Central Phish Threat

Posted on  by 



Argon, refrigerated liquid (cryogenic liquid) appears as a colorless noncombustible liquid.Heavier than air. Contact may cause frostbite. May cause asphyxiation by displacement of air. Prolonged exposure to fire or intense heat may cause the container to rupture violently and rocket. ›› Argon molecular weight. Molar mass of Ar = 39.948 g/mol. Finding molar mass starts with units of grams per mole (g/mol). When calculating molecular weight of a chemical compound, it tells us how many grams are in one mole of that substance. The formula weight is simply the weight in atomic mass units of all the atoms in a given formula. Definitions of molecular mass, molecular weight, molar mass and molar weight. Molecular mass (molecular weight) is the mass of one molecule of a substance and is expressed in the unified atomic mass units (u). (1 u is equal to 1/12 the mass of one atom of carbon-12) Molar mass (molar weight) is the mass of one mole of a substance and is. Online molar mass - molecular weight calculator (MW) for any chemical formula such as H2O, CaCO3. It has a built-in case correction so you could write h2o when you mean H2O It also can be used for multi section formula Co3Fe(CN)62. Molar mass of argon in kg/mol.

If there is a licensed user in Phish Threat (A user that is part of an active campaign), that does not exist in the Sophos Central user list, that user will be added to the Sophos Central user list; Active Phish Threat campaign. You must delete users from the Central user list, the Phish Threat user list, and from any active Phish Threat. Sophos Phish Threat educates and tests your end users through automated attack simulations, quality security awareness training, and actionable reporting metrics. Phish Threat provides you with the flexibility and customization that your organization needs to facilitate a positive security awareness.

The goal of the article

  • Following the article in Part 1, Part 2 will proceed with Phish Threat configuration with the second Campaings type Credential Harvesting on Sophos Central.
  • Also, you can review part 1 of the article here.

Instructions for configuring Phish Threat features on Sophos Central.

  • To use Phish Threat feature on Sophos Central, we first need to create a Sophos Central account.
  • To create Sophos Central account, you can see the instructions here.
  • After acquiring Sophos Central account, log into Sophos Central with the account you just created at https://central.sophos.com.
  • Next select People to add users for Phish Threat configuration.
  • Click Add> Add User.
  • The Add User table appears, fill in the name FIRST & LAST NAME and enter the email address in the EMAIL ADDRESS box.
  • Note: Email address must be a domain email address, do not use public email addresses like Gmail, Yahoo …
  • Next, let email training send to users who are not added to the Spam folder. We need to add IP addresses and domains for training to the trusted item (whilelist) on Mail Server or mail services like G- Suite, Office 365 ….
  • To obtain the IP address, log in to Sophos Central account and click Phish Threat> Setting> Sending domains and IPs.
  • Now we will see two IP addresses and a series of domains that Sophos provides for the training.
  • Next we press MY PRODUCTs> Phish Threat> Campaigns to enter the Phish Threat feature.
  • Here to do training for users we need to create Campaigns, to create Campaigns click New Campaigns.
  • We will set name for Campaigns and choose the type for Campaigns.
  • Campaigns has 4 types:
  • Phishing: Attracting targeted users to click on a link in an email.
  • Credential Harvesting: Attracting targeted users to enter login information into a fake website.
  • Attachment: Attracting targeted users to open an attachment in an email.
  • Training: Enroll the target user for mandatory training based on the selected training modules.
  • We will do the simulation of Campaigns to see how it works.
  • In this article, we will simulation Credential Harvesting Campaings type.
  • After clicking New Campaigns, we will enter the name for Campaigns as Phishing and select Phising and then click Next.
  • Next we will select the attack pattern, in this case Sophos has provided us with a lot of attack patterns coming from famous websites like Amazon, Adobe, Apple … we just choose one of the The type of attack we want.
  • Here We will choose the type of Email Account Verification and then click Next.
  • Next, we will choose the type of training for users, where Sophos also provides training types on internet threats such as Ransomeware, Keyloggers, Macro Malware …, these training types will include 1 video clip with subtitles English and record video time.
  • We can choose up to 5 training types for 1 Campaigns and those training types will be random when sent to users.
  • Here We will choose the type of Training Credential Harvesting and then click Next.
  • Next is the Customize section, which allows you to edit the contents of Attack Email, Attack Landing, Reminders Email, Caught Landing, Training Landing.
  • This section contains 4 parts: Attack Email, Reminder Email,
    Attack Landing, Caught Landing, Training Landing.

