this post was submitted on 10 May 2024
1271 points (98.5% liked)

Comic Strips

12479 readers
3349 users here now

Comic Strips is a community for those who love comic stories.

The rules are simple:

Web of links

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] dan@upvote.au 13 points 6 months ago* (last edited 6 months ago)

The Microsoft 365 admins at my workplace were doing something like this. It's got some sort of built-in phishing simulation functionality (I think it's this: https://learn.microsoft.com/en-us/defender-office-365/attack-simulation-training-simulations). The idea is that the recipient clicks a button in Outlook to report it as suspicious, and get a "congrats you did the right thing" notice.

However, it seems like IT security were unaware of the test, because they started blocking the emails and blackholed the domain the emails linked to (meaning it doesn't resolve on our network any more). They also reported the domain as phishing to some safe browsing vendor we use, which propagated into the blocklist Chrome uses. It was a shared domain Microsoft use for this training (it was one of the domains on this list: https://learn.microsoft.com/en-us/defender-office-365/attack-simulation-training-get-started?view=o365-worldwide) so Microsoft probably had to deal with un-blocking it...