cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MS 365 Defender - phishing attack simulator payload

HathMH
Copper Contributor

‎Sep 27 2022 12:07 PM

‎Sep 27 2022 12:07 PM

MS 365 Defender - phishing attack simulator payload

Not sure if this is the right place to post my question, so apologies upfront. 

 

My issue: I have been tasked with utilizing the phishing attack simulator in Defender. I am horrible at creating phishing emails (I suck at coding). I like it the attack simulator, it's a great tool. Though, I do wish there were better, more visually enticing payloads, or ones that a crafted a bit better to look more like spoofs or closer to some of the more effective real-world phish attempts I have seen. Even better, have a larger library that users can contribute to and share? 

 

My questions: 

1 - When editing/creating a payload, there are options of Current Event and Controversial. The documentation on learn.microsoft.com does not go into any detail as to what this means, it just lists the possible values of Yes or No. What do these values mean?

2 - There are rather limited number of phishing payloads, particularly when filtered to certain kinds like Malware Attachement and so forth. Are there any updates to the payloads, broader library, or some kind of community repository to share custom payloads? 

Labels:
1,804 Views
0 Likes
2 Replies
Reply
2 Replies
Vasil Michev

‎Sep 27 2022 11:43 PM

‎Sep 27 2022 11:43 PM

Re: MS 365 Defender - phishing attack simulator payload

If your goal is to have "real-life" examples of payloads targeting your tenant, and reuse them for simulations later on, take a look at the payload harvesting feature: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-train...
1 Like
Reply
HathMH

‎Sep 28 2022 06:58 AM - edited ‎Sep 28 2022 07:22 AM

‎Sep 28 2022 06:58 AM - edited ‎Sep 28 2022 07:22 AM

Re: MS 365 Defender - phishing attack simulator payload

Excellent, I shall have to try this. Thank you. Do you know what the options Current Event and Controversial are? 

 

Sadly, I cannot do the harvest feature as my agency is not on that plan. The only things that show up in Automation is Simulation Automations, no Payload Automations. bummer. I have Plan 2, but do not see it.

0 Likes
Reply