When you browse through Phishing Tackle's in-built phishing email template (found under PHISHING > Templates > Emails), you may notice that there are difficulty ratings associated with each template:
These difficulty ratings are very versatile and can be used in many different ways. As an example, directly after initial training you might want your users to only have to deal with relatively simple phishing email tests, but after some time and training have occurred you will want to increase the complexity your recipients have to deal with.
How to use templates based on their difficulty rating
When setting up a new simulated phishing campaign, during Step 5 - Email Content, select one (or more) of the following tags to exclude from your email tag choice.
- Very Easy
- Easy
- Moderate
- Difficult
- Very Difficult
This will filter your email template selection to just the difficulty rating you are looking for.
NOTE: It is usually simpler to INCLUDE just a single tag, then EXCLUDE tags you may not wish for (e.g. language tags, difficulty tags etc).
How are the difficulty ratings measured?
All system templates have a difficulty rating assigned to them by Phishing Tackle, but you can assign your own difficulty ratings to custom templates as well. To do this most effectively it is prudent one understands what we base our ratings on.
- 'Very Easy'-'Easy': These templates will contain frequent spelling and punctuation errors, and may also be from obviously fake companies (e.g. 'Micrasoft').
- 'Moderate': Templates in this category will often use real organisation logos, however they may obviously misspell the email address of the sender, or not use any targeted recipient information (such as name, email address, etc...).
- 'Hard'-'Very Hard': Emails rated at this level will appear much more authentic, with very few obvious mistakes or red flags for the recipient to notice. They will often use specific and targeted user information. Examples would include well-crafted internal organisation messages from HR or IT, using recipients' personal information (name, employee number etc...)
When creating your own templates or deciding which templates to use within a campaign, keep in mind the difficulty rating and how you can use it to further your organisation's security awareness.