Home Phishing Allowlisting

Phishing Allowlisting

By Olivia Brookes

• 4 articles

Allowlisting in Google

Guidance for Allowlisting in Google: - Sign in to your Administrator account - On Admin Console > Menu > Apps > Google Workspace > Gmail > Spam, Phishing and Malware - On the left, select top-level organisation. This is usually through your domain - On the Spam, Phishing and Malware tab, scroll to the email Allow List Setting or search enter allow list - Enter the IP Address of the sending mail servers you want to add to the allow list - Bob's Business Sending IP Address - 35.178.254.71 - At the bottom click save - May typically happen quickly but sometimes changes can take up to 24 hours For more information: Google Guidance - https://support.google.com/a/answer/60751?hl=en

Last updated on Jun 19, 2024

Allowlisting in Microsoft

Guidance for Allowlisting in Microsoft: Configuring Advanced Delivery for Phishing Simulations - In the Microsoft Defender portal at https://security.microsoft.com/, go to Email & Collaborations > Policies & Rules > Threat Policies > Advanced Delivery in the Rules section. - Alternatively, go directly to the Advanced Delivery page https://security.microsoft.com/advanceddelivery - On the Advanced Delivery page, select the Phishing Simulation Tab (Refer to screenshot below) - Once on the Phishing Simulation tab, select the add button in the No third party simulation configured area of the page. - If there are already existing entries on the Phishing Simulation tab, select edit (this is only if the add button isn't available) - On the add third party phishing simulations menu configure the following settings: - Insert phishing (sending) domains. These are all the active domains we use throughout the phishing campaigns. - There should be sixteen domains altogether - ‘spam-manager.co.uk’, ‘dropbx.uk’, ‘alert-manager.co.uk’, ‘hronlineaudit.co.uk’, ‘micorsoft.co.uk’, ‘new-order.uk’ ,’gov-co.uk', ‘link-in.co.uk’, ‘global-web-alerts.com’, ‘apple-alerts.co.uk’, ‘accounts-hubspot.co.uk’, ‘hsbc-online-banking.co.uk’, ‘slackchannels.co.uk’, ‘google-alerts.co.uk’, ‘microsoft-alerting.com’ and ‘businessalerter.com’ - Below is screenshot reference on how it should look on your end. - Sending IP Address refers to Bob's Business IP - 35.178.254.71 - Allowed Simulation URL refers to landing page domains. The * and /* are important as they allow anything before and after that domain to be whitelisted so any URL that has the domain in it can be used. Screenshot for reference below. - Once finished, click add and close. Further Information: Configure the advanced delivery policy for third-party phishing simulations and email delivery to SecOps mailboxes additional help.