Attack Email

  • In this Attack Email section, when we click, we will see the information available such as Name, Email, Email Subject. We can change it if you want.
  • In this section, we will form an IT department manager to send an email informing all employees about renewing the account in the company’s database according to the schedule and asking employees to log in to the account by link to verify the account.
  • In the From Name section we will set it as Nguyen Van Phu.
  • In the From Mail section we will set it as phu.nv123@helpdesk-tech.com.
  • Alternatively, we can use the sub-domain by checking the box to use a sub-domain on phishing URL replacements and entering the box as Sophos, then the mail account will be phu.nv123@sophos.helpdesk-tech .com.
  • Email Subject will be [IT Department] Request login to authenticate.
  • Next we drag the mouse down to see the contents of the email we will send, we can click Edit to edit the content sent.
  • The content is edited as follows:

Attack Landing.

  • This is the page that will be displayed after the user clicks on the link.

Reminder Email.

  • This is a reminder email when we have not completed the training.

Caught Landing.

  • This Caught Landing section will contain a page with the content “This is not a real attack but it may have happened”.
  • This page will appear when the user opens the email and clicks on the link, the page appears to be wrong for the user to know that this is a training and the user has not passed, so he will do the test.
  • You can edit the content of the page by clicking Edit.

Training Landing.

  • This is a page informing us that we were invited to tranining.
  • After modifying the Customize section click Next to go to the Enroll Users section.
  • In this section we can assign 1 or more Users or Group for training.
  • Click Next to go to Review & Schedule, in this section you can set the time for training to take place.
  • You can choose Launch at schedule time to set the timetable or select Launch immediately for the training to take place immediately after clicking Done.
  • In the Sending Increment section, help us set up this training for many people in a certain period of time.
  • For example: if you choose Send to all enroll users and at the same time, this training will be sent to all users at the same time. If you select Send 5% and select Every hour, every 1 hour the training will be sent to 5% of the total number of people selected in the Enroll User section above.
  • Pull down the Email, Training and Recipients sections to help the user check the content of the email to be sent and the selected training section along with the user name and email of the designated user.
  • Click Done to finish.
  • At this time, on Sophos Central will display the parameters of the training.
  • As we can see in Active Campaigns is the name of the Phishing training, next to 1 Emails sent, 1 email was sent.
  • Next is 0 Emails opened, this part will increase when a user opens the email.
  • At 0 users are caught, this part will increase when the user clicks on the link.
  • At 0 Finished training, this part will increase when the user completes the training.
  • Next we will go to the email account to see the email just sent.
  • Click to open the email, we will see information such as sender, email address, email subject, email content is the message asking to log in the account from the IT room just like we did on Sophos Central .
  • After opening the email, we return to Sophos Central page and reload the page we will see in the Email opened section will increase by 1 because we opened the email sent.
  • Go back to the email page and click on the login link and the Attack Landing page will appear and we will enter the Account and Password and click Log In
  • After entering Account and Password and clicking Log In, the browser will navigate to the same content page as Caught Landing page we set up above.
  • The announcement page tells us “This is not a real attack but it may have happened” and we have to watch the video training and do the test by clicking Go to training.
  • Go back to Sophos Central page and reload the page, we will see the Users caught section increased by 1 by the user who clicked on the link.
  • Go back to the announcement page, after clicking Go to training, the website will navigate to a course called Credential Harvesting that we have set up on Sophos Central.
  • This page displays the course name Credential Harvesting, course content and time.
  • In order to participate in Start Course, at this time, a test will show a training lesson with questions and explanations to give us more information to do the test.
  • These are questions of the training.
  • If the correct answer will have a blue mark.
  • Complete the rest.
  • After completing the training, we will press Take Quiz to do the test.
  • Choose the best answer in each sentence and click Complete Quiz to complete the training.
  • If you do not reach the required score to pass the test, you can click Reset Quiz to redo or click Back to Lesson to review the video and find the answer.
  • Note: If the user clicks Complete but not enough points to pass training, on Sophos Central finished Training is still 0, it only increases when the user has enough points to pass the test.
    After the user fails to pass the test, we will return to the Sophos Central page, reload the page and see that the Finished training section is still 0.
  • Next we will do the test enough points to pass it.
  • Then go back to Sophos Central page, reload and we will see the number of Finished training increased 1 time, 1 person completed the training.
  • Because in this traning section only applies to 1 user, the parameters are 100% and after completing the training click on the name of the training as Credential Harvesting to see the statistics on the training and its results.
  • Finally to finish training click on End Campaign.

