Question

  • Creator
    Topic
  • #4005541
    Avatar photo

    False clicks on phishing emails

    by larahy2k ·

    Hi
    I have been experiencing false clicks while running a number of simulated phishing exercises for my company. IP addresses appear to be coming from AWS and the links seem to be getting examined first before getting delivered to the recipient.

    We are using an Exchange connector to connect directly from the partner organisation that we use for the phishing simulations to M365. This is also bypassing our message filtering service. There has been several message traces done and its not showing any kind of filtering.

    Any help would be appreciated. This has been an ongoing issue for a while.
    Is there any message logging/trace tools to track every hop of the email? (Apart from standard message trace that has already been used).

    Thanks in advance.

You are posting a reply to: False clicks on phishing emails

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our Community FAQs for details. All submitted content is subject to our Terms of Use.

All Answers

  • Author
    Replies
    • #4005547
      Avatar photo

      Reply To: False clicks on phishing emails

      by kees_b ·

      In reply to False clicks on phishing emails

      You click on a link (http://….). There’s a program on your PC that interprets it. It uses the DNS configured on the PC or company network to find the IP-address of the webserver to send a GET-request to. It should work exactly as it works when you use your browser (Chrome, Firefox, Edge) to go to that link.

      I wonder what AWS and Exchange and partners and M365 and message filtering services have to do with it.

      And what is a “false click”?

      And why do you post this in the Windows-forum with a Microsoft tag? I don’t think the result would be any different if you open that phishing mail Thunderbird in your Linux PC instead of in Outlook on your Windows PC. So I’m not amazed at all that you didn’t get any answer when you posted this same very unclear question in a Microsoft forum: https://techcommunity.microsoft.com/t5/outlook/false-clicks-for-phishing-campaigns/m-p/3651650 two weeks ago.

      • This reply was modified 1 month ago by Avatar photokees_b.
      • This reply was modified 1 month ago by Avatar photokees_b.
      • This reply was modified 1 month ago by Avatar photokees_b.
      • This reply was modified 1 month ago by Avatar photobirdmantd.
    • #4005593
      Avatar photo

      So you did the first click.

      by rproffitt ·

      In reply to False clicks on phishing emails

      That can open a site that auto redirects to another and another and another (get the point?) and JavaScript code can click on links on the page.

      It’s old but I see it still works at https://stackoverflow.com/questions/902713/how-do-i-programmatically-click-a-link-with-javascript

      The only need to get fake clicks is to get the email user to click the first link and we’re off to the races.

      It’s a little unclear what your goals are. Sure, we can get more logging from the browser (it’s not an email issue here.) Example read at https://testmatick.com/instruction-on-how-to-collect-logs-in-a-browser/

      If you do get such an email you decide to filter or ban that sender.

Viewing 1 reply thread