CONFIGURING A PHISHING CAMPAIGN IN MICROSOFT DEFENDER.

Configuring a phishing campaign in Microsoft Defender (specifically Microsoft Defender for Office 365) involves creating a simulated attack to test and educate users on recognizing and responding to phishing attempts. Here’s a step-by-step guide:

Firstly, you check Jira ticket, find the previous or current phishing monthly campaign. The previous report would have taken a screenshot and what the payload. The payload is the technical link, it's also what and how it is delivered. 

Access Microsoft Defender for Office 365

1. Sign in to the Microsoft 365 Defender portal at https://security.microsoft.com.
2. In the left-hand navigation pane, select "Email & collaboration".

Navigate to Attack Simulation Training

1. Under "Training & simulation", click on "Attack simulation training".
2. If this is your first time using the feature, you might need to go through a brief setup process to enable the Attack simulation training feature.

Create a New Simulation

1. Click on "Simulations & Training" in the top menu.
2. Click "Create a simulation".

Define Simulation Details

1. Simulation Name: Enter a descriptive name for the phishing campaign.
2. Target Users: Choose the users or groups you want to target. You can select specific users, groups, or even upload a CSV file with the targeted email addresses.

Choose an Attack Technique

1. Choose "Phishing" as the attack technique.
2. Select a specific type of phishing attack, such as credential harvesting, link in attachment, or link to a fake login page.

Select a Template

1. Microsoft provides various phishing templates. Choose a template that best fits the campaign you want to run.
2. You can preview the template to see how the phishing email will appear to the end-user.

Customize the Phishing Email

1. You can either use the selected template as is or customize the content to better fit your organizational needs.
2. Modify the subject line, body content, and sender name if necessary.

Set Launch Options

1. Choose the launch date and time for your simulation. You can launch immediately or schedule it for a future time.
2. Optionally, you can choose to repeat the simulation to cover different users or to run periodic tests.

Assign Training

1. After the phishing simulation, users who fall for the attack can be assigned training automatically.
2. Choose or create specific training courses that will be assigned to users who clicked on the phishing link or submitted credentials.

Review and Launch

1. Review all your settings and make sure everything is configured as desired.
2. Click "Launch simulation" to start the campaign.

Monitor the Campaign

1. Once the campaign is launched, you can monitor its progress from the "Simulation & Training" dashboard.
2. Track which users received the phishing email, who clicked on it, and who submitted credentials.

Analyze Results

1. After the campaign concludes, go to the "Reports" section to analyze the results.
2. Review metrics such as click rates, credential submission rates, and completion rates for any assigned training.
3. Use these insights to understand the organization's susceptibility to phishing and to refine future training efforts.

Follow Up

1. Based on the results, consider scheduling additional training sessions for users who were susceptible to the phishing simulation.
2. Continue to periodically run phishing simulations to track improvement and maintain user awareness.

Reference:

Microsoft

PHISHING STIMULATION

Ensuring Compliance in Phishing Campaign Training.

At Company ABC, a recent phishing campaign report revealed that six employees failed their internal mandatory phishing awareness training. The campaign was designed to educate employees on recognizing and avoiding phishing attempts, with automated reminders set to encourage timely completion. However, the compliance team noticed that some employees were still vulnerable due to incomplete training.

The compliance team's objective was to ensure that all employees completed the training within the designated timeframe. The team aimed to prevent the accumulation of unfinished training from multiple campaigns, which could lead to delays and employee fatigue. The goal was to maintain a security-first mindset across the organization by reinforcing the importance of cybersecurity awareness.

The compliance team investigated the training campaign's setup and discovered that automated reminders were sent bi-weekly during the phishing campaign. Additionally, employees were given an extra seven days to complete the training after the campaign ended. If employees still failed to complete the training, manual reminders and training assignments were issued. The compliance team emphasized the need for consistent follow-up to avoid piling up training obligations, which could dilute the effectiveness of the program.

The team also considered the impact of delayed training on employees' vulnerability to phishing attempts. To address this, they coordinated with the training administrators to ensure that training deadlines aligned with the company's overall cybersecurity strategy. They also set up escalation procedures for repeat offenders who failed to complete multiple training sessions.

As a result of these efforts, the company was able to significantly improve its training completion rates. By enforcing strict deadlines and providing consistent reminders, the compliance team ensured that all employees completed their training before the next phishing campaign.

This proactive approach not only reduced the risk of phishing attacks but also reinforced the organization's commitment to cybersecurity. The team successfully instilled a security-first mindset among employees, emphasizing that everyone plays a crucial role in protecting the organization.

END OF INTERVIEW.

 

Leaving a Lasting Impression: Five Questions to Ask at the End of Your Interview

You've reached the end of your interview, and the hiring manager asks, "Do you have any questions?" This is your golden opportunity to shine and leave a lasting impression. Here are five insightful questions to ask:

1. How Do You See the Team Evolving in the Next Five Years?

Asking about the team's future shows that you're interested in long-term growth and stability. It also provides insight into the company's strategic vision and how you might fit into their future plans.

2. Could You Tell Me More About Your Goals and How the Team Supports Them?

Understanding the hiring manager's goals and the team's role in achieving them demonstrates your interest in contributing to the company's success. It also helps you gauge how your potential role aligns with the broader organizational objectives.

3. Can You Provide Examples of the Types of Projects I Might Work On and How I Can Succeed in Them?

This question shows your eagerness to hit the ground running and succeed in your new role. It also gives you a clearer picture of what to expect and how to prepare yourself for the challenges ahead.

4. Are There Opportunities for Stretch Assignments Where I Can Learn and Develop New Skills?

Expressing a desire for continuous learning and skill development highlights your ambition and commitment to personal growth. It also indicates that you're looking for a dynamic environment where you can take on new challenges.

5. Could You Share a Project You're Particularly Proud Of and Its Impact on the Business?

This question not only allows the hiring manager to share their achievements but also helps you understand the type of work that is valued and recognized within the company. It can provide insights into the company's culture and what it takes to succeed