Skip to main content

Email Templates - Introduction

Sebastian Salla
Updated

This introduction will take you through every step involved in the creation and use of phishing email templates.

mceclip0.png

1. What is a phishing email template?

A phishing email template is the actual email that a target will receive when delivered as part of a phishing campaign. The phishing email is the actual content a user reads and as such it plays a critical role in the success of phishing simulations.

To ensure each email has a level of uniqueness towards each target, we provide you the ability to configure content that will be dynamically inserted at the time of delivery. This content and the keyword inserts are as follows:

Phishing Website Link:

{{.PhishWebsite}}

Email Sender Display Name:

{{.SenderProfile-DisplayName}}

Target Email Address:

{{.Target-Email}}

Target First Name:

{{.Target-FName}}

Target Last Name:

{{.Target-LName}}

Target Job Title:

{{.Target-JTitle}}

Target Company:

{{.Target-Company}}

Current Date & Time:

{{.DateTimeNow}}

2. Email template functionality deep-dive

  • Template Page Options:

    • New Email: A single-page template creation popup. Designed for speed and efficiency.
    • View Email Body: Opens the HTML email body in a new web browser tab for viewing purposes
    • Update Template: Provides the ability to view and update the back-end configuration used to create the template (e.g. description, email body, embeded image & attachments, etc.)
    • Delete Template: Provides the ability to delete a template.

  • Template Setup/Update:

    1. Template Name: The name given to the email template
    2. Template Description: A brief description of what the email template is doing
    3. Template Difficulty: How difficult it will be for a target to spot whether the email is a phish.
      • Easy: An average click rate of 0% to 19%
      • Medium: An average click rate of 20% to 29%
      • High: An average click rate of 30% or higher
    4. Target Requirements: Pre-requisite target information needed to successfully deliver this template (e.g. the email may reference the targets first name and as such, this information is needed in the target group)
    5. Email Subject: The subject of the email
    6. Email Body: The HTML email body
    7. Embed Images or Attach Files: Used to upload any images or attachments which may need to be referenced within the email.
      • Images: If an image is uploaded for embedding, the image will get saved to a CanIPhish controlled cloud-storage location with public read rights enabled. You can then embed this image and the location into the email body.
      • Attachments:  If an attachment is uploaded, the attachment will automatically be included in the phishing email.
    8. Public Links for Images Embedded & Files Attached: A list of all image links and attachments associated to this email template.
    9. Template Correlation: The Phishing Website & Sender Profile associated to the Email Template. When using the Campaign Interactive Wizard or Quick Setup, when this Email Template is selected, the correlated sender and website templates will also be selected. This is where you can also specify the type of payload this email is delivering.
    10. Save Template: Clicking save will save any changes made to a phishing template

emailtemplate1.PNG

emailtemplate2.PNG

3. Using your own Phishing Email

The CanIPhish platform supports the creation and modification of phishing emails, should you create or modify a phishing email, you need to ensure your phishing email leads to a next action. This next action could be any of the following.

Note: Depending on the next action, please ensure the relevant pre-requisite is listed within the email template.

  • Phishing Link: Ensure the text identifier '{{.PhishWebsite}}' is embedded within a clickable hyperlink/button. At the time of sending, this string of text is replaced with the URL of the phishing website selected within a campaign. Below is an example:
    • HTML view:

mceclip1.png 

      • Code view:

mceclip0.png

  • Phishing Attachment: Ensure you've attached the necessary payload to your email. It's recommended to use the CanIPhish provided Word, Excel or PowerPoint documents as these have been specially designed to include a tracking pixel. For information on how these can be used, including the locations of our base documents, please see our Attachment Tracking support article.

mceclip2.png

  • Reply-To: A reply-to attack entices the victim to provide a response. This type of attack is often more complex in nature and the victim is eventually enticed to perform an action that will ultimately benefit the attacker.

 

Keen to see how a phishing email looks and feels without having to actually send yourself a test? Take a look at our interactive email phishing simulation tool.

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk