Customizing Emails and Landing Pages
Read the below tutorial, or check out our Customization of Phishing Templates and Landing Pages video, to learn more about this topic.
Managing Email Templates
The console allows you to choose from a variety of preset email and landing page templates that are constantly updated, but you can also create and manage your own phishing emails and landing pages.
Email Templates Area
This area contains any templates you've created or edited. By default, the only category here is Drafts (which will not appear as selectable when creating a phishing campaign). You can create your own categories and move any of your drafts to one of your categories–in order to make them selectable when creating a phishing campaign.
This area lets you manage your email template categories. By default, there are no categories here.
Note: You must create at least one category to use for your own email templates, as uncategorized templates will not be selectable for use when setting up a phishing campaign.
You can always delete a category later, and any email templates in it will be moved to your Drafts folder.
This area contains all the built-in phishing emails and categories that are available for you to conduct your phishing tests. These are professionally created for you to use and/or edit for your own use. Select a category to see a list of emails within that category. Click the eye icon next to the name of the email to preview it. You can sort these emails by difficulty rating to decide how difficult you would like the phishing tests to be for your users to detect. You can also sort by the date templates were last updated, allowing you to quickly find the newest templates within a category.
You can hide templates or categories you don't want to use by clicking enable/disable toggle button to the right of the template/category you wish to hide. For more details on hiding templates and template categories, click here.
You can add these emails to your own custom categories, and you can click on any one of them to open our Template Editor, where you will be able to edit any feature of that template.
Note: When editing a system template, you are editing a copy of the original template. You will always have the original template to fall back on. Hitting save will save your edit to the Drafts category in My Templates and leave the original email in System Templates.
Security Hints and Tips:
The System Templates area also includes a category called Security Hints and Tips. These are not intended to be used as phishing emails, but rather, to help you disseminate best practices and general security knowledge to your employees. You are free to send these out in their own campaign or even rebrand them as your own and send them from an official in-house email.
Send Security Hints and Tips as part of a separate monthly “Random” campaign to help reinforce security awareness. Send a Scam of the Week newsletter to users weekly to inform users of current email, phishing, and social engineering scams to watch out for.
This area contains moderator approved user-submitted templates that you may find useful in your own phishing tests. You will not see these emails by default when you go to create a phishing campaign. To use a community-created template, check the box next to one or more emails and use the Add to category drop-down menu at the top right to select which of your categories you'd like the template added to. You will then use the Add button to the right of the drop-down menu to copy the selected template(s) to your own category under the My Templates area.
Submitting a template to the community:
We encourage our customers to create templates for more accurate phishing tests. If you have created an email template that you think would be handy for others to use, click the checkbox to the left of that template and use the Share button at the top to share your template with the community and it will be submitted for approval.
Creating Custom Emails
In the My Templates area, you are given the option to create your own email templates from scratch. Click the +New Phishing Email Template button in the upper right-hand corner of the screen. This launches the WYSIWYG editor.
Note: Once you create a custom email template you must move it into a category in order to use it in a phishing campaign.
WYSIWYG Email Template Editor Interface
1) Template Name:(optional) You can name your template to better identify it if you'd like. Your end user will not see this field when they receive the phishing email.
2) Sender's Email Address: This is the address the email will appear to be coming from. You can use any email address you’d like.
3) Sender's Name: (optional) This field will let you assign a Sender’s Name which will appear on the phishing email next to the Sender’s Email Address when the user receives the email.
4) Reply-To Email Address: (optional) Here you can assign any email address that you would like the user to reply to when they click “Reply” on the phishing template they received. Note that this email will be overwritten by our system-generated email address so we can capture replies if you have our Reply-To feature turned on in your phishing campaign.
5) Reply-To Name: (optional) Here you can add a reply-to name. This will only be used if you use our Reply-To feature in your phishing campaign. It will auto-populate a portion of the email that is generated for your user to Reply-To to help make the reply-to address appear more legitimate.
6) Subject: This is the email’s subject line as the recipient will see it in their inbox. This will also be the title of the template if you haven't added a Template Name.
7) Attachment Filename: (optional) This field is only used if you have selected an attachment type. This should be something that would prompt the user to open the file, i.e. “Payroll Q4” or “Revised layoff list”. You do not need to include any file extensions here, just the name. Note that you cannot use placeholders in attachment filenames.
8) Attachment Type: (optional) If you would like to add one of our specially-designed attachments to add to your custom phishing email, specify the type of attachment to use. Click Here to read about attachment tests and to learn the difference between attachments with macros or without.
9) Source: This button can be clicked to switch to a Source code view in the template. If you're familiar with HTML, you can use it to craft templates by clicking this button.
10) Image: This button can be clicked if you'd like to add an image to your phishing template. You MUST use externally-hosted images, meaning you must insert a publicly-available URL into the URL field after clicking the button. You can also resize your image using the height and width fields.
Note on resizing images: Some versions of Outlook will require adding additional tags to the source code of the image, in order for it to display properly in the email. See this article for more information.
11) Placeholder: The “Placeholder” options will automatically populate certain fields with your user and organization information or a random date or number. Note that for the user information placeholders, such as First and Last Name, Manager Name, etc., you must have added that information about the user to the console, either manually, with a CSV import, or with Active Directory Integration.
