Phishing Examples for the Microsoft Office 365 Attack Simulator – Part Two


Examples of Phishing Emails for the Microsoft Office 365 Attack Simulator - Part Two

This is the second post of a multi-part blog with examples to use as part of a phishing simulation in the new Microsoft Office 365 Attack Simulator. For background information on the tool and this blog series, click on Part One below.

Phishing Examples for the Microsoft Office 365 Attack Simulator - Part One (Background)

Phishing Examples for the Microsoft Office 365 Attack Simulator - Part Two (Simulations 1-5) current page

Phishing Examples for the Microsoft Office 365 Attack Simulator - Part Three (Simulations 6-10)

Simulation 1: Employee Feedback Program

From Name: Employee Peer Feedback Program

From Email Address: EmployeePeerFeedbackProgram@companydomain.com

Phishing Logon Server URL: (choose the most appropriate option)

Email Subject: New Employee Peer Feedback Program - Action Needed

When/How to Use This Template: This template is best used just prior to your organization's review timeframe. If sent several weeks prior to the review period, it will be that much more relevant to your employees. Insert a hyperlink into the space provided below for successful click tracking.

Email Body:

Hello ${username},

Welcome to the new Employee Peer Feedback System (ERS). As part of the new corporate peer evaluation system, you now have the opportunity to request feedback from coworkers about your job performance over the past evaluation period. This feedback is a critical part of your overall evaluation that will be used by your manager.

Please click on the link below to get started. You will be guided through this simple to use feedback system to request feedback from coworkers as well as provide feedback for your coworkers who have requested it from you.

The feedback window is only open for the next two weeks, so please take action now.

Employee Peer Feedback System website (insert hyperlink here)

Thank you.

Simulation 2: First Annual Company Retreat

From Name: First Annual Company Retreat Registration

From Email Address: AnnualCompanyRetreatRegistration

Phishing Logon Server URL: (choose the most appropriate option)

Email Subject: Registration for the First Annual Company Summer Retreat

When/How to Use This Template: Use this phishing template in the Spring or Summer at the time when many people are looking forward to getting away from it all after a long Winter. Insert a hyperlink into the space provided below for successful click tracking.

Email Body:

Hello ${username},

This is the first of many emails you will receive about the first annual company retreat. This is an opportunity for you and your significant other to enjoy a bit of time away. At this three-day event we will enjoy great entertainment, have plenty of time to relax, put work aside and rejuvenate. Yes, there will be one or two work oriented seminars but these will be fun and unforgettable.

To find out more details, we are requesting each employee to review the link below for more details, let us know if you will be able to attend, and provide registration information. This will be an event you will not want to miss! We are looking forward to seeing everyone there.

Company Retreat Official Site (insert tracking link here)

Thank you!

Simulation 3: Unusual Account Logon Activity Identified

From Name: Corporate Security Team

From Email Address: SecurityTeam@companydomain.com

Phishing Logon Server URL: (choose the most appropriate option)

Email Subject: Unusual Account Logon Activity

When/How to Use This Template: This is a phishing template to use anytime as it is always relevant. Insert a hyperlink into the space provided below for successful click tracking.

Email Body:

Hello ${username},

As part of an ongoing evaluation of our network security, we recently implemented a program to monitor for suspicious network logon activity. Your account was found to have logged in to your US office location yesterday and within a few hours found also to have logged in from an area of Australia. This is an impossible logon event and we are requesting your immediate assistance to help identify any additional suspicious activity with your account.

Can you please take a few minutes to log into the company portal below and review additional logon activity as well as recent data that has been accessed by your account.

Company Cloud Logon Portal (insert link to tracking site here)

Thank you for your help.

Simulation 4: Company Sponsored MLB Baseball Game

From Name: Company Recreation Committee

From Email Address: CompanyRecreationCommittee@companydomain.com

Phishing Logon Server URL: (choose the most appropriate option)

Email Subject: Your Invitation to a (Local City Baseball Team) Company Sponsored Baseball Game

When/How to Use This Template: Use this phishing template in the early Spring time such as the March or April timeframe as the sports season is just beginning. A similar email can be used to target any major sports team. Insert a hyperlink into the space provided below for successful click tracking.

Email Body:

Hello ${username},

The new company sponsored recreational committee has been working hard to develop one of our first company events. This event will be held on (date) at the (City/Baseball Team Name) in downtown (name of city). This event is being offered to you at no cost. Included are tickets for you and your family to the baseball park, parking vouchers, $20 in spending money for each person for food and beverages - all for an afternoon of fun, relaxation and a chance to cheer on our team!

The recreational committee needs an accurate count of how many tickets to purchase to the stadium. If interested (and we hope that you are!), please logon to the company site below to register and provide us with the tickets needed for you and your immediate family. We are looking forward to seeing everyone at this fantastic event!

Company Recreation Committee MLB Baseball Signup Site (insert link here)

Thank you!

Simulation 5: Company Apparel Orders

From Name: Company Apparel

From Email Address: CompanyApparelOrders@companydomain.com

Phishing Logon Server URL: (choose the most appropriate option)

Email Subject: Company Apparel Orders

When/How to Use This Template: This phishing template may be used anytime. Insert a hyperlink into the space provided below for successful click tracking on the company apparel website.

Email Body:

Hello ${username},

The marketing team has recently completed a revamp of apparel options featuring our company logo. We removed our previous supplier after hearing about quality concerns and worked with one of the leading and hottest apparel manufacturers today. In addition to these new apparel options, we have revamped the entire line of products with company logos on them such as hats, pens, pencils, paper pads, binders, etc.

Please take a moment to review the entire line up of new products on our vendors site using the link below. This is your opportunity to show your support for our company!

(Insert Company Apparel link here)

Thank you

Comments (0)

Skip to main content