Blog

Launching Phishing Simulations for the 2024 Olympics: A Complete Guide

Written by Jeff Rezabek | Aug 01, 2024

Most phishing emails are opportunistic in nature and use urgency to create a response-sometimes in the form of a fake invoice or password reset. Another tactic that cyber attackers use is leveraging current events. With the 2024 Paris Olympics in full swing, it’s essential for companies to test their employee’s ability to identify and report current phishing threats. 

In this post, we’ll share how IRONSCALES customers quickly launch an Olympic-themed phishing simulation campaign using the recommended campaign in the IRONSCALES platform as well as give step-by-step instructions if you don’t have access to IRONSCALES. 

Launch Olympic-Themed Phishing Simulation in 3 Clicks 

1. Select The Recommended “Email-Based Phishing – Olympics" Phishing Simulation Campaign

In as little as three clicks, you can launch an expertly crafted phishing simulation campaign complete with a phishing simulation email, landing page, and more. First select one of our pre-built recommended campaigns based on seasonal events, current attack trends, and more.

2. Preview the Text 

IRONSCALES experts craft the phishing simulation email for you and include the hyperlink, sender address, and the subject line.

3. Review and Launch

Review the campaign set up. Recommended campaigns will come with pre-populated settings, send dates, collection periods, and reminders. You’ll also get the chance to review or swap out the pre-selected landing page and training module for the recipients who fail the simulation.

If everything looks good and you don’t have any changes, click “Launch” and move on to the next task.

Step-by-Step Guide for Microsoft Defender for Office (MDO) and Phishing Simulations 

Microsoft Defender for Office (MDO) offers the ability to prepare and launch phishing simulations that can be bundled with training material. However, setting up and launching these simulations can be tedious if you don’t do them often.

In this section, you will use the Attack Simulation training feature of MDO to create a phishing simulation using the same phishing simulation email used earlier. 

Although the built-in themes that MDO provides are slightly dated and do not cover the latest phishing trends like the Olympics, you will use its flexibility and many features to create such a phishing simulation.

Configuring a Phishing Simulation in MDO 

After clicking “Launch your own simulation,” you will have to follow eight steps to set up the phishing simulation. 

1. Select Technique 

In this step, you have to choose the type of phishing emails that you want to create. This can be a phishing email with a URL, a malicious attachment, an attachment with a link in it, etc. For our purpose, the popular and simple “Credential Harvest” will be enough.

2. Name Simulation 

In this step, you need to provide a unique name for the phishing simulation as well as a brief description of its purpose. This is not only important for documentation purposes but also for other members of your IT security team who might have to answer questions from employees who received your unannounced phishing simulation. 

 

3. Select The Payload and Login Page 

This step is crucial for the success of the phishing simulation since you will specify the payload and the landing page of your phishing simulation. The payload in MDO refers to the content/body of our forged phishing email. The login page represents the webpage that will be shown to the phishing victim if they click on the phishing link. 

You can choose between “Global payloads” or “Tenant payloads.” The former is shared with all Microsoft customers that use MDO and is generic (or dated). The latter, “Tenant payloads,” are not shared between Microsoft customers and can only be viewed or used within your company.

For your Olympics theme, you will have to create a new payload under “Tenant payloads.” 

 

After clicking on “Create a payload,” follow the steps to set up the new payload. 

a. Select type: Select whether the payload will be an email or Teams message

b. Select Technique: Given that your simulation is of “Credential Harvest” type, and you are creating a payload within this simulation, you have to use “Credential Harvest” for your payload technique. 


c. Payload Name: Here, you need to specify a descriptive name for your payload and the name needs to be specific enough since you might reuse it for other phishing simulations in the future.

  

d. Configure Payload: In this step, you will specify the content of the phishing email, starting from the sender, email subject, phishing URL, and the body of the email. 

To make it believable the “From” header of our email will be forged to impersonate the HR of our company. By clicking “Select URL,” you can choose a phishing domain from a list of Microsoft pre-defined domains (if you do not want to create our own).

