Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Attack simulation 100% false clicks

Copper Contributor

I occasionally encounter an issue where my simulations mistakenly mark all users as compromised, with the first click occurring as early as 9 seconds, averaging 18 seconds. Despite considering defensive software, my investigations show inconsistency:

- Only 1 out of 3 different payloads sent to separate groups had this issue. 
- Repeating the test with a smaller group did not replicate the problem.
- Clicks are recorded before the email is even opened, regardless of the email client, including Outlook and those on MacOS.
- All workstations have Defender installed.

This leads me to conclude the issue occurs randomly, without correlation to the payload, platform, or user behavior.

But of course it's not like that.


0 Replies