YOU MAY ALSO INTEREST

The goal of the article

  • Following the article in Part 2, Part 3 will proceed with Phish Threat configuration with the third Campaings type Attachment on Sophos Central.
  • Also, you can review part 2 of the article here.

Instructions for configuring Phish Threat features on Sophos Central.

  • To use Phish Threat feature on Sophos Central, we first need to create a Sophos Central account.
  • To create Sophos Central account, you can see the instructions here.
  • After acquiring Sophos Central account, log into Sophos Central with the account you just created at https://central.sophos.com.
  • Next select People to add users for Phish Threat configuration.
  • Click Add> Add User.
  • The Add User table appears, fill in the name FIRST & LAST NAME and enter the email address in the EMAIL ADDRESS box.
  • Note: Email address must be a domain email address, do not use public email addresses like Gmail, Yahoo …
  • Next, let email training send to users who are not added to the Spam folder. We need to add IP addresses and domains for training to the trusted item (whilelist) on Mail Server or mail services like G- Suite, Office 365 ….
  • To obtain the IP address, log in to Sophos Central account and click Phish Threat> Setting> Sending domains and IPs.
  • Now we will see two IP addresses and a series of domains that Sophos provides for the training.
  • Next we press MY PRODUCTs> Phish Threat> Campaigns to enter the Phish Threat feature.
  • Here to do training for users we need to create Campaigns, to create Campaigns click New Campaigns.
  • We will set name for Campaigns and choose the type for Campaigns.
  • Campaigns has 4 types:
  • Phishing: Attracting targeted users to click on a link in an email.
  • Credential Harvesting: Attracting targeted users to enter login information into a fake website.
  • Attachment: Attracting targeted users to open an attachment in an email.
  • Training: Enroll the target user for mandatory training based on the selected training modules.
  • We will do the simulation of Campaigns to see how it works.
  • In this article, we will simulation Attachment Campaings type.
  • After clicking New Campaigns, we will enter the name for Campaigns as Attachment and select Attachment and then click Next.
  • Next we will select the attack pattern, in this case Sophos has provided us with a lot of attack patterns coming from famous websites like Amazon, Adobe, Apple … we just choose one of the The type of attack we want.
  • Here We will choose the type of Car Lights On and then click Next.
  • Next, we will choose the type of training for users, where Sophos also provides training types on internet threats such as Ransomeware, Keyloggers, Macro Malware …, these training types will include 1 video clip with subtitles English and record video time.
  • We can choose up to 5 training types for 1 Campaigns and those training types will be random when sent to users.
  • Here We will choose the type of Training Ransomeware and then click Next.
  • Next is the Customize section, which allows you to edit the contents of Attack Email, Reminders Email, Caught Landing, Training Landing.
  • This section contains 4 parts: Attack Email, Reminder Email, Caught Landing, Training Landing.

Attack Email.

  • In this Attack Email section, when we click, we will see the information available such as Name, Email, Email Subject. We can change it if you want.
  • Here we will simulate an email sender to come with a CV file. o In the From Name section, it will be Nguyen Van Phu.
  • In the From Email section will be phu.nv123@outlook-mailer.com.
  • Here we will use additional sub-domains by checking the Use a sub-domain box on phishing ULR replacements and filling in the blank box Sophos.
  • So our email will be phu.nv123@sophos.outlook-mailer.com. Attachment Filename we will fill it in as CV Phu.
  • The Email Subject section we will fill in is “Nguyen Van Phu application for IT Helpdesk position application”.
  • Next we drag the mouse down to see the contents of the email we will send, we can click Edit to edit the content sent.
  • Here we will Edit the job content as follows.

