Attack Simulator Email problem

Copper Contributor



Im having some problems with the Attack Simulator.


I work for a mid-sized company roughly ~900 staff.


We have run attack simulations in the past with a credential harvest payload, but it always sends the payload to all 900 staff, at the exact same time.


On the first run this caused a flood of reports to our helpdesk (which is far better than our users falling for the phish!) but it also led to the simulation being very quickly discovered and the results were very warped.


As part of a recent security audit, one of our actions is to now run scheduled phishing simulations once a quarter.


Most 3rd party suppliers seem to be able to drip feed or stagger the Payload to users over a period of time so you get more of an individual response to the phish- im sure this must be possible with the Attack Simulator but im not finding anything in the documentation, UI or forums.


Ive played around with automations/simulations with 200 test accounts and each time it delivers the email to all accounts at the same time, on the same day, regardless of changes to the settings.


Is this something that can be done currently with the attack simulator? Or is it all or nothing?


If any further info is needed please let me know.




1 Reply
If you use automation and the randomization feature to drop your payload then it is supposed to drop attacks of over 1,000 in batches of 1,000 and attacks of less than 1,000 in batches of 100, BUT (1) that was the Support position over a year ago and the attack simulator has changed significantly since then, (2) I have not used automation since that time, and (3) I cannot remember how well this worked. I do remember that within a batch, all mails are delivered in quick succession so you still get the "water cooler" effect the designers were trying to avoid. I also have the impression that automation and randomization would work better with a large bundle of payloads rather than just the one, so over a period of several months your recipients would see the payloads in any order.

If your 900 are geographically scattered then try slicing your user base by name and then attack those in small groups. It is a bit more work but PowerShell can write the attack lists for you fairly quickly then they go straight into the attack simulator. You can mix payrolls manually that way if you wish.