{"id":3918,"date":"2019-12-17T09:22:19","date_gmt":"2019-12-17T07:22:19","guid":{"rendered":"https:\/\/www.msb365.blog\/?p=3918"},"modified":"2023-06-23T13:05:09","modified_gmt":"2023-06-23T11:05:09","slug":"phishing-simulation-exchange-online-office-365-security","status":"publish","type":"post","link":"https:\/\/www.msb365.blog\/?p=3918","title":{"rendered":"Phishing attack simulation in Exchange online &#8211; Part one"},"content":{"rendered":"<h2>Prolog<\/h2>\n<p>One of the biggest dangers in the industry for IT professionals is attacks on their own company network.<br \/>\nThere are different types of attacks. As I have described in a <a href=\"https:\/\/www.msb365.blog\/?p=3496\" target=\"_blank\" rel=\"noopener noreferrer\">previous article<\/a>, one of the biggest threats are phishing attacks.<\/p>\n<p>There are several providers of employee training aimed at improving awareness of such attacks on the market.<\/p>\n<p>\u00a0<\/p>\n<p>Microsoft itself also offers such tools for its customers. Depending on the licensing, an internal simulated company attack can be carried out in a few simple steps. Microsoft offers different variations of those attacks, which are described in details in this and further articles.<\/p>\n<p>\u00a0<\/p>\n<p>In this article we explain the configuration and execution of such a simulated attack to capture user credentials.<\/p>\n<hr \/>\n<h2>Available attacks<\/h2>\n<p>Currently Microsoft offers three kind of attack simulations. Those are:<\/p>\n<ul>\n<li>Display name spear fishing attack<\/li>\n<li>Password spray attack<\/li>\n<li>Brute force password attack<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p>About Password spray and brute force password attacks I will write in a dedicated article.<\/p>\n<hr \/>\n<h2>Prequels<\/h2>\n<p>Before we start to create and run a simulated attack in our company, we need to make the following steps sure:<\/p>\n<ul>\n<li>As written earlier, the organizations messaging system has to be hosted in Exchange online. Microsoft\u2019s attack simulator is not available for on-premises Exchange environments. If we want to run a simulated attack on on-premises environments, unfortunately we will need third party tools.<\/li>\n<li>An IT Engineer, who has to prepare and run the simulated attack needs to be a global administrator un the company\u2019s Office 365 Tenant.<\/li>\n<li>The multi factor authentication is turned on for at least the global administrators of the Office 365 Tenant.<\/li>\n<li>The organization has Office 365 Advanced Threat Protection Plan 2 enabled. However, in that case the option \u201cAttack simulator\u201d will be available in th Security & Compliance Center.<\/li>\n<\/ul>\n<p>The Office 365 Advanced Threat Protection Plan 2 is also included in the Office 365 ATP Plan 2.<\/p>\n<p>ATP Plan 2 is also part of the following Office 365 plans:<\/p>\n<ul>\n<li>Office 365 E5<\/li>\n<li>Office 365 A5<\/li>\n<li>Microsoft 365 E5<\/li>\n<\/ul>\n<p>If your organization don\u2019t run any of those plans, they can be purchased dedicated as an add-on for certain subscriptions.<\/p>\n<p><span style=\"font-size: inherit;\">To learn more, see Feature availability across <\/span><a style=\"font-size: inherit;\" href=\"https:\/\/docs.microsoft.com\/office365\/servicedescriptions\/office-365-advanced-threat-protection-service-description#feature-availability-across-advanced-threat-protection-atp-plans\" target=\"_blank\" rel=\"noopener noreferrer\">ATP plans<\/a><span style=\"font-size: inherit;\">.<\/span><\/p>\n<hr \/>\n<h2>Attack one \u2013 Display Name<\/h2>\n<p>So that we can start planning a simulated attack, we have to go to our <strong>Security & Compliance Center<\/strong> first, then we browse further on <strong>Threat<\/strong> <strong>management<\/strong> > <strong>Attack simulator<\/strong>.<\/p>\n<p><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-full wp-image-3931\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/1.png\" alt=\"\" width=\"297\" height=\"462\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/1.png 297w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/1-193x300.png 193w\" sizes=\"(max-width: 297px) 100vw, 297px\" \/><\/p>\n<p>\u00a0<\/p>\n<p>In our first case we select the <strong>Spear Phishing attack<\/strong> option and click <strong>Launch Attack<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-3932\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/2.png\" alt=\"\" width=\"2071\" height=\"733\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/2.png 2071w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/2-300x106.png 