As you may already know, about a year ago, Microsoft has introduced a security tool to Office 365 called Attack Simulator to help administrator and security teams to simulate attacks to their Office 365 tenant to find vulnerable accounts before a real attack occurs.
Well, the Office 365 Attack Simulator has been updated to include a new scenario: Attachment Attack.
This new scenario will help you evaluating and securing the security configuration of your organization against phishing and malicious attacks using attachment.
To get advantage of this feature, you must have an Advanced Threat Protection license (either ATP P2 or any subscription including the ATP plan.
To start using it, logon to your Security and Compliance portal (https://protection.office.com/) and reach the Threat Management\Attack Simulator blade
From there launch the new scenario called Spear Phishing (Attachment) Account Breach and follow the wizard to set the context of the attack simulation which mainly consists of setting up the targeted user(s), the (so called) phishing email details (from, attachment type [doc, docx or pdf)…)
Once you have set the details, the attack simulation will run by sending the email to defined recipients
NOTE keep in mind this attachment does not contain any malicious code; instead it display a detailed message explaining what happened. The file also contains a hidden image file which makes a call back to Microsoft’s servers to indicate that the user has opened the file
You can than have the attack simulation result by accessing the attack details or the View Report link showing up; you will then be able to access the history (attack details) and results of the simulation
Result of this attack simulation will then help you to reinforce communication and training to your end-users to report any suspicious email using the Report message add-in which is available on all Outlook client (desktop, OWA and even mobile)