Allow List Mail Servers
      Back to home
      1. Knowledge Base
      2. Email Phishing
      3. Allow List Mail Servers

      Direct Phishing Mail Injection for Gmail (Recommended)

      How to set up mail injection for Gmail

      Direct Inject for Gmail allows CultureAI to directly create phishing simulations in your employees inboxes, rather than sending the emails via regular mail flow conventions.

      This feature allows us to bypass Gmails' spam filtering, which can often cause many of our phishing simulations to be blocked or moved to spam.

      Permissions and requirements

      Permissions are installed at the domain level (domain-wide). Per-user permission's are not required. To be installed, the application will need to be marked as trusted.

      We require the following permissions to allow Direct Inject to function;

      CultureAI use's Googles API to inject simulated phishing emails into your employees inboxes. Once injected, we then set INBOX and UNREAD tags on the email so it appears as a new email.

       

      Setup Steps

      The CultureAI Google Gmail Integration service account must be granted permission to open chats with your users, to do this, follow the steps below;

      1. Login to your CultureAI admin account
      2. Click the settings cog at the top of your dashboard
      3. Scroll and locate the "Gmail" integration tile
      4. Click "Enable"
      5. Follow the steps in the on screen set-up wizard, or follow the steps below;
      6. Visit Domain Wide Delegation under Security >> API Controls within your Google Console
      7. Click "Add New"
      8. Enter the Client ID from step 2 of the set-up wizard
      9. Enter the OAuth Scopes from step 3 of the set-up wizard
      10. Click "Authorise"
      11. Click "Continue" in the CultureAI set-up wizard

       

      Next the CultureAI Google Gmail application must be marked as trusted so that it can be installed to your Google Gmail Workplace.

      1. Visit App access control under Security >> API Controls within your Google Console
      2. Click "Add App" then "OAuth App Name
      3. Enter the Client ID from step 2 of the set-up wizard
      4. Select the Client ID from the found app 
      5. Continue with the default scope 
      6. Mark the app as trusted and click continue 
      7. Click "Finish" to save 
      8. Click "Continue" in the CultureAI set-up wizard

      You now need to give the application it's final approval

      If you are the owner or admin of your Google Gmail Workplace, we recommend you click "Open now" to install the CultureAI Google Gmail application immediately.

      If you need someone else to install the application, or you're planning on installing it at a later date, use "Copy link" to get a shareable link which will install the application CultureAI when used by an admin.

      Once approved, refresh your page and you should see the integration enabled

       

      Now you need to switch on Direct Inject in CultureAI to finish your set-up

      1. Click the settings cog at the top of your dashboard
      2. Click the "Attack Simulations" tab along your side bar
      3. Click into "Email Phishing"
      4. Click the "More" tab
      5. Scroll and locate the "Direct Send and Injection" option
      6. Switch on the "Gmail Direct Inject" toggle
      7. A new window will pop up, click "Yes, enable"
      8. You're done! Your simulated phishing emails will now start sending via Direct Inject