300w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/2-1024x362.png 1024w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/2-768x272.png 768w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/2-600x212.png 600w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/2-1536x544.png 1536w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/2-2048x725.png 2048w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/2-1600x566.png 1600w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/2-905x320.png 905w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/2-1320x467.png 1320w\" sizes=\"(max-width: 2071px) 100vw, 2071px\" \/><\/p>\n<p>\u00a0<\/p>\n<p>Now the configuration wizard is started. First, we have to give our simulation a campaign name. If this is defined, continue with <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-3933\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/3.png\" alt=\"\" width=\"1289\" height=\"443\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/3.png 1289w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/3-300x103.png 300w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/3-1024x352.png 1024w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/3-768x264.png 768w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/3-600x206.png 600w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/3-905x311.png 905w\" sizes=\"(max-width: 1289px) 100vw, 1289px\" \/><\/p>\n<p>\u00a0<\/p>\n<p>In the next step the target users are defined. A single attack can be executed against the entire organization or only against individual users.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3934\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/4.png\" alt=\"\" width=\"1276\" height=\"819\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/4.png 1276w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/4-300x193.png 300w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/4-1024x657.png 1024w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/4-768x493.png 768w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/4-600x385.png 600w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/4-905x581.png 905w\" sizes=\"(max-width: 1276px) 100vw, 1276px\" \/><\/p>\n<p>\u00a0<\/p>\n<p>In the next step various settings has to be made. This is also where the theme of the attack is defined. On one hand it is about the design of the message. What should be displayed as the sender of the phishing message? What should be the sender\u2019s e-mail address?<\/p>\n<p>Further you can select in a dropdown window which fake target web address should be presented.<\/p>\n<p>Last two points are real destination web address and the message subject.<\/p>\n<p><strong>Note: <\/strong>Remember that the <strong>Custom Landing Page URL<\/strong> should be a dedicated website, where the users, who have fallen into the trap will be redirected. On this dedicated website the users should get the information that he has been part of a simulated phishing attack.<\/p>\n<p>I am currently preparing such a landing page, as soon as it is ready, you are welcome to refer to it. The custom landing page does not store any information entered by the user. This is a simple redirecting to an info page.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3935\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/5.png\" alt=\"\" width=\"1300\" height=\"540\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/5.png 1300w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/5-300x125.png 300w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/5-1024x425.png 1024w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/5-768x319.png 768w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/5-600x249.png 600w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/5-905x376.png 905w\" sizes=\"(max-width: 1300px) 100vw, 1300px\" \/><\/p>\n<p>\u00a0<\/p>\n<p>The next step is to generate the message for the users. Microsoft offers a template, which is not very good.<\/p>\n<p>Every administrator, who prepares such a simulation can set up a message either in text form or source form (HTML).<\/p>\n<p>I have prepared a HTML message for you below (I advice you to use the \u201c<strong>Download Now<\/strong>\u201d Button if you want to get the File below). My template contains the custom variables and also the link variable for the forwarding.<\/p>\n<p>If you want, feel free to use that one and of course you can modify it so it fits into your scenario.