Caught Email.

  • Caught This email will contain an email with the content “This is not a real attack but it may have happened”.
  • This page will appear when users download the attachment and turn it on, the page shows the wrong purpose for users to know that this is a training and users have not passed.
  • You can edit the content of the page by clicking Edit.

Reminder Email.

  • This email is used to remind people when they have not completed the training.

Training Landing.

  • This page will display after the user clicks Go to training at Caught Email earlier.
  • This page is to inform users that they have been added to a training.
  • After modifying the Customize section click Next to go to the Enroll Users section.
  • In this section we can assign 1 or more Users or Group for training.
  • Click Next to go to Review & Schedule, in this section you can set the time for training to take place.
  • You can choose Launch at schedule time to set the timetable or select Launch immediately for the training to take place immediately after clicking Done.
  • In the Sending Increment section, help us set up this training for many people in a certain period of time.
  • For example: if you choose Send to all enroll users and at the same time, this training will be sent to all users at the same time. If you select Send 5% and select Every hour, every 1 hour the training will be sent to 5% of the total number of people selected in the Enroll User section above.
  • Pull down the Email, Training and Recipients sections to help the user check the content of the email to be sent and the selected training section along with the user name and email of the designated user.
  • Click Done to finish.
  • At this time, on Sophos Central will display the parameters of the training.
  • As we can see in Active Campaigns is the name of the Attachment training, next to 1 Emails sent, 1 email was sent.
  • Next is 0 Emails opened, this part will increase when a user opens the email.
  • At 0 users are caught, this part will increase when the user clicks on the link.
  • At 0 Finished training, this part will increase when the user completes the training.
  • Next we will go to the email account to see the email just sent.

Central Phish Threatens

  • Click to open the email and we will see information such as sender, email address, email subject, the same email content as we set up on Sophos Central.
  • After opening the email, we return to Sophos Central page and reload the page we will see in the Email opened section will increase by 1 because we opened the email sent.
  • Return to the email page, we will click on the attachment below to download the file to the computer and open it.
  • At this time we receive an email notification from Sophos that we have been invited to the training by downloading and opening the attachment.
  • Content is the content of Caught Email page that we have set up in Customize section.
  • The announcement page tells us “This is not a real attack but it may have happened” and we have to watch the video training and do the test by clicking Go to training.
  • Go back to Sophos Central page and reload the page, we will see the Users caught section increased by 1 by the user who clicked on the link.
  • Return to the notification page, after clicking Go to training, the website will navigate to the content page as the Training Landing page that we have set up in Customize section.
  • Click Go to training.
  • The website will navigate to a course called Ransomeware which we have set up on Sophos Central.
  • This page displays the course name is Ransomeware, course content and time.
  • To join Start Course, a video with 4 minutes time will be displayed with English subtitles and we have to watch the video to guide to the Test.
  • After watching all the videos, we will press Take Quiz to do the test.
  • Select the correct answer and click Complete Quiz to complete the training.
  • If you do not reach the required score to pass the test, you can click Reset Quiz to redo or click Back to Lesson to review the video and find the answer.
  • Note: If the user clicks Complete but not enough points to pass training, on Sophos Central finished Training is still 0, it only increases when the user has enough points to pass the test.
  • After the user fails to pass the test, we will return to the Sophos Central page, reload the page and see that the Finished training section is still 0.
Threat

Sophos Central Phish Threat Trial

  • Next we will do the test enough points to pass it.
  • Then go back to Sophos Central page, reload and we will see the number of Finished training increased 1 time, 1 person completed the training.
  • Because in this traning section only applies to 1 user, the parameters are 100% and after completing the training click on the name of the training as Phishing to see the statistics on the training and its results.
  • Finally to finish training click on End Campaign.




Coments are closed