Last updated on Dec 11, 2024

Phishing Template Brochure

Phishing Template Overview Phishing emails can vary dramatically in sophistication, the current trend of malicious phishing ‘in the wild’ seems to point towards ever increasing realism. In turn, organisations find it harder each year to detect and ‘weed out’ the criminals number one attack vector. All phishing emails are designed using industry knowledge and trends. Within the remit of this campaign, we aim to replicate common phishing email tactics such as quid pro quo, distraction and realism. The people that send malicious phishing emails are unscrupulous. They focus on manipulating people and they do not care for rules or laws. However, when we test an organisation we have to perform our duties ethically and legally. We offer a wide range of templates, but if there is something specific that your organisation is targeted with, which isn’t included within this template brochure, please get in touch with a member of our team. Microsoft Templates TEMP 114 Subject - 'Activate Your Office 365 Account' Sender - 'no-reply@micorsoft.co.uk' TEMP 302 Subject - '*** added you to the All Staff chat!' Sender - 'no-reply@micorsoft.co.uk' TEMP 308 Subject - ‘Verify your email address‘ Sender - 'no-reply@micorsoft.co.uk' TEMP 309 Subject - 'Staff Update' Sender - 'no-reply@micorsoft.co.uk' TEMP 312 Subject - 'Many files were recently deleted from your OneDrive‘ Sender - 'no-reply@micorsoft.co.uk' TEMP 173 Subject - 'Microsoft Security Update' Sender - ‘no-reply@microsoft-alerting.com’ TEMP 355 Subject - 'Microsoft account security confirmation' Sender - ‘no-reply@microsoft-alerting.com’ TEMP 138 QR Subject - 'Jason Barker shared a file with you on sharepoint' Sender - ‘no-reply@micorsoft.com’ Google Templates TEMP 353 Subject - 'Join with Google Meet' Sender - ‘no-reply@google-alerts.co.uk’ TEMP 133 Subject - 'New Device Sign-In' Sender - ‘no-reply@google-alerts.co.uk’ TEMP 345 Subject - 'Data Loss Prevention rule triggered' Sender - ‘no-reply@google-alerts.co.uk’ TEMP 349 Subject - 'Get started with Gemini' Sender - ‘no-reply@global-web-alerts.com’ Amazon Templates TEMP 119 Subject - 'Order Confirmation' Sender - ‘amazon@new-order.uk’ TEMP 153 Subject - 'You've received a refund!' Sender - ‘amazon@new-order.uk’ TEMP 322 Subject - 'Your payment has been declined' Sender - ‘amazon@new-order.uk’ Banking/Security Templates TEMP 311 Subject - 'You could get £5 from PayPal!' Sender - ‘paypal@alert-manager.co.uk’ TEMP 317 Subject - '[MANDATORY] MFA Activation Required' Sender - ‘no-reply@alert-manager.co.uk’ TEMP 326 Subject - 'Your Debit Card was Registered with Apple Pay' Sender - ‘alert@hsbc-online-banking.co.uk’ TEMP 342 Subject - 'Xero Security Update' Sender - ‘xero@alert-manager.co.uk’ TEMP 346 Subject - 'Your payment is on its way' Sender - ‘no-reply@global-web-alerts.com’ TEMP 362 Subject - ‘New login from your Xero account {{.Email}}' Sender - ‘no-reply@businessalerter.com’ TEMP 363 Subject - ‘Thank you for your purchase from GiffGaff Ltd' Sender - ‘no-reply@businessalerter.com’ TEMP 328 Subject - ‘Update your billing information' Sender - ‘noreply@apple-alerts.co.uk’ TEMP 161 Subject - ‘Annual Tax Calculation' Sender - ‘HMRC@gov-co.uk’ TEMP 329 Subject - ‘Business Insurance Confirmation' Sender - ‘{{.FirstName}}, update to your Experian credit score' Password Related Templates TEMP 301 Subject - ‘Security Alert: Your password has been compromised.' Sender - ‘passwordchecker@alert-manager.co.uk’ TEMP 148 Subject - ‘Important Security Notice' Sender - ‘security@alert-manager.co.uk’ TEMP 344 Subject - ‘Your password has been updated' Sender - ‘no-reply@global-web-alerts.com’ Sign-In Templates TEMP 330 Subject - ‘Your Hubspot account was just signed into from a new device.' Sender - ‘noreply@accounts-hubspot.co.uk’ TEMP 325 Subject - ‘New Action, Severity: High' Sender - ‘no-reply@global-web-alerts.com’ TEMP 336 Subject - ‘[Alert] A new device has signed into Slack' Sender - ‘noreply@slackchannels.co.uk’ TEMP 340 Subject - ‘New CRM Sign-in' Sender - ‘no-reply@global-web-alerts.com’ TEMP 343 Subject - ‘James Smith has requested that you sign a document with {{.Position}}' Sender - ‘no-reply@global-web-alerts.com’ TEMP 347 Subject - ‘Your user profile has been locked' Sender - ‘no-reply@global-web-alerts.com’ TEMP 304 Subject - ‘Zoom Account Activation' Sender - ‘no-reply@businessalerter.com’ LinkedIn Templates TEMP 307 Subject - ‘See what your network is up to!' Sender - ‘no-reply@link-in.co.uk’ TEMP 359 Subject - ‘{{.FirstName}}, please verify your new device' Sender - ‘no-reply@businessalerter.com’ Adobe Templates TEMP 324 Subject - ‘Your company has invited you to Adobe Acrobat Sign!' Sender - ‘adobe@global-web-alerts.com’ TEMP 327 Subject - ‘Your monthly invoice is available' Sender - ‘adobe@global-web-alerts.com’ Orders Template TEMP 313 Subject - ‘Order Confirmation!' Sender - ‘dell@new-order.uk’ TEMP 319 Subject - ‘Thanks! Your booking is confirmed!' Sender - ‘booking@new-order.uk’ TEMP 350 Subject - ‘Order Confirmed' Sender - ‘no-reply@global-web-alerts.com’ TEMP 351 Subject - ‘We're expecting your The Watches of Switzerland Group parcel.' Sender - ‘no-reply@global-web-alerts.com’ Schedules/Requests Templates TEMP 144 Subject - ‘Machine Security Checks' Sender - ‘noreply@alert-manager.co.uk’ TEMP 042 Subject - ‘PC Maintenance' Sender - ‘info@alert-manager.co.uk’ TEMP 314 Subject - ‘Contract of Employment - Requires a Signature' Sender - ‘hellosign@alert-manager.co.uk’ TEMP 348 Subject - ‘Employee Initiative Form' Sender - ‘no-reply@global-web-alerts.com’ TEMP 358 Subject - ‘Matt sent you file.mov via We Transfer' Sender - ‘no-reply@businessalerter.com’ TEMP 361 Subject - ‘Invoice INV-037610 from Established Models Limited for Harods' Sender - ‘no-reply@businessalerter.com’ HR Templates TEMP 112 Subject - ‘Upcoming Audit' Sender - ‘no-reply@businessalerter.com’ TEMP 331 Subject - ‘[NOTIFICATION] Change of Personal Details' Sender - ‘no-reply@alert-manager.co.uk’ Dropbox Template TEMP 043 Subject - ‘Dropbox Group Invitation' Sender - ‘noreply@dropbx.uk’ Mail Template TEMP 083 Subject - ‘Encrypted email received' Sender - ‘securemail@alert-manager.co.uk’ TEMP 019 Subject - ‘You have mail in you Spam Manager' Sender - ‘no-reply@spam-manager.co.uk’ Business Insurance Template TEMP 329 Subject - ‘Business Insurance Confirmation' Sender - ‘no-reply@global-web-alerts.com'