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3936\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/6.png\" alt=\"\" width=\"1296\" height=\"1016\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/6.png 1296w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/6-300x235.png 300w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/6-1024x803.png 1024w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/6-768x602.png 768w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/6-600x470.png 600w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/6-905x709.png 905w\" sizes=\"(max-width: 1296px) 100vw, 1296px\" \/><\/p>\n<p>\u00a0<\/p>\n<pre class=\"\"><meta charset=\"utf-8\">\r\n<!-- utf-8 works for most cases -->\r\n<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n<!-- Forcing initial-scale shouldn't be necessary -->\r\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\r\n<!-- Use the latest (edge) version of IE rendering engine -->\r\n<title>EmailTemplate-Fluid<\/title>\r\n<!-- The title tag shows in email notifications, like Android 4.4. -->\r\n\r\n<!-- Please use an inliner tool to convert all CSS to inline as inpage or external CSS is removed by email clients -->\r\n<!-- important in CSS is used to prevent the styles of currently inline CSS from overriding the ones mentioned in media queries when corresponding screen sizes are encountered -->\r\n\r\n<!-- CSS Reset -->\r\n<style type=\"text\/css\">\r\n\/* What it does: Remove spaces around the email design added by some email clients. *\/\r\n\/* Beware: It can remove the padding \/ margin and add a background color to the compose a reply window. *\/\r\nhtml, body {\r\nmargin: 0 !important;\r\npadding: 0 !important;\r\nheight: 100% !important;\r\nwidth: 100% !important;\r\n}\r\n\/* What it does: Stops email clients resizing small text. *\/\r\n* {\r\n-ms-text-size-adjust: 100%;\r\n-webkit-text-size-adjust: 100%;\r\n}\r\n\/* What it does: Forces Outlook.com to display emails full width. *\/\r\n.ExternalClass {\r\nwidth: 100%;\r\n}\r\n\/* What is does: Centers email on Android 4.4 *\/\r\ndiv[style*=\"margin: 16px 0\"] {\r\nmargin: 0 !important;\r\n}\r\n\/* What it does: Stops Outlook from adding extra spacing to tables. *\/\r\ntable, td {\r\nmso-table-lspace: 0pt !important;\r\nmso-table-rspace: 0pt !important;\r\n}\r\n\/* What it does: Fixes webkit padding issue. Fix for Yahoo mail table alignment bug. Applies table-layout to the first 2 tables then removes for anything nested deeper. *\/\r\ntable {\r\nborder-spacing: 0 !important;\r\nborder-collapse: collapse !important;\r\ntable-layout: fixed !important;\r\nmargin: 0 auto !important;\r\n}\r\ntable table table {\r\ntable-layout: auto;\r\n}\r\n\/* What it does: Uses a better rendering method when resizing images in IE. *\/\r\nimg {\r\n-ms-interpolation-mode: bicubic;\r\n}\r\n\/* What it does: Overrides styles added when Yahoo's auto-senses a link. *\/\r\n.yshortcuts a {\r\nborder-bottom: none !important;\r\n}\r\n\/* What it does: Another work-around for iOS meddling in triggered links. *\/\r\na[x-apple-data-detectors] {\r\ncolor: inherit !important;\r\n}\r\n<\/style>\r\n\r\n<!-- Progressive Enhancements -->\r\n<style type=\"text\/css\">\r\n\/* What it does: Hover styles for buttons *\/\r\n.button-td, .button-a {\r\ntransition: all 100ms ease-in;\r\n}\r\n.button-td:hover, .button-a:hover {\r\nbackground: #555555 !important;\r\nborder-color: #555555 !important;\r\n}\r\n<\/style>\r\n\r\n\r\n<table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" height=\"100%\" width=\"100%\" bgcolor=\"#e0e0e0\" style=\"border-collapse:collapse;\">\r\n<tbody><tr>\r\n<td><center style=\"width: 100%;\">\r\n\r\n<!-- Visually Hidden Preheader Text : BEGIN -->\r\n<div style=\"display:none;font-size:1px;line-height:1px;max-height:0px;max-width:0px;opacity:0;overflow:hidden;mso-hide:all;font-family: sans-serif;\"> (Optional) This text will appear in the inbox preview, but not the email body. <\/div>\r\n<!-- Visually Hidden Preheader Text : END -->\r\n\r\n<div style=\"max-width: 600px;\"> \r\n<!--[if (gte mso 9)|(IE)]>\r\n<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"600\" align=\"center\">\r\n<tr>\r\n<td>\r\n<![endif]--> \r\n\r\n<!-- Email Header : BEGIN -->\r\n<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" align=\"center\" width=\"100%\" style=\"max-width: 600px;\">\r\n<tbody><tr>\r\n<td style=\"padding: 20px 0; text-align: center\"><img src=\"https:\/\/secure.msb365.dev\/wp-content\/uploads\/2019\/12\/microsoft-logo-neu.png\" width=\"200\" height=\"50\" alt=\"alt_text\" border=\"0\"><\/td>\r\n<\/tr>\r\n<\/tbody><\/table>\r\n<!-- Email Header : END --> \r\n\r\n<!