Phishing Simulation Whitelisting - Office 365

IPs to Whitelist:

• 52.74.95.172

SolCyber partners with a company named Right-Hand to run phishing simulations. The IP addresses you will be whitelisting will belong to Right-Hand, and the phishing campaigns will be run by SolCyber.

Step 1: Setup IP Allow List #

• Visit https://security.microsoft.com/antispam and select “Connection filter policy (Default)”

• Click on Edit connection filter policy and add the Right-Hand IP(s) listed above.
• Click Save.

Step 2: ByPass Clutter & Spam Filtering#

To ensure our messages will bypass your Clutter folder as well as spam filtering within Microsoft’s EOP, follow the steps below.

• Visit the Exchange Admin Center (https://admin.exchange.microsoft.com) and in the left menu click on Mail flow > Rules
• Click on + Add a Rule and select Bypass spam filtering…

• In New rule pop-up, provide the rule name - Right Hand Phishing Simulation Bypass.
• Click the Apply this rule if… drop-down menu and select The Sender then IP address is in any of these ranges or exactly matches.
• In Specify Sender Address Ranges , please provide the following IP addresses:
  • 52.74.95.172
• Under Do the following, choose to Modify the message properties and set a message header
• Click the Enter Text button after “Set the message header” and Enter the following text in message header “X-MS-Exchange-Organization-BypassClutter” and Click OK
• Click Enter Text button after “to the value” and enter “true” (Case sensitive) and Click OK and then add action.
• Click on the drop-down Do the following… select Modify the message properties and click Set the spam confidence level (SCL) to… and click on Bypass Spam Filtering.

• Click on the Save button.

Step 3: Advanced Delivery Configuration#

Phishing Simulation#

1. Visit https://security.microsoft.com, in the left navigation menu, click on Policies and rules under the Email and collaboration section.

2. In the Policies and rules page, click on Threat policies.

3. In the Threat policies page, click on Advanced delivery under the Rules section.
   

   

4. On the Advanced delivery page, in the Phishing simulation tab, click Edit.
   

   

5. In the Sending domain field, add the following domain names:

   • right-hand.ai
   • bankng-login.com
   • linktologin.com
   • inbox-login.com
   • linktosso.com
   • ssotowebsite.com
   • login-sso.com
   • verified-login.com
   • authupdate.com
   • resetlogin.com
   • account-protect.me
   • discountOffer.com
   • grnaill.com
   • mailboxaccess.com
   • rnicrosoftlogin.com
   • linkdinapp.com
   • micosot.com
   • doqusign.com

6. In the Sending IP field, add the following IP address:

   • 52.74.95.172

Step 4: Set up a mail flow rule to bypass the junk folder #

This rule will allow only simulated phishing emails from RightHand to avoid the Junk folder.

1. In Exchange Admin Center, from the Left menu click on mail flow
2. Click on the + button under Rules and select Bypass spam filtering…
3. Give Rule name as “RightHandCyberSecurity - Skip Junk Filtering”
4. Click Apply this rule if… drop-down menu and select The Sender, then select IP address is in any of these ranges or exactly matches.
5. Enter following IP addresses & Click OK:
   • 52.74.95.172
6. Click the Do the following drop-down menu and click Modify the message properties then Set a Message Header.
7. Click on the Enter text… button after “Set the message header” to set the message header
8. Enter the following text: “X-Forefront-Antispam-Report” (Case sensitive) and Click OK.
9. Click the Enter text… button after “to the value” and enter “SFV:SKI;CAT:NONE” (Case sensitive) and Click OK.
10. Under Properties of this rule, set the priority to directly follow the rule you created in the Step 2 & Click Save