State Review I
This current setup would allow you to do basic credential harvesting phishing campaigns. Which may work on some organizations. However, Many modern organizations usually have additional protections. The following protections are standard security practices:
- Require MFA.
- Email filtering (though most services provide a basic filter).
- Email link protections (fancy bots to analyze link content before allowing users to visit the URL).
- Domain monitoring (Certificate transparency logs for look alike domains).
- Endpoint Protections.