Attack Simulator: Phishing Login server URL detected by common browsers (Chrome, Internet Explorer, Edge) as "Deceptive" or "Unsafe"
When clicking on the link produced by the Spear Phishing attack simulator in https://protection.office.com/attacksimulator (Phishing Login server URL), common browsers like Chrome, Edge, or Internet Explorer detects the site as "Deceptive" or "Unsafe". This results to a failed simulation as no user will attempt to click on "visit this unsafe site". Even if the users click on the link, that of which is recorded, the test will always have a 0% Success Rate.
Is there anyway that Microsoft can coordinate with the common browsers to "whitelist" all their Phishing Login server URLs?
The core cred harvesting URLs in attack simulator are allow-listed in SmartScreen (the technology used in Explorer and Edge), so they shouldn’t be blocked with those browsers. Chrome is usually the biggest problem, and Microsoft has been unsuccessful in convincing Google that they should include our phish training URLs in their default allow-lists. Instructions on how to deploy a client policy that allow-lists the cred harvesting URLs for Chrome can be found here:
At the moment, the following URLs are included in the M365 Attack Simulator:
Layhy SIN, IT Manager commented
Cambodia Airports, is member of VINCI Airports whom subscribed to ATP for 400+ plus in the tenant GCC type? We petition to Microsoft to implement reporting message add-in into our tenant (GCC) in order to fully utilize the benefit of monitoring level of junk, phish reports by end user to tackle increasing spam and phish attack to our tenant (VINCI Airports).
any solution for this? looks like no answer from Microsoft :(
This issue is occuring in my organization as well which makes very diffilult to conduct campaigns.
We have encountered the same issue, this makes it impossible to work out which users need further training around identifying phishing emails.