Sophos Phishing Threat

Start a new campaign to test your users with an attack simulation or enroll them in mandatory training.

You create campaigns with an assistant that uses templates. The templates can be customized to suit your organization and your users. To create a campaign:

Sophos Phish Threat teaches end users to spot phony phishing messages with a series of simulated atta. The weakest link in a company's cyber-defenses? Sophos Synchronized Security connects Sophos Email and Phish Threat to identify those who have been warned or blocked from visiting a website due to its risk profile. You can then seamlessly enroll them into targeted phishing simulations and training to improve awareness and cut your risk of attack. Educational tools like Sophos Phish Threat are a great method for admins to help guide their end users about what phishing emails look like, for example. Plus, despite how skilled bad actors have become at the psychological manipulation component of phishing, there are still tell-tale signs you can look for to avoid clicking through a phishing message.

×Sorry to interrupt. Sophos Synchronized Security connects Phish Threat with Sophos Email to identify users who have been warned or blocked from visiting a website due to its risk profile. You can then seamlessly enroll them into targeted phishing simulations and training to improve awareness and cut your risk of attack.

1. Go to Phish Threat > Campaigns.
2. Click New Campaign and give the campaign a name.
3. Select a campaign type.
4. Select the language for the email template and training modules.
5. Click Next.
6. On the Choose Attack page select attacks from the various styles and difficulty levels available. Click Next.
7. Select one or more training courses. Click Next
   Users who are tricked by the simulated attack are enrolled in these courses. Enrolling users in training after failing a test is optional.
8. In Customize you can tailor elements of the campaign for your organization and your users. Click Next.

   The elements you can customize differ depending on the type of attack and whether you are enrolling users on training courses after failing tests.

   Warning Customizations to the Reminder Email and the landing pages are set globally. They are used by all current and future campaigns in your account. There is no option to return them to their original format.
9. Choose which Users or user Groups to send the campaign to. Click Next
   Click Auto-enroll new users to this campaign to enroll new users into this campaign as you add them to Sophos Central.
10. Review your selections from the previous steps.
11. Then schedule your campaign and set the Sending Increment.
    Note Any actions taken by users after the End Date are not factored into the campaign results.
12. Click Done to save the campaign.

Here you can see the domains and IP addresses that Phish Threat uses to send campaign emails.

Go to Phish Threat > Settings > Sending domains and IPs to review your domains and IP addresses.

You must allow email and web traffic to and from these IPs and domains on your email gateway, web proxy, firewall appliance, or anywhere else in your environment where email and web filtering is done.

You can also find out more about how Office 365 ATP Safe Link and Safe Attachments interact with Phish Threat V2.

This list updates when we add new IPs and domains.

IP addresses

To ensure successful delivery of Phish Threat emails, you must add the following IP addresses to your allow list:

• 54.240.51.52
• 54.240.51.53

Domain names

You must also add the domains listed below to your allow lists.

If you're using an external email proxy (including Central Email), you may also need to amend your SPF records.

Links contained within campaign emails are configured to redirect users to an awstrack.me URL. This is expected behavior, as Phish Threat uses AWS tracking to determine which users have clicked on the malicious links.

• amaz0nprime.store
• auditmessages.com
• awstrack.me
• bankfraudalerts.com
• buildingmgmt.info
• corporate-realty.co
• court-notices.com
• e-billinvoices.com
• e-documentsign.com
• e-faxsent.com
• e-receipts.co
• epromodeals.com
• fakebookalerts.live
• global-hr-staff.com
• gmailmsg.com
• goog1e-mail.com
• helpdesk-tech.com
• hr-benefits.site
• it-supportdesk.com
• linkedn.co
• mail-sender.online
• memberaccounts.co
• micros0ft.tech
• myhr-portal.site
• online-statements.site
• outlook-mailer.com
• secure-alerts.co
• secure-bank-alerts.com
• shipping-updates.com
• tax-official.com
• toll-citations.com
• trackshipping.online
• voicemailbox.online
• itunes.e-reciepts.co
• sophos-phish-threat.go-vip.co
• go-vip.co

Office 365 ATP Safe Links and Safe Attachments

Sophos Phish Threat Datasheet

Office 365 Advanced Threat Protection (ATP) offers security features such as Safe Links and Safe Attachments.

ATP Safe Links can help protect the organization by providing time-of-click verification of web addresses (URLs) in email messages and Office documents. The ATP Safe Attachments feature checks to see if email attachments are malicious, and then takes action to protect the organization.

If Phish Threat V2 IP address and domain names are not included in the allow list, Office 365 executes the links. This makes it seem like an end user has clicked on the links. To ensure the proper execution of Phish Threat V2 with Office 365, set up an exception for the phish threat for both Safe Links and Safe Attachments in Office 365. For instructions on how to set up these exceptions, see IP addresses and domains.

Other 3rd party email scanning products and Phish Threat V2

Sophos Phish Threat Pricing

Other 3rd party email security products may apply their own scanning techniques that open links and attachments in emails as they are processed. If this is the case you may receive reports indicating that your users have clicked links.

Please make sure the above IPs and domains are added to allow lists within the 3rd party product.

Sophos Phish Threat teaches end users to spot phony phishing messages with a series of simulated atta. The weakest link in a company's cyber-defenses? Sophos Synchronized Security connects Sophos Email and Phish Threat to identify those who have been warned or blocked from visiting a website due to its risk profile. You can then seamlessly enroll them into targeted phishing simulations and training to improve awareness and cut your risk of attack. Educational tools like Sophos Phish Threat are a great method for admins to help guide their end users about what phishing emails look like, for example. Plus, despite how skilled bad actors have become at the psychological manipulation component of phishing, there are still tell-tale signs you can look for to avoid clicking through a phishing message.

×Sorry to interrupt. Sophos Synchronized Security connects Phish Threat with Sophos Email to identify users who have been warned or blocked from visiting a website due to its risk profile. You can then seamlessly enroll them into targeted phishing simulations and training to improve awareness and cut your risk of attack.

1. Go to Phish Threat > Campaigns.
2. Click New Campaign and give the campaign a name.
3. Select a campaign type.
4. Select the language for the email template and training modules.
5. Click Next.
6. On the Choose Attack page select attacks from the various styles and difficulty levels available. Click Next.
7. Select one or more training courses. Click Next
   Users who are tricked by the simulated attack are enrolled in these courses. Enrolling users in training after failing a test is optional.
8. In Customize you can tailor elements of the campaign for your organization and your users. Click Next.

   The elements you can customize differ depending on the type of attack and whether you are enrolling users on training courses after failing tests.

   Warning Customizations to the Reminder Email and the landing pages are set globally. They are used by all current and future campaigns in your account. There is no option to return them to their original format.
9. Choose which Users or user Groups to send the campaign to. Click Next
   Click Auto-enroll new users to this campaign to enroll new users into this campaign as you add them to Sophos Central.
10. Review your selections from the previous steps.
11. Then schedule your campaign and set the Sending Increment.
    Note Any actions taken by users after the End Date are not factored into the campaign results.
12. Click Done to save the campaign.

Here you can see the domains and IP addresses that Phish Threat uses to send campaign emails.

Go to Phish Threat > Settings > Sending domains and IPs to review your domains and IP addresses.

You must allow email and web traffic to and from these IPs and domains on your email gateway, web proxy, firewall appliance, or anywhere else in your environment where email and web filtering is done.

You can also find out more about how Office 365 ATP Safe Link and Safe Attachments interact with Phish Threat V2.

This list updates when we add new IPs and domains.

IP addresses

To ensure successful delivery of Phish Threat emails, you must add the following IP addresses to your allow list:

• 54.240.51.52
• 54.240.51.53

Domain names

You must also add the domains listed below to your allow lists.

If you're using an external email proxy (including Central Email), you may also need to amend your SPF records.

Links contained within campaign emails are configured to redirect users to an awstrack.me URL. This is expected behavior, as Phish Threat uses AWS tracking to determine which users have clicked on the malicious links.

• amaz0nprime.store
• auditmessages.com
• awstrack.me
• bankfraudalerts.com
• buildingmgmt.info
• corporate-realty.co
• court-notices.com
• e-billinvoices.com
• e-documentsign.com
• e-faxsent.com
• e-receipts.co
• epromodeals.com
• fakebookalerts.live
• global-hr-staff.com
• gmailmsg.com
• goog1e-mail.com
• helpdesk-tech.com
• hr-benefits.site
• it-supportdesk.com
• linkedn.co
• mail-sender.online
• memberaccounts.co
• micros0ft.tech
• myhr-portal.site
• online-statements.site
• outlook-mailer.com
• secure-alerts.co
• secure-bank-alerts.com
• shipping-updates.com
• tax-official.com
• toll-citations.com
• trackshipping.online
• voicemailbox.online
• itunes.e-reciepts.co
• sophos-phish-threat.go-vip.co
• go-vip.co

Office 365 ATP Safe Links and Safe Attachments

Sophos Phish Threat Datasheet

Office 365 Advanced Threat Protection (ATP) offers security features such as Safe Links and Safe Attachments.

ATP Safe Links can help protect the organization by providing time-of-click verification of web addresses (URLs) in email messages and Office documents. The ATP Safe Attachments feature checks to see if email attachments are malicious, and then takes action to protect the organization.

If Phish Threat V2 IP address and domain names are not included in the allow list, Office 365 executes the links. This makes it seem like an end user has clicked on the links. To ensure the proper execution of Phish Threat V2 with Office 365, set up an exception for the phish threat for both Safe Links and Safe Attachments in Office 365. For instructions on how to set up these exceptions, see IP addresses and domains.

Other 3rd party email scanning products and Phish Threat V2

Sophos Phish Threat Pricing

Other 3rd party email security products may apply their own scanning techniques that open links and attachments in emails as they are processed. If this is the case you may receive reports indicating that your users have clicked links.

Please make sure the above IPs and domains are added to allow lists within the 3rd party product.

Sophos Phishing Cost

We are aware that some 3rd party solutions do not allow their security features to be bypassed in this way. We are actively investigating ways to prevent false positive campaign results caused by 3rd party security products. We hope to include these in Phish Threat in the near future.