Dynamic variables let you turn a single, generic phishing template into a highly personalized spear phishing simulation. When an email is sent, the variable is replaced with real data unique to each recipient. This makes the phishing email feel targeted and believable.
For example, Hi {{.Target-FName}}, becomes Hi Sarah, at send time. This kind of personalization mirrors how real attackers operate, helping your employees build real-world recognition skills.
You can add variables by typing the variable placeholder directly in the email template or using the built-in "Insert Dynamic Placeholder" feature that can be found in the template editor.
Variable Categories
Dynamic variables fall into two main categories.
System Variables
These are automatically generated by the platform and are not tied to employee data. They are best for adding timely context to an email such as the current date or a unique phishing link.
Employee List Variables
These pull information directly from your employee list. They are what transform a generic phishing email into a realistic spear phishing simulation. By using details such as the recipient’s name, job title, or manager, you create a message that looks like it was written specifically for them.
System Variables
System variables are not tied to your employee list. They are generated at the moment of delivery and are useful for making phishing emails feel timely and unique.
Phishing Website Link{{.PhishWebsite}}
Generates a unique phishing link tied to the employee, campaign, and tenant.
Use inside the href attribute of an anchor <a> element.
QR Code Image{{.QRCode}}
Generates a QR code containing the employee’s unique phishing link.
Use inside the src attribute of an image <img> element.
Current Date and Time (Long Form){{.DateTimeNow}}
Outputs a full date and time string such as Friday, November 3, 2024 11:00 AM.
Current Date (Short Form){{.DateNow}}
Outputs a short date format such as Nov 03, 2024.
Employee List Variables
Employee list variables pull real information from your employee data. Some fields exist to support advanced features such as dynamic translation, but every field can be used to craft emails that feel personal and closely mirror real spear phishing techniques.
Email Sender Display Name{{.SenderProfile-DisplayName}}
Target Email Address{{.Target-Email}}
Target First Name{{.Target-FName}}
Target Last Name{{.Target-LName}}
Target Job Title{{.Target-JTitle}}
Target Company{{.Target-Company}}
Target Country{{.Target-Country}}
Target Language{{.Target-Language}}
Target Supervisor Email{{.Target-Supervisor}}
Target Phone Number{{.Target-PNumber}}
Custom Attribute 1{{.Target-Custom1}}
Custom attributes are extra fields you add to the employee list such as office location, project name, or any other detail you want to simulate an attacker using.
Comments
0 comments
Please sign in to leave a comment.