Office 365 Attack Simulator Now Supports Attachments

The Attack Simulator in Office 365 tool has been updated and now has the ability to include message attachments in targeted campaigns, according to a Friday Microsoft announcement.

End users that click on these message attachments, which don't actually contain malware, will get a personalized message. The message tells them that they'll need to get "follow up training on security best practices" from their administrators -- the very people that sent the simulated attack.

Another improvement in the Attack Simulator tool is the ability sort out phishing targets by "directory metadata," such as an employee's "title, city, and department." This improvement can be used to check on high-risk employees, such as people in the finance or HR departments.

"We encourage organizations to target high risk segments of their user population with more frequent simulations to further reduce your risk of getting phished," Microsoft's announcement advised.

The phish reports for IT pros, available after an attack campaign is carried out, also have enhancements. IT pros can now see "IP addresses and client data" in the reports and the actual phish message that was used in a campaign is now shown.

Attack Simulator in Office 365 was launched last year. It's accessed in the Office 365 Security and Compliance Center and requires having Office 365 Advanced Threat Protection Plan 2 licensing. The tool lets IT pros with Office 365 global administrator or security administrator credentials conduct simulated phishing attacks. The aim is to find end users that are prone to clicking on unsafe links in messages. Now their predilections for clicking on unsafe attachments can be tested, too.

The tool supports three kinds of simulated attacks at present, according to Microsoft's documentation:

In a Dec. 2 post, Microsoft cybersecurity officials described the effectiveness of so-called "spear phishing" attacks, which typically use the name of person high up in an organization to get recipients to take certain actions. Such attacks can effectively target human resources personnel involved with hiring as they typically interact with unknown outside parties responding to job ads, they noted. Attackers also try to pose using the name of an organization's CEO, or a high official, to get a response.

"Because these attacks are so focused, even tech-savvy executives and other senior managers have been duped into handing over money and sensitive files by a well-targeted email," they wrote.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • How To Fix the Hyper-V Read Only Disk Problem

    DOS might seem like a relic now, but sometimes it's the only way to fix a problem that Windows seems ill-equipped to deal with -- like this one.

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

comments powered by Disqus