-- Email Body : BEGIN -->\r\n<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" align=\"center\" bgcolor=\"#ffffff\" width=\"100%\" style=\"max-width: 600px; text-align: left;\">\r\n\r\n<!-- Hero Image, Flush : BEGIN -->\r\n<tbody><tr>\r\n<td class=\"full-width-image\" align=\"center\"><img src=\"https:\/\/secure.msb365.dev\/wp-content\/uploads\/2019\/12\/RWo2DB.jpg\" width=\"600\" alt=\"alt_text\" border=\"0\" style=\"width: 100%; max-width: 600px; height: auto;\"><\/td>\r\n<\/tr>\r\n<!-- Hero Image, Flush : END --> \r\n\r\n<!-- 1 Column Text : BEGIN -->\r\n<tr>\r\n<td><table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"100%\">\r\n<tbody><tr>\r\n<td style=\"padding: 40px; font-family: sans-serif; font-size: 15px; mso-height-rule: exactly; line-height: 20px; color: #555555;\"> Dear, <span class=\"&quot;placeholder&quot;\" contenteditable=\"&quot;false&quot;\" data-basename=\"&quot;COMPANY_NAME&quot;\" data-hasoffset=\"&quot;false&quot;\" style=\"&quot;border:\" dotted=\"\" 1px=\"\" #d0d0d0;&quot;=\"\">${username}<\/span> <br><br>We have recently upgraded our Email system, as a security measure we need you to confirm your Messaging Login that you still will be able to Login next Week. <br><br> Please review and enter your routing Login details at the link by clicking on the \"Logon\" button below. <br><br><strong>If you do not update your account details within 5 days, the logon may no longer work. Later the messages and the mailbox will be deleted.<\/strong><br><br>Please let us know if you have any questions. <br><br>Thank you. <br>\r\n<br>\r\n\r\n<!-- Button : Begin -->\r\n\r\n<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" align=\"center\" style=\"margin: auto;\">\r\n<tbody><tr>\r\n<td style=\"border-radius: 3px; background: #222222; text-align: center;\" class=\"button-td\"><a href=\"${loginserverurl}\" style=\"background: #222222; border: 15px solid #222222; padding: 0 10px;color: #ffffff; font-family: sans-serif; font-size: 13px; line-height: 1.1; text-align: center; text-decoration: none; display: block; border-radius: 3px; font-weight: bold;\" class=\"button-a\"> \r\n<!--[if mso]>&nbsp;&nbsp;&nbsp;&nbsp;<![endif]-->Logon<!--[if mso]>&nbsp;&nbsp;&nbsp;&nbsp;<![endif]--> \r\n<\/a><\/td>\r\n<\/tr>\r\n<\/tbody><\/table>\r\n\r\n<!-- Button : END --> \r\n<br><div style=\"text-align: left;\"><span style=\"background-color: transparent;\">You will be redirected to the Microsoft Log on page to log in.<\/span><span style=\"background-color: transparent;\">.<\/span><\/div><\/td>\r\n<\/tr>\r\n<\/tbody><\/table><\/td>\r\n<\/tr>\r\n<!-- 1 Column Text : BEGIN --> \r\n\r\n<!-- Two Even Columns : BEGIN -->\r\n<tr>\r\n<td bgcolor=\"#ffffff\" align=\"center\" height=\"100%\" valign=\"top\" width=\"100%\"><!--[if mso]>\r\n<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" align=\"center\" width=\"560\">\r\n<tr>\r\n<td align=\"center\" valign=\"top\" width=\"560\">\r\n<![endif]-->\r\n\r\n<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" align=\"center\" width=\"100%\" style=\"max-width:560px;\">\r\n<tbody><tr>\r\n<td align=\"center\" valign=\"top\" style=\"font-size:0; padding: 10px 10px 30px 10px;\"><!--[if mso]>\r\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\" align=\"center\" width=\"560\">\r\n<tr>\r\n<td align=\"left\" valign=\"top\" width=\"280\">\r\n<![endif]-->\r\n\r\n<div style=\"display:inline-block; max-width:50%; margin: 0 -2px; vertical-align:top; width:100%;\" class=\"stack-column\">\r\n<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"100%\">\r\n<tbody><tr>\r\n<td style=\"padding: 0 20px;\"><table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"100%\" style=\"font-size: 14px;text-align: left;\">\r\n<tbody><tr>\r\n<td style=\"text-align: center;\"><img src=\"https:\/\/secure.msb365.dev\/wp-content\/uploads\/2019\/12\/kisspng-logo-office-365-microsoft-office-2-1-microsoft-co-5b7d99141fd879.1840181715349578441305.png\" width=\"200\" alt=\"\" style=\"border: 0;width: 100%;max-width: 200px;height: auto;\" class=\"center-on-narrow\"><\/td>\r\n<\/tr>\r\n<tr>\r\n<td style=\"font-family: sans-serif; font-size: 15px; mso-height-rule: exactly; line-height: 20px; color: #555555; padding-top: 10px;\" class=\"stack-column-center\">Office 365 is a cloud-based subscription service that brings together the best tools for the way people work today. By combining best-in-class apps like Excel and Outlook with powerful cloud services like OneDrive and Microsoft Teams, Office 365 lets anyone create and share anywhere on any device.<\/td>\r\n<\/tr>\r\n<\/tbody><\/table><\/td>\r\n<\/tr>\r\n<\/tbody><\/table>\r\n<\/div>\r\n\r\n<!