Share via

Creating a custom (copied) payload in Microsoft Defender, I select 'Change URL' to change the phishing link but the new/different URL will not save/apply

Megan Cole 0 Reputation points
2025-01-15T20:57:25.2566667+00:00

I am creating a custom payload in Microsoft Defender, copied from an existing payload (Microsoft Sharepoint shared documents notifications [DriveByUrl] English) and then modified to be customised wording.

As part of the editing/setup process you can (seemingly) change the URL that the Phishing link will take users to when they click the link inside the email.

I wish to change this link to something more likely to fool a user for the email content type.

So this example is a Sharepoint document share phishing email. The current (default) url link the user will be taken to is 

User's image

I wish for it to instead to be taken to another Microsoft owned phishing link url out of the list that is more likely to trick the users. I would like it to instead be the URL pictured below:

User's image

During the payload editing process I click 'Change URL'

User's image

I select my preferred URL from the list and click CONFIRM at the bottom

User's image

I am taken back to the main page and the URL has NOT changed.

User's image

Even if I proceed and then test the phishing scam after saving it (in case it has actually changed but just has not updated on that setup page) it's still linking the phishing email to the original URL 

= User's image

It is NOT actually changing it.  (there is no error or pop up at any point to indicate any issue either) 

 

This happens whether I edit the existing customised payload or create another new one cpiied from the sample and change the url right at the start before saving it. 

 

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
5,572 questions
Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,406 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Crystal-MSFT 51,301 Reputation points Microsoft Vendor
    2025-01-20T05:31:59.99+00:00

    @Megan Cole, From your description, the issue is related with Microsoft Defender. If you are using Microsoft Defender for Endpoint, you can open case via the steps in the following link to get help.

    https://learn.microsoft.com/en-us/defender-endpoint/contact-support

    Thanks for your understanding.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.