These phish testing companies always stick a header (X-PHISH-TEST or some such) on the email so the email server can white-list -- easy to just Outlook blackhole filter anything with that header after you've seen one test.
What stops an attacker from abusing the same header?
It could be kinda-secure if the header had to have a payload which matched a certain value pre-approved for a time-period. However an insider threat could see the test going on and then launch their own campaign during the validity window.
Terr_|1 year ago
It could be kinda-secure if the header had to have a payload which matched a certain value pre-approved for a time-period. However an insider threat could see the test going on and then launch their own campaign during the validity window.