Skip to main content

Allowing simulated Phishing Campaigns for training purposes

  • Updated

From Hornetsecurity we do our best to protect our users from spoofing and phishing campaigns by blocking impersonation attempts, to prevent frauds and sensitive information leaks.

We understand that sometimes warning the final users is not enough, and that companies could be interested into training and testing it's workers on how to detect phishing and impersonation attempts.

For the best implementation of a Phishing Simulation and corresponding trainings, we strongly suggest using our Security Awareness Service. More information can be found here:

https://www.hornetsecurity.com/en/services/security-awareness-service/

There are plenty of other companies on the internet providing these types of courses, and some may ask you to allow through certain impersonated emails for training purposes, or to evaluate your users, to know if they would be able to detect and report potential fraudulent emails.

You could allow certain messages by creating Compliance Filter rules, to mark them as clean, and allowing them to be delivered to the users mailboxes, but doing so involves a high risk, if not done properly, because it skips all of our security filters. You do not have to take these risks when using our Security Awareness Service.

From support, we will be more than happy to advise and/or help you create these rules, as it's important to narrow the rule's criteria as much as possible, as we've seen cases where these rules were too generic and allowed real spoofing to go through.

In order to prevent that, we strongly suggest you to ask your course provider to share in advance a detailed document with the simulated campaign's details, specially concerning sending IP's and hostnames, addresses or domains involved in the header.from and envelope.from fields, and recipients.
Any additional information like specific header lines or keywords present in the subject would help as well to create multiple criteria for the rule to trigger and allow these messages in.

 

As a guidance, the rule could look like this:

 

Important: Please understand that we won't make ourselves responsible in any case for potential negative outcomes, if any real impersonated or dangerous email is allowed by the rule.

Requisite: In case you'd like support to create the rule, please reach us by email, as we won't be able to modify customer's configurations by phone or chat. The general support authorization policy applies.

Related articles

Articles in this section