Phishing Simulation Detected as Phishing

I was doing some tests with a phishing simulation tool from Microsoft. It looks like 1.1.1.2, 1.1.1.3, etc. have categorised the domains used by this tool as actual phishing domains. This defeats the purpose of the simulation, as you don’t get any telemetry back from the tool due to the domains being blocked, rather than getting no telemetry because my users are savvy enough to not click the links!.

Should such domains be removed from the Phishing category?

The list of domains is documented on docs.microsoft.com

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-get-started

cc. @mvavrusa

Shmaybe? I mean they are phishing domains technically. I do understand the use case you’re describing and will pass it along to the team that maintains the database for consideration.

1 Like

Thanks. If we are being really technical, the emails that link to them are designed to look like phishing, but they are explicitly not. At best they are used for analytics!