Typically an attacker would use a custom domain for a particular engagement so the content and the domain match up. However, when I setting up a new campaign with a custom template, we are unable to choose a domain that makes sense (apart from maybe “outlookmailer.com” at a stretch), which is not allowing us to effectively simulate what an attacker would do.
Please could a feature be implemented to allow the adding of custom domains – or generic domains such as securealerts.com / authorisednotifications.com etc., which may apply to many different scenarios. However, the issue with generic domains is that the user will quickly identify them as spam.
This thread was automatically locked due to age.