This HowTo article explains how to configure Avanan’s Allow Listing to allow Attack Phishing tests to reach end users.
Warning: CyberHoot supports fake email Attack-Phishing for customers. Please keep in mind this approach uses negative reinforcement to reduce click rates in employees. To be successful, always pair with Positive Reinforcement, educational, and realistic HootPhish phishing simulations for the best Affect and Effect on end users.
In this activity, you will add the domain CyberHoot.com to a newly created or existing Allow-List in GSuite’s Admin Console. Domain Name: cyberhoot.com
1. Log in to https://admin.google.com and select Apps.
2. Select G Suite.
3. Select Gmail.
4. Select Advanced settings.note
5. In the Organizations section, highlight your Domain. Do not select an organizational unit (OU).
NOTE: G SUITE DOES NOT PERMIT ALLOW-LISTING BY IP ADDRESS FOR INDIVIDUAL IPS, ONLY THE ENTIRE DOMAIN.
6. In the Email whitelist section, enter our IP addresses.
7. Click Save.
Please Note: We have found that this process exempts CyberHoot simulated phishing emails from the Gmail banner warnings. However, this is not documented by Google as an allow-list recommendation.
Video here: https://youtu.be/7IhKiz4gTXQ
4. REMEMBER THAT THE BYPASS RULE IS “IS WITHIN THE RANGE” and the INLINE RULE IS “IS NOT WITHIN THE RANGE”
5. Rule Name: Security Awareness Bypass
6. Edit of existing Avanan Compliance Rule “xyz_inline_el”
MAKE SURE THIS IS SET TO ALL, NOT ANY, OR ALL EMAIL WILL BREAK
ONLY change metadata match, source ip to include the IP’s for Cyberhoot under “not within range”
Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.
Welcome to our two-part blog series on Microsoft’s new email security enhancement now included in Office 365 P1...
Read more"Being an MSP today is like wearing a neon sign that says, ‘Hack me! I’m the gateway to 100...
Read moreEver had your phone suddenly lose service for no reason, followed by a flood of “reset your password”...
Read moreGet sharper eyes on human risks, with the positive approach that beats traditional phish testing.