We found a serious error in Microsoft’s Attack Simulator program. Without a fix, it would have turned into a real phishing attack platform circumventing all protection mechanisms.
TL;DR: Microsoft offers their own phishing simulation service used by enterprises to see which of their employees need more training on spotting phishing emails.
Some of the fake links they used in such simulations led to unregistered domains, meaning some malicious person could simply register the domain, put whatever content they want on there, and turn the fake phish into a real one.
TL;DR: Microsoft offers their own phishing simulation service used by enterprises to see which of their employees need more training on spotting phishing emails.
Some of the fake links they used in such simulations led to unregistered domains, meaning some malicious person could simply register the domain, put whatever content they want on there, and turn the fake phish into a real one.