Last updated on Dec 11, 2024

Allowlisting in Mimecast

Permitted Senders 1. Log onto the Mimecast Administration console. 2. Open the Administration Toolbar. 3. Select Gateway | Policies. 4. Select Permitted Senders. 5. Select New Policy. 6. Select the appropriate settings (below) under the Options, Emails From, Emails To, and Validity sections. 7. Enter Bob’s Business sending IP Address in the Source IP Ranges Field. Greylisting Adding Bob’s Business to the permitted senders list (above) should bypass Greylisting. However, we recommend following the Greylisting steps below to avoid any potential delivery issues. 1. Log onto the Mimecast Administration console. 2. Open the Administration Toolbar. 3. Select Gateway | Policies. 4. Select Greylisting. 5. Select New Policy. 6. Select the appropriate settings (below) under the Options, Emails From, Emails To, and Validity sections. 7. Enter Bob’s Business sending IP Address in the Source IP Ranges Field. URL Protection Bypass Policy Mimecast's URL Protection service scans links sent within emails as they are delivered. Occasionally, this causes simulated phishing emails to trigger this service. Follow the steps below to create a URL Protection Bypass policy. 1. Log onto the Mimecast Administration console. 2. Open the Administration Toolbar. 3. Select Gateway | Policies. 4. Select URL Protection Bypass. 5. Select New Policy. 6. Select the appropriate settings (below) under the Options, Emails From, Emails To, and Validity sections. 7. Enter Bob's Business IP Address in the Source IP Ranges Field. Anti-Spoofing Policy Anti-Spoofing Policy are recommended if you receive large amounts of spoofing mail. They ensure external messages appearing to come from an internal domain are blocked. 1. Log onto the Mimecast Administration console. 2. Open the Administration Toolbar. 3. Select Gateway | Policies. 4. Select Anti-Spoofing. 5. Select New Policy. 6. Select the appropriate settings (below) under the Options, Emails From, Emails To, and Validity sections. 7. Enter Bob's Business IP Address in the Source IP Ranges Field.

Last updated on Apr 25, 2025