In this post, we’re going to explain step by step how to send Phishing and Ransomware simulations through DMI for Google and Microsoft.
Considering that many CISOs are unaware of the protection technologies implemented in their organization, which makes it difficult to accurately measure user behavior, with Direct Message Injection (DMI) (a delivery technique for phishing simulation traps to get emails into users’ inboxes), the process becomes simpler and requires less knowledge of the organization’s security infrastructure.
This method allows for direct injection of emails into our organization’s users’ inboxes, typically using an API developed by our email service provider.
Thus, our phishing simulation tool doesn’t need to go through all of the organization’s security tools to reach the end user’s inbox. Instead, the email can be inserted directly into the inbox, bypassing most of the organization’s email filtering rules and tools through DMI.
Another important factor to consider is that protection tools often update, potentially disrupting a good Whitelist configuration overnight.
Final Thoughts
With DMI, we reduce or even eliminate the technological tools involved in our Whitelist for proper email reception. While this method doesn’t eliminate the need for a Whitelisting process, it certainly reduces it and allows us to measure user behaviors more quickly. Ultimately, this is crucial when simulating phishing and ransomware traps.
To learn how to configure DMI on different platforms like Google and Microsoft, you can watch the recording of our Workshop.
Beyond having well-configured Whitelists, there’s the possibility that when opening a simulated phishing email, users may encounter a security warning indicating the message is suspicious. With DMI configuration, these warnings can be eliminated. For example, you can see this note from our Help Center: Google gray info card.
Leave a Reply