Going further, you can specify the language and the body of your phishing email.

 

 

 

 

 

As seen in the figure above, you can either import the phishing email if you have already prepared it separately or create it from scratch. Note that by using the “Dynamic tag” feature, you can use dynamic attributes like the recipient’s username, first name, last name, or other details like the department, city or site, the manager of the employee, etc., to make the email more personalized and believable.

  

By clicking on the “Phishing link, you can specify the HTML text that will be displayed to the recipients of the phishing link; in your case, “Register Here. 

Finally, at the end of this step, click on “Predict Compromise Rate,” which allows Microsoft to rate your payload and calculate the success of your phishing payload based on its content. 

 

e. Review Payload: Here you view a summary of the payload you just prepared. 

You also have the opportunity to click on “Send a test” to receive an example of the phishing email or click on “Preview indicator,” which will give you a preview of the phishing email. 

  

Now that you have our own payload, you can view its details and login/landing page by clicking on its name.

The default landing page is the popular M365 login page. However, by clicking on “Change login page,” you can also provide your own crafted login page if desired.

 

 

4. Target Users 

Now that you have your phishing payload configured, you can move to the next step, where you choose the scope of the phishing simulation. Here, you decide if you want to send this phishing simulation to the entire company or only a specific group of employees.

It is always best practice to test the email with one or two recipients before sending it to thousands. That is why you should only choose a specific employee in this step instead of the entire company. By clicking on “Add users, you will be presented with different filtering criteria that you can use to select specific employees or groups of employees based on some criteria like the city, department, country, etc.

Once define your targets, they will be displayed on the user list.

When selecting a group of employees, if there are specific individuals who need to be excluded, the subsequent prompt will enable you to list those not included.

5. Assign training 

At this stage, you have the option to select the training materials to offer employees who do not pass the phishing simulation, as a component of the phishing awareness training program. Here, you can allow Microsoft to automatically decide on proper phishing training by clicking on “Assign training for me” or manually choose it yourself by clicking on “Select training courses and modules myself.” Regardless of personal preference, you must utilize the training courses provided by Microsoft rather than custom training materials, even if you believe they might be more effective. Finally, after selecting the training, you can specify its due date, which can be 7, 15, or 30 days after the end of the phishing simulation. 

After specifying the training, the next prompt will require you to specify the so-called “phish landing page. This refers to the webpage that will be shown to the phishing victim if they provide their credentials. You can use built-in phishing landing pages from Microsoft or create your own under “Tenant landing pages.

 

For this example, let's use Microsoft's default landing page. 

6. Select End-user Notification 

In this step, you can configure the type of training email notification that phishing victims will receive after the phishing simulation ends. You can decide not to send any, use the default notification from Microsoft, or specify our own notification. 

7. Launch Details 

In this step, you can schedule the launch of the phishing campaign. You can launch the simulation immediately or schedule it for a specific date and time. Furthermore, you can also configure the duration of the simulation (in days). With the Olympic Games already underway and the desire to ensure the phishing simulation coincides with the ongoing Olympics, launching the campaign immediately becomes a priority. 

 

8. Review Simulation 

Review simulation is the final step of the simulation wizard. It will provide you with an overview of the phishing simulation configuration before launching the simulation.

Once the simulation is launched, you will see a confirmation that the launch was successful.

Shortly after the launch of the phishing simulation, the sole target received the custom phishing email that you crafted as a payload for this simulation.

Finally, you can monitor the progress of the phishing campaign and any related statistics on the corresponding tabs of the Attack Simulation training.

Conclusion 

Keeping up with the latest phishing trends is crucial for companies that want to reduce the success of “modern” phishing campaigns. With the Paris Olympics in full swing, that means the phishing attacks leveraging these games are launching too.

To prepare your teams to recognize these types of event-based attacks, you can effortlessly launch the Olympic-themed phishing simulation campaign in IRONSCALES in as little as 3 clicks.