7MS #482: Creating Kick-Butt Credential-Capturing Phishing Campaigns - Part 3
Today we're continuing our discussion on phishing campaigns - including a technical "gotcha" that might redirect your phishing emails into a digital black hole if you're not careful!
As I mentioned last week, I've been heavy into spinning up and tearing down phishing campaigns, so I finally got around to documenting everything in episode 481.
This week I ran into a bizarre issue where test phishes to myself suddenly disappeared from my Outlook altogether! After chatting with some folks on Slack I did a message trace in the Exchange Admin Center under:
- Mail flow > Message Trace > Start a trace then make the Sender field be the user you're sending phishing emails from. That showed me that my phishes were being quarantined!
To get around the quarantine, I went into Mail flow > Rules and then created a new rule with the following properties:
- Apply this rule if > The sender's domain is > yourphishingdomain.com
Then under Do the following:
- Set the spam confidence level (SCL) to...Bypass spam filtering
Under And, click the drop-down and choose:
- Modify the message properties...set a message header...X-MS-Exchange-Organization-BypassClutter
Then click where it says Enter text and change header value to True and click OK.