Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Attack simulation training, Credential Harvest - flag real login credentials

Copper Contributor

Hello,
Is it possible in Attack simulation training, Credential Harvest to flag users who have entered their real login details in the login screen ?

Unfortunately, currently the user is marked as "Compromised" for both - false credentials and real credentials.
I have not found any information to highlight the entry of true login credentials.

2 Replies
No, that's not possible. And it shouldn't be possible. Every user that gotten thus far needs to be flagged :)
I have known users who were suspicious and deliberately typed wrong credentials to see what would happen. Of course, that is not a good idea if the intention is a malware drop rather than a credential phish, and they are also assuming that they can distinguish between a genuine "wrong password" response and a phishing engine that composes an excuse or simply does not respond once the data is stolen.