--[if mso]>\r\n<\/td>\r\n<td align=\"left\" valign=\"top\" width=\"280\">\r\n<![endif]-->\r\n\r\n<div style=\"display:inline-block; max-width:50%; margin: 0 -2px; vertical-align:top; width:100%;\" class=\"stack-column\">\r\n<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"100%\">\r\n<tbody><tr>\r\n<td style=\"padding: 0 20px;\"><table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"100%\" style=\"font-size: 14px;text-align: left;\">\r\n<tbody><tr>\r\n<td style=\"text-align: center;\"><img src=\"https:\/\/secure.msb365.dev\/wp-content\/uploads\/2019\/12\/outlook.png\" width=\"200\" alt=\"\" style=\"border: 0;width: 100%;max-width: 200px;height: auto;\" class=\"center-on-narrow\"><\/td>\r\n<\/tr>\r\n<tr>\r\n<td style=\"font-family: sans-serif; font-size: 15px; mso-height-rule: exactly; line-height: 20px; color: #555555; padding-top: 10px;\" class=\"stack-column-center\">With Outlook, you can quickly connect and share files with the people and groups that matter most. Simplify your life with tools that help you take control of your email and schedule. Find important information fast so you can make decisions even faster.<\/td>\r\n<\/tr>\r\n<\/tbody><\/table><\/td>\r\n<\/tr>\r\n<\/tbody><\/table>\r\n<\/div>\r\n\r\n<!--[if mso]>\r\n<\/td>\r\n<\/tr>\r\n<\/table>\r\n<![endif]--><\/td>\r\n<\/tr>\r\n<\/tbody><\/table>\r\n\r\n<!--[if mso]>\r\n<\/td>\r\n<\/tr>\r\n<\/table>\r\n<![endif]--><\/td>\r\n<\/tr>\r\n<!-- Two Even Columns : END -->\r\n\r\n<\/tbody><\/table>\r\n<!-- Email Body : END --> \r\n\r\n<!-- Email Footer : BEGIN -->\r\n<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" align=\"center\" width=\"100%\" style=\"max-width: 680px; text-align: left;\">\r\n<tbody><tr>\r\n<td style=\"padding: 40px 10px;width: 100%;font-size: 12px; font-family: sans-serif; mso-height-rule: exactly; line-height:18px; text-align: center; color: #888888;\"><webversion style=\"color:#cccccc; text-decoration:underline; font-weight: bold;\">View as a Web Page<\/webversion>\r\n<br>\r\n<br>\r\nMicrosoft&nbsp;Corporation<br>\r\n<span class=\"mobile-link--footer\">Redmond, Seattle<\/span> <br>\r\n<br><div style=\"text-align: left;\"><b style=\"background-color: transparent;\"><br><\/b><\/div><div style=\"text-align: left;\"><b style=\"background-color: transparent;\"><br><\/b><\/div><div style=\"text-align: left;\"><b style=\"background-color: transparent;\"><br><\/b><\/div><div style=\"text-align: left;\"><b style=\"background-color: transparent;\">Do not share this email<\/b><span style=\"background-color: transparent;\">&nbsp;<\/span><\/div>\r\n<unsubscribe style=\"color: rgb(136, 136, 136);\"><div style=\"text-align: left;\"><span style=\"background-color: transparent;\">This email contains a secure link to a secure site. Please do not share this link email with others.&nbsp;<\/span><\/div>\r\n<br><div style=\"text-align: left;\"><span style=\"background-color: transparent;\"><b style=\"\">Questions or concerns about the new Email Service?<\/b>&nbsp;<\/span><\/div><div style=\"text-align: left;\"><span style=\"background-color: transparent;\">If you have any questions about the site, please visit our support page support page rather than replying to this email.<\/span><\/div><\/unsubscribe><\/td>\r\n<\/tr>\r\n<\/tbody><\/table>\r\n<!-- Email Footer : END --> \r\n\r\n<!--[if (gte mso 9)|(IE)]>\r\n<\/td>\r\n<\/tr>\r\n<\/table>\r\n<![endif]--> \r\n<\/div>\r\n<\/center><\/td>\r\n<\/tr>\r\n<\/tbody><\/table><\/pre>\n<h3>Or as a File:<\/h3>\n<p class=\"wp-block-preformatted \"><div class=\"\"><a href=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/HTML.zip\" target=\"_self\" class=\"emd_dl_red_darker\">Download Now<\/a><\/div>    <style>            \r\n    .emd_dl_red_darker {\r\n        -moz-box-shadow:inset 0px 1px 0px 0px #f5978e;\r\n        -webkit-box-shadow:inset 0px 1px 0px 0px #f5978e;\r\n        box-shadow:inset 0px 1px 0px 0px #f5978e;\r\n        background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #f24537), color-stop(1, #c62d1f) );\r\n        background:-moz-linear-gradient( center top, #f24537 5%, #c62d1f 100% );\r\n        filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#f24537', endColorstr='#c62d1f');\r\n        background-color:#f24537;\r\n        -webkit-border-top-left-radius:0px;\r\n        -moz-border-radius-topleft:0px;\r\n        border-top-left-radius:0px;\r\n        -webkit-border-top-right-radius:0px;\r\n        -moz-border-radius-topright:0px;\r\n        border-top-right-radius:0px;\r\n        -webkit-border-bottom-right-radius:0px;\r\n        -moz-border-radius-bottomright:0px;\r\n        border-bottom-right-radius:0px;\r\n        -webkit-border-bottom-left-radius:0px;\r\n        -moz-border-radius-bottomleft:0px;\r\n        border-bottom-left-radius:0px;\r\n        text-indent:0;\r\n        border:1px solid #d02718;\r\n        display:inline-block;\r\n        color:#ffffff !important;\r\n        font-family:Georgia;\r\n        font-size:15px;\r\n        font-weight:bold;\r\n        font-style:normal;\r\n        height:41px;\r\n        line-height:41px;\r\n        width:153px;\r\n        text-decoration:none;\r\n        text-align:center;\r\n        text-shadow:1px 1px 0px #810e05;\r\n    }\r\n    .emd_dl_red_darker:hover {\r\n        background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #c62d1f), color-stop(1, #f24537) );\r\n        background:-moz-linear-gradient( center top, #c62d1f 5%, #f24537 100% );\r\n        filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#c62d1f', endColorstr='#f24537');\r\n        background-color:#c62d1f;\r\n    }.emd_dl_red_darker:active {\r\n        position:relative;\r\n        top:1px;\r\n    }<\/style><\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p>The configuration of the simulated attack is now complete. Click Finish to start it.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3938\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/7.png\" alt=\"\" width=\"1304\" height=\"499\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/7.png 1304w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/7-300x115.png 300w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/7-1024x392.png 1024w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/7-768x294.png 768w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/7-600x230.png 600w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/7-905x346.png 905w\" sizes=\"(max-width: 1304px) 100vw, 1304px\" \/><\/p>\n<hr \/>\n<p>\u00a0<\/p>\n<h2>The attack has started \u2013 User view<\/h2>\n<p>\u00a0<\/p>\n<p>Let\u2019s change perspective now. We have started the simulation. Since Microsoft has configured the simulated attack for its own tenant, we don\u2019t have to worry that the message will end up in the SPAM folder. Normally the phishing message will end up in the inbox as usual.<\/p>\n<p>This message can look like the following example:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3939\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/8.png\" alt=\"\" width=\"541\" height=\"115\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/8.png 541w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/8-300x64.png 300w\" sizes=\"(max-width: 541px) 100vw, 541px\" \/><\/p>\n<p>\u00a0<\/p>\n<p>After opening the message, we also see who the sender is (including the defined e-mail address) and subject.<\/p>\n<p>It is also exciting that the predefined variables are immediately dragged in the mail text and the affected user is personally addressed by name:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3940\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/9.png\" alt=\"\" width=\"1327\" height=\"1064\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/9.png 1327w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/9-300x241.png 300w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/9-1024x821.png 1024w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/9-768x616.png 768w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/9-600x481.png 600w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/9-905x726.png 905w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/9-1320x1058.png 1320w\" sizes=\"(max-width: 1327px) 100vw, 1327px\" \/><\/p>\n<p>\u00a0<\/p>\n<p>Further down in the message there is also a button with a link. If the user clicks on this link, he will be redirected to a simulated Microsoft Sign-In Page.<\/p>\n<p>This is the fake link, that we had defined earlier in the wizard during simulation configuration.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3941\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/10.jpg\" alt=\"\" width=\"602\" height=\"574\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/10.jpg 602w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/10-300x286.jpg 300w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/10-600x572.jpg 600w\" sizes=\"(max-width: 602px) 100vw, 602px\" \/><\/p>\n<p>\u00a0<\/p>\n<p>If the user has now also entered his credentials and then clicked on Log-In, he has become a victim of the simulated attack. The redirection follows the Custom Landing Page URL which has been defined by the administrator. As already mentioned, I will soon provide such a landing page for free to use.