Area 1 - Microsoft reporting that user fell for phish, they deny, was it Area 1?
We sent a phishing sim via exchange admin. User who “clicked the link” is saying they never got it and it’s actually in their junk. The IP is 104.198.58.48. area 1 processed the email and 8 seconds later, the user is sent the training for failing the simulation. Has anyone run into this? I verified the sign in log that no one had access to her mail or account too.
1 Reply
Sounds plausible to me. CF does use GCP for some things and does some actions on links: https://developers.cloudflare.com/email-security/email-configuration/email-policies/link-actions/.
This discord is for Cloudflare Developers though, and Area 1 is Super Enterprise. I assume you are Enterprise and have help chat/csm, would ask them for confirmation. None of us here, even community champs have Area 1 lol.
Cloudflare Docs
Link actions · Cloudflare Area 1 Email Security docs
Create actions for emails with specific dispositions. URL defang means that every URL in an email of the selected type will be rewritten so that the …