cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Attack simulation training - unique email to each user

jhumphries
Copper Contributor

‎Nov 10 2022 02:44 PM

‎Nov 10 2022 02:44 PM

Attack simulation training - unique email to each user

G'day, I'm currently trialling the attack simulation system provided by Microsoft 365 Defender. I have used other, similar services in the past that had pretty much the same features -


However, one essential feature I need is the option to send a different phishing email to each individual user. Have I just missed this somewhere or is this feature not available?

 

Once I have achieved a unique payload to each user, it'd be great if I could also randomise the time each user receives their email. My previous system could do this and it made the simulations a lot more realistic.

 

There is an option to randomise the payload, but this doesn't randomise the email to each user. Instead it just lets the simulator randomise the payload it chooses to send to all users.

 

Without doing this, users will tell each other about the dodgy email they received which tips off people who haven't yet seen the email. I want them to pass the test at an individual level.

1,739 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by jhumphries (Copper Contributor)
Brandon Koeller

‎Nov 14 2022 04:31 PM

‎Nov 14 2022 04:31 PM

Solution

Re: Attack simulation training - unique email to each user

Hey Jhumphries! Thanks for reaching out. The payload randomization chooses different payloads for each 'batch' of targeted users. It's not necessarily unique per user, but if you create a simulation automation with 100 users, spread out over a month, and the automation ends up targeting 25 users per batch, you'll get four different payloads for each batch. We think this more or less matches attacker behavior. That being said, we are working on a series of improvements to the simulation automation capability, and we'll look at unique payloads per user as part of that work!
Thanks, AST Team.
0 Likes
Reply
jhumphries

‎Nov 14 2022 04:46 PM

‎Nov 14 2022 04:46 PM

Re: Attack simulation training - unique email to each user

Thanks Brandon, you might be right with regards to matching real phishing behaviour. Attackers definitely would send in batches just to save time for themselves. However, in my experience that isn't how real phishing attacks usually reach us. In the scenarios I've personally dealt with, it's been an individual user receiving a unique email that they've clicked on without speaking to anyone else. This is the main reason I am keen to get this functionality!

It's especially important when you consider that most people have multiple different email accounts - all users will need to ascertain the legitimacy of a real phishing email (whether it's work related or personal) on their own at some point in their lives (probably lots of times.)

Thanks a lot for your response, I'm glad you guys are keeping an eye on the forums :)
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by jhumphries (Copper Contributor)
Brandon Koeller

‎Nov 14 2022 04:31 PM

‎Nov 14 2022 04:31 PM

Solution

Re: Attack simulation training - unique email to each user

Hey Jhumphries! Thanks for reaching out. The payload randomization chooses different payloads for each 'batch' of targeted users. It's not necessarily unique per user, but if you create a simulation automation with 100 users, spread out over a month, and the automation ends up targeting 25 users per batch, you'll get four different payloads for each batch. We think this more or less matches attacker behavior. That being said, we are working on a series of improvements to the simulation automation capability, and we'll look at unique payloads per user as part of that work!
Thanks, AST Team.

View solution in original post

0 Likes
Reply