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3942\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/11.png\" alt=\"\" width=\"1437\" height=\"1074\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/11.png 1437w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/11-300x224.png 300w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/11-1024x765.png 1024w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/11-768x574.png 768w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/11-600x448.png 600w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/11-905x676.png 905w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/11-1320x987.png 1320w\" sizes=\"(max-width: 1437px) 100vw, 1437px\" \/><\/p>\n<hr \/>\n<p>\u00a0<\/p>\n<h2>Reporting<\/h2>\n<p>\u00a0<\/p>\n<p>After the simulation is finished, we can go back to the Admin Center as administrator. We can see at a glance how far the simulation has progressed and with a click on View Report we can see further details.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3944\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/12.jpg\" alt=\"\" width=\"602\" height=\"298\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/12.jpg 602w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/12-300x149.jpg 300w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/12-600x297.jpg 600w\" sizes=\"(max-width: 602px) 100vw, 602px\" \/><\/p>\n<p>\u00a0<\/p>\n<p>As we can see in the picture below, we get a clear and structured overview here of the test results. Finally, we can also export them.<\/p>\n<p>Passwords of the users are not listed of course, but which users have clicked on the link and which have entered their credentials.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3945\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/13.png\" alt=\"\" width=\"1702\" height=\"914\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/13.png 1702w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/13-300x161.png 300w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/13-1024x550.png 1024w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/13-768x412.png 768w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/13-600x322.png 600w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/13-1536x825.png 1536w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/13-1600x859.png 1600w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/13-905x486.png 905w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2019\/12\/13-1320x709.png 1320w\" sizes=\"(max-width: 1702px) 100vw, 1702px\" \/><\/p>\n<hr \/>\n<p>\u00a0<\/p>\n<h2>Conclusion | Preview Part two<\/h2>\n<p>As we could see, such a simulation is very easy and fast to implement. Only the phishing message itself and the landing page need more time. How hard such a simulation should be for the users, depends on the administrator.<\/p>\n<p>He can send the message consciously \u201cinaccurately\u201d or generate \u2013 depending upon enterprises \u2013 also very specifically.<\/p>\n<p>From my point of view, it is important to carry out such simulations time by time and to train the users afterwards.<\/p>\n<p>In one of my next articles I will also describe the Password Spray attack and Brute-force password attack.<\/p>\n<p>But I started with this example because I think this is by far the biggest threat.<\/p>\n<hr \/>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Prolog One of the biggest dangers in the industry for IT professionals is attacks on their own company network. There are different types of attacks. As I have described in a previous article, one of the biggest threats are phishing attacks. There are several providers of employee training aimed at improving awareness of such attacks [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3922,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[1923,2],"tags":[],"class_list":["post-3918","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-365","category-exchange"],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/posts\/3918","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3918"}],"version-history":[{"count":20,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/posts\/3918\/revisions"}],"predecessor-version":[{"id":5181,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/posts\/3918\/revisions\/5181"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/media\/3922"}],"wp:attachment":[{"href":"https:\/\/www.msb365.blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3918"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3918"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3918"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}