12) Phish Link: Our Phish Link button will allow you to quickly add a phishing link wherever you'd like in the body of the email. This is already done in our built-in system templates but when customizing or creating templates, you will need to do the following: Type out the text you wish to make into a phishing link, then highlight the plain text you wish to “link” and click the Phish Link button to turn it into phishing link. If you attempt to create an HTML link in phishing templates, our system will automatically change the links to phishing links for security purposes.
Example of Creating a Phishing Link
In each case, highlight the text you would like to make a phishing link and then click the “Phish Link” button to use that text as your phishing link.
13) Red Flag: Platinum and Diamond customers can use our Red Flag (Social Engineering Indicators) button to add a hint to the user who clicks a link on this phishing email as to why the user should have been alerted this email was potentially dangerous. For more details on how to add red flags, and recommended practices, click here to view our SEI Product Manual.
14) Body: ln the body of your phishing template, add any text that you'd like. There are simple text formatting options you can use to customize the appearance of your template. You can easily add tables, lines, and more by using the buttons available in the WYSIWYG.
15) Choose a Landing Page: This is the page your users will be redirected to if they click on your phishing link. You can choose from our system landing pages or your own custom landing pages.
Alternatively, you have the option to set a default landing page under your Account Settings. Your default landing page will be used across all phishing campaigns.
Note: If you select a landing page when creating a phishing campaign, it will override the template-specific landing page you've chosen in the WYSIWYG editor and your default landing page.
16) Choose a Landing Domain: This is what the user will see in the address bar when they reach your landing page. These are all domains that we own. Changing the landing domain can be especially helpful if you are also using one of our “phishing for sensitive information” landing pages (such as the Outlook, Gmail, or Office 365 pages). We have domains that can appear “safer” and make the user feel more comfortable about entering their username, password, or any other information the page is requesting.
Note: We do not keep or track what your users enter on these pages.
Alternatively, you have the option to set a default landing domain under your Account Settings. Your default landing domain will be used across all email templates.
17) Difficulty Rating: You can assign a difficulty rating to your custom phishing email templates to indicate at a glance how difficult that particular phishing email will be for your users to identify.
Managing Landing Pages
Landing pages are what your users will see if they click on a phishing link in an email. You can create your own custom landing pages, as well as view the various system landing pages.
Landing Pages Area
My Landing Pages:
Once you create custom landing pages, this area will show a list of your landing pages. You can edit them by clicking on the title. You can also preview them by clicking the "eyeball" icon. To delete a landing page, select the checkbox next to the desired page, then click the red "Delete" button.
This area lets you create and manage your own landing page categories.
Note: You must create at least one category to use for your own landing pages, as uncategorized landing pages will not be selectable for use when setting up a phishing campaign.
System Landing Pages:
This area contains any built-in landing pages we have created for your use; you can select a category to see a list of its landing pages.
You can preview the landing page as it will look for a user, by clicking the "eyeball" icon.
You can sort the Landing Pages by the date they were last updated, allowing you to quickly find the newest Landing Pages.
You cannot share landing pages outside of the console using the preview URL or the URL within the text box. To share a landing page, you must set up a test phishing campaign with the user you'd like to share the landing page with. Alternatively, you can take a screenshot of the landing page you'd like to share.
Click on the name of any landing page to open it in the WYSIWYG editor and alter it to your needs. If you save a landing page, it will create a copy under the “My Landing Pages” area, where you will need to categorize it for it to show as an option when creating phishing campaigns.
Creating Custom Landing Pages
In the My Landing Pages area, you are given the option to create your own landing pages from scratch. Click the “+New Landing Page” button in the upper right-hand corner of the screen, this launches the WYSIWYG landing page editor. You can place whatever content you wish here, however, any images you utilize must be hosted externally (do not drag and drop images onto the editor).
If you wish to create a Data Entry landing page (a landing page which tries to get the user to enter sensitive information), it is recommended you read this article for the technical specifications for our data entry forms.
Note: Once you create a custom landing page you must move it into a category in order to use it in a phishing campaign.
WYSIWYG Landing Page Editor Interface
1) Title: Name your landing page. This title will show in the My Landing Pages interface, as well as in the "Landing Page" drop-down menu when creating a phishing campaign.
2) Source: This button can be clicked to switch to a source code view of the landing page. If you're familiar with HTML, you can use it to craft landing pages by clicking this button.
3) Image: This button can be used if you'd like to add an image to your landing page. You MUST use externally-hosted images, meaning you must insert a publicly-available URL into the URL field after clicking the button. You can also resize your image using the height and width fields.
4) Placeholder: The “Placeholder” options will automatically populate certain fields with your user and organization information or a random date or number. Note that for the user information placeholders, such as First and Last Name, Manager Name, etc., you must have added that user information to the console, either manually, with a CSV import, or with Active Directory Integration.
5) SEI Placeholders: The SEI feature is available to Platinum and Diamond subscription levels. It allows you to use the landing page as a point-of-failure training exercise, showing your user exactly what Social Engineering Indicators, or red flags, they overlooked when they clicked on a simulated phishing email. This placeholder will embed into the landing page, the exact phishing test email the user clicked on, pointing out the details that should have raised a red flag for them. See our Social Engineering Indicators article for more information.
6) Body: Here you will form the structure of your landing page. Add any text that you'd like, there are simple text formatting options you can use to customize the appearance of your landing page. You can easily add tables, lines, and more by using the buttons available in the WYSIWYG.