Creating a new phishing template
In this section, we will cover creating a new email template from scratch.
Your Phishing Tackle plan comes with many professional, pre-made templates, which can be edited and cloned to suit your business (See 'Cloning Templates' Below) however, to create something more personalised to your business, continue reading.
The goal of this article will be to create a spoof email Template that looks like one sent from our finance team, asking for employee bank details.
A Template like this is effective at rooting out weaknesses in Recipient's training, thus making further training easier to target.
It also allows you to educate those who fall for the spoof as you can point out what they should be looking for.
- This will be assigned to the Email Template we create
'Completed Basic Training'
- This is assigned to all Recipients we want to test our Email Template with
If you do not have the above prerequisites, go ahead and create them now, or adapt your own to follow along.
From the main Dashboard
- On the main menu, under "PHISHING" click "Templates" > "Emails"
- Click "ADD NEW TEMPLATE"
- We'll call it "Finance Spoof".
- It will be from "Finance Team", but you can use something even more convincing.
- As we are trying to educate, rather than just catch recipients out, we are going to make an intentional mistake in the From and Reply-To address.
- We've assigned an alarm bell to the reply-to address, this is to educate the Recipients to look out for inconsistencies in the email
- For the Email Subject we've used "Payroll Issues".
- We used the Phish Hook Link within the email, and gave it another alarm bell.
- Here we can tell Recipients to never click on links from unknown domains, and to pay extra attention if an email is asking for bank details.
- Alarm bells are very useful as they allow you to train your Recipients on-the-fly, make good use of them!
At the base of the template editor, you can choose whether to add an attachment of various types, including Microsoft Word (DOCX), Microsoft Excel (XLSX), Microsoft PowerPoint (PPTX), Adobe PDF (PDF), Compressed Zip (ZIP), or an HTML page.
The Attachment File Name is what will be displayed to the end-user when you send the email to their inbox.
You can specify which Landing Page and Link Domain you'd like to use within the template.
- NOTE: Both the Landing Page and Link Domain can be overridden during the Phishing Campaign Creation Wizard.
Finally, once you are happy with the content of the email, you may wish to assign it some Tags to help group it with other similar emails.
Once we have saved it, it will return us to the main Templates page where we can see our email (search Spoof Emails)
We can then preview the Template to check how it looks by clicking on the thumbnail of the Template.
Now our Template is ready for use within a Phishing Campaign!
Editing Phishing Templates
Editing email templates can be an excellent to make small changes to existing templates to better suit your organisation.
To edit an existing email template:
- From the templates page (either email or landing page, they both use the same editor) click the title of the template and the template editor will open for you.
NOTE: If you click on a system template a copy of it will be automatically created for you so you don't accidentally overwrite the original.
- From within the editor you can make any necessary changes and even go directly into the HTML source to edit it at a low level.
- (Optional) PRO TIP: If you want to get right into the nitty-gritty of things and change the raw HTML to finely tune the email to perfectly fit, simply hit the Source button to swap to the HTML editor.
What if I don't know HTML?
Changing HTML code may seem daunting initially, but there are many online resources which can help you learn all you need to make the fine tuned adjustments you want.
As all the HTML code is available for you on our templates, you'll soon find you may only need to make the smallest adjustments to make them into a spear phishing masterpiece.
Take a look at some of the guides below to help:
- Images, including if the image is the wrong size: https://www.w3schools.com/html/html_images.asp
- Changing background colours: https://www.w3schools.com/CSSref/pr_background-color.asp
If you would like to simply clone and edit one of Phishing Tackle's many pre-made Templates, read Cloning Email Templates