Test your employee’s with a fake Phishing Attack using Microsoft Office 365

Fake Phishing Email

We are all aware of the cyber security issues that surround IT and despite all the constant chatter around this people still fall for the scams.

You can send your staff on all the cyber security courses available and share videos on You Tube with them but it’s still very hard for your employees to remember whilst doing their day to day job.  This is because it’s all theory based, examples of what might happen, what you might need to look for and what you might need to do.

“It is a common belief that confidence is directly linked to competence”

Simulation training however gives your employees the opportunity to apply the theory they have learnt against real-life scenarios.  Simulation training will allow them to gain experience and in turn give them confidence to manage similar real-life scenarios.  It is a common belief that confidence is directly linked to competence.

“Did you know a pilot will do a month of simulation flying before even stepping on an aircraft?”

You only need to look at the aviation industry to see how flight simulators work to train pilots, did you know a pilot will do a month of simulation flying before even stepping on an aircraft?


Office 365 now comes with Simulated Phishing Attacks to test your Employee’s….

Simulated email attacks and fake phishing emails is nothing new, Companies have been offering this service for several years.  It is however only really affordable by the big corporates because it comes with an expensive price tag (£5K upwards) for a simulation and report.

Finally, however there is a solution available from Microsoft for the SME market where you can schedule regular fake phishing emails to be sent to your employees.  You can even access analytical data to see which employee opened the email, entered in their credentials or even open the attachment.  This solution is also considerably cheaper and requires just an Office 365 Defender 2 licence at £3.80 per month on a 12 month contract!

The types of phishing emails that you can send (or payloads as Microsoft calls them) can be selected from default templates like the one below:-


This email tries to get the user to click on the password link and then takes them to a fake login page to see if they enter their email credentials and if so, this is also captured in the report.

You can even create custom phishing emails that look as though they have come from your suppliers for example if you wanted to test the Accounts department.

As well as emails that try and get your login details there are also phishing emails that pretend they have come from DropBox sharing a file like the example below:-

DropBox Fake Phishing Email

Detailed reports show you which users fell for the phishing email…..

Reports can then be accessed to show which users opened the email and if they entered their credentials as well, highlighting those users most at risk.

It also offers statistics showing what % of people within your organisation were compromised and compares this to the average % of users that are compromised by this type of email.


365 Simulation Phishing Report

Phishing attacks can be simulated to run for as long as you want for example over a month and users can be targeted with several different payloads throughout this time with reports on each one available.  It will even show you any repeat offenders who have maybe fallen for more than one phishing email.

All of this is done to enable you to educate your employees rather than “name and shame them”, Microsoft refer to it as positive reinforcement and I like that term, we are all in this together!


Office 365 also sends out training videos to the users that fall foul of the email

For me this is the real jewel in the crown of the whole Phishing Simulation product from Office 365 in that training videos are automatically assigned as users are caught out.  Videos are specific to what type of email caught them out, so they are more aware in the future.

These videos are relatively short at around 7 minutes or less and Office 365 will even monitor the users and email them if they fail to watch the videos and complete the exam at the end.

If you want any more information on this product or even some advice on how you can run it for your own Company just email us on hello@leapit.co.uk







Leap IT is here to take your businesses IT to where it needs to be.  We have been delivering IT Managed services throughout Birmingham, The West Midlands and across the UK for over 20 years and on behalf of more than 350 businesses.  We work closely with you to really understand what your business needs so that we can make sure you always receive the best advice and achieve the best value. 

With a breadth of solutions spanning IT Support, Communications, Cloud Computing and Print we see that you IT is completely covered from end to end. 


This site uses cookies to offer you a better browsing experience. By browsing this website, you agree to our use of cookies.