind users to take the training (if that's even possible).  

 

SteveCRF's avatar
SteveCRF
Copper Contributor
Mar 12, 2022

Hi myatkyaw

 

* I have endeavoured to follow you proposed steps to edit the wording in the email that gets sent to users re training

"

  • Attack Simulation Training > End-user notifications > Tenant Notification "

* After I go to 'Attack Simulation Training', there doesn't appear to be an 'End-user notifications' option

 

 

* Text search on 'end-' and 'notifications' doesn't find anything

* Any further suggestions please?

* Any help finding a way forward from anyone is appreciated 🙂

  • ExMSW4319's avatar
    ExMSW4319
    Iron Contributor
    Mar 13, 2022

    SteveCRF - you might want to check your roles in that case. Here's what I see, and I am not a global admin either:

     

    • SteveCRF's avatar
      SteveCRF
      Copper Contributor
      Mar 14, 2022
      Thanks ExMSW4319 for your very enlightening screenshot.

      * I've quite recently been made a Global Admin
      * I suspect stuff I don't see compared to what you see when looking in the phishing attack simulator may be due to licensing

      https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-get-started?view=o365-worldwide

      "If your organization has Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2, which includes Threat Investigation and Response capabilities, you can use Attack simulation training in the Microsoft 365 Defender portal to run realistic attack scenarios in your organization."

      * Rather than the licenses mentioned in the above quote, we have community licenses for NGOs.
      * If the other post I've mentioned in this thread leads to a resolution, it may be an appropriate time to try this:

      https://docs.microsoft.com/en-gb/microsoft-365/security/office-365-security/about-defender-for-office-365-trial?view=o365-worldwide

      Thanks both of you for having helped on this, it's been very constructive.

      Regards,
      Steve
      • myatkyaw's avatar
        myatkyaw
        Copper Contributor
        Mar 15, 2022
        I suspect you're right about the licensing -- We have E5.
        I'm assigned the following roles:
        Attack Simulation Administrator
        Security Operator
        Security Administrator

Resources