This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Feature Request: Phish Threat support for custom domains

Typically an attacker would use a custom domain for a particular engagement so the content and the domain match up. However, when setting up a new campaign with a custom template, we are unable to choose a domain that makes sense (apart from maybe “outlookmailer.com” at a stretch), which is not allowing us to effectively simulate what an attacker would do.

Please could a feature be implemented to allow the adding of custom domains – or generic domains such as securealerts.com / authorisednotifications.com etc., which may apply to many different scenarios. However, the issue with generic domains is that the user will quickly identify them as spam.

 

(moving into correct forum, previously posted in general)



This thread was automatically locked due to age.
Parents
  • Hello,

    Are you looking for more domain names to use? If so, please can post your suggestion here: ideas.sophos.com/.../593590-phish-threat

    We have a list of 41 domain names that can be used for campaigns. You just need to change the 'From Email' details to your liking within the Campaign Details page:

    For example I wanted to simulate an eDocument phishing email which my company typically receives. Note that I've used a domain name which matches the type of attack I'm simulating and note that I can further edit this by including a custom name. For this one, I've just used Joe.Bloggs but this could be utilised to further enhance the authenticity of this email. As well as this you can choose to use a sub-domain which to the inexperienced eye, appears to come from the company the recipient works for. Add all this together and it really looks like a legitimate email. 

    To view the list of domain names we have so far, please log into Phish Threat, expand 'Settings' then select 'Domain List'. 

    I trust this helps you. 

    Regards,

    Byron 

  • Hi Byron,

    Thanks for your reply.  I actually really like the sub-domain feature!

    I trialed a few products before deciding on PhishThreat - to my mind it just seems a lot slicker than the competition.  However, one of your competitors offers customers the ability to set the FROM: Domain on any phishing attempt to anything they want.  For a Salesforce phishing example, I could then spoof "no-reply@salesforce.com", which should encourage users to look harder in the body of the email for signs of this being a phish email, helping their education.

    This - along with more generic but trust inducing domains (securealerts.com etc.) about would help simulate more advanced phishing attacks. I know a lot of the phish users receive isn't particularly advanced (the domain name often doesn't make sense to the content), and for this we wouldn't need to include a custom domain.  It's good to mix up the sophistication.

    Do you think this is something we/Sophos could do?

    Regards,
    Ian

  • Hi Ian,

    You will be best raising this as a feature request using the aforementioned link. That way, our Product Management team can review the request and provide their own feedback. Though I believe one of our Product Managers has already reached out to you so they may talk more about your request. 

    For others out there reading this post, Sophos will expand the available domains on an ongoing basis and as well as that, consideration is being made to add support for spoofing domains under the customer’s control.

    Best Regards,

    Byron 

Reply
  • Hi Ian,

    You will be best raising this as a feature request using the aforementioned link. That way, our Product Management team can review the request and provide their own feedback. Though I believe one of our Product Managers has already reached out to you so they may talk more about your request. 

    For others out there reading this post, Sophos will expand the available domains on an ongoing basis and as well as that, consideration is being made to add support for spoofing domains under the customer’s control.

    Best Regards,

    Byron 

Children
No Data