CUSTOMIZING EMAILS & LANDING PAGES
Read the below tutorial, or check out our Customization of Phishing Templates, Landing Pages, and Training Notifications video, to learn more about this topic.
Managing Email Templates
The console allows you to not only choose from a variety of preset email and landing page templates that are constantly updated, but you can also create and manage your own phishing emails and landing pages.
Email Templates Area
This area contains any templates you've created or edited. By default, the only category here is “Drafts” which will not appear as selectable when creating a Phishing Campaign. You can create your own categories and assign any of your drafts to one of your categories to make them available when creating a Phishing Campaign.
This area lets you manage your email template categories. By default, there are no categories here. We recommend you create at least one category if you plan on creating and utilizing your own custom email templates. These categories will appear as selectable template categories when you create a Phishing Campaign. You can always delete a category later, and any email templates in it will simply revert to uncategorized.
This area contains all the built-in phishing emails and categories that are available for you to conduct your phishing tests. These are professionally created for you to use and/or edit for your own use. By selecting any category you can see a list of emails and preview any one of them. You can sort these emails by difficulty rating, to decide how difficult you would like the phishing tests to be for your users to detect. You can also sort by the date templates were last updated, allowing you to quickly find the newest templates within a category.
You can hide templates or categories you don't want to use by clicking enable/disable toggle button to the right of the template/category you wish to hide. For more details on hiding templates and template categories, click here.
You can add these emails to your own custom categories, and you can also click on any one of them to open our Template Editor, where you will be able to edit any feature of that template.
Note: When editing a system template, you are editing a copy of the original template. You will always have the original template to fall back on. Hitting save will save your edit to the Drafts category in My Templates and leave the original email still in System Templates.
Security Hints and Tips:
The System Templates area also includes a category called Security Hints and Tips. These are not intended to be used as phishing emails, but rather, to help you disseminate best practices and general security knowledge to your employees. You are free to send these out in their own campaign or even rebrand them as your own and send them from an official in-house email.
Send Security Hints and Tips as part of a separate monthly “Random” campaign to help reinforce security awareness. Send a Scam of the Week newsletter to users weekly to inform users of current email, phishing, and social engineering scams to watch out for.
This area contains moderator approved user-submitted templates that you may find useful in your own phishing tests. You will not see these emails by default when you go to create a phishing campaign. To use a community-created template, simply check the box next to one or more emails and use the “Add to category” drop-down menu at the top right to select which of your categories you'd like the template added to. You will then use the "Add" button to the right of the drop-down menu to copy the selected template(s) to your own category under the My Templates area.
Submitting a template to the community:
We encourage our customers to create templates for more accurate phishing tests. If you have created an email template that you think would be handy for others to use, simply click the checkbox to the left of that template and use the "Share" button at the top to share your template with the community and it will be submitted for approval.
Creating a custom phishing email:
In the Email Templates area, you are given the option to create your own email templates from scratch. Simply click the “+New Phishing Email Template” button in the upper right-hand corner of the screen. This launches the WYSIWYG editor.
WYSIWYG Editor Interface
1) Template Name: (optional) You can name your template to better identify it if you'd like. Your end user will not see this field when they receive the phishing email.
2) Sender's Email Address: This is the address the email will appear to be coming from. You can use any email address you’d like.
3) Sender's Name: (optional) This field will let you assign a Sender’s Name which will appear on the phishing email next to the Sender’s Email Address when the user receives the email.
4) Reply-To Email Address: (optional) Here you can assign any email address that you would like the user to reply to when they click “Reply” on the phishing template they received. Note that this email will be overwritten by our system-generated email address so we can capture replies if you have our Reply-To feature turned on in your Phishing Campaign.
5) Reply-To Name: (optional) Here you can add a reply-to name. This will only be used if you use our Reply-To feature in your Phishing Campaign. It will auto-populate a portion of the email that is generated for your user to Reply-To to help make the reply-to address appear more legitimate.
6) Subject: This is the email’s subject line as the recipient will see it in their inbox. This will also be the title of the template if you haven't added a Template Name.
7) Attachment Filename: (optional) This field is only used if you have selected an attachment type. This should be something that would prompt the user to open the file, i.e. “Payroll Q4” or “Revised layoff list”. You do not need to include any file extensions here, just the name. Note that you cannot use placeholders in attachment filenames.
8) Attachment Type: (optional) If you would like to add one of our specially-designed attachments to add to your custom phishing email, this is where you would specify the type of attachment to use. Click Here to read about attachment tests and to learn the difference between attachments with macros or without.
9) Source: This button can be clicked to switch to a Source code view in the template. If you're familiar with HTML, you can craft templates using it by clicking this button.
10) Image: This button can be clicked if you'd like to add an image to your phishing template. You MUST use externally-hosted images, meaning you must insert a publicly-available URL into the URL field after clicking the button. You can also resize your image using the height and width fields.
11) Placeholder: The “Placeholder” box will automatically populate certain fields with your user or organization information. Note that for the User Information placeholders, such as First and Last Name, Manager Name, etc., you must have added that information about the user to the console, either manually, with a CSV import, or with Active Directory Integration.
12) Phish Link: Our Phish Link button will allow you to quickly add a phishing link wherever you'd like in the body of the email. This is already done in our built-in system templates but when customizing or creating templates, you will need to do the following: Type out the text you wish to make into a phishing link, then highlight the plain text you wish to “link” and click the Phish Link button to turn it into phishing link. If you attempt to create an HTML link in phishing templates, our system will automatically change the links to phishing links for security purposes.
Example of Creating a Phishing Link
In each case the text you would like to make a phishing link should simply be highlighted, and then the “Phish Link” button should be clicked on to tell our software to use that text as your phishing link.
13) Red Flag: Platinum and Diamond customers can use our Red Flag (Social Engineering Indicators) button to add a hint to the user who clicks a link on this phishing email as to why the user should have been alerted this email was potentially dangerous. For more details on how to add red flags, and recommend practices, click here to view our SEI Product Manual.
14) Body: ln the body of your phishing template, add any text that you'd like. There are simple text formatting options you can use to customize the appearance of your template. You can easily add tables, lines, and more by using the buttons available in the WYSIWYG.
15) Choose a Landing Page: This is the page your users will be redirected to when they click on your phishing link. You can choose from our system landing pages or your own custom landing pages.
16) Choose a Landing Domain: This is what the user will see in the address bar when they reach your landing page. These are all domains that we own. Changing the landing domain can be especially helpful if you are also using one of our “phishing for sensitive information” landing pages (such as the Outlook, Gmail, or Office 365 pages). We have domains that can appear “safer” and make the user feel more comfortable about entering their username, password, or any other information the page is requesting. (Rest assured, we do not keep or track what your users enter on these pages.)
17) Difficulty Rating: You can assign a difficulty rating to your custom phishing email templates to indicate at a glance how difficult that particular phishing email will be for your users to identify.
Customizing Landing Pages:
Landing pages are what your users will see if they click on a phishing link in an email. You can create your own custom landing pages and view the various system landing pages as well. Click here to see an example of the default landing page.
Landing Pages Area:
My Landing Pages:
Once you create customized landing pages, this area will show you a list of your landing pages and you can edit them simply by clicking on the title. You can also preview or delete them.
This area lets you create and manage your own landing page categories.
Note: you must create at least one category to use for your own landing pages, as uncategorized landing pages will not be selectable for use when setting up a phishing campaign.
System Landing Pages:
This area will contain any built-in landing pages we have created for your use. Click Preview to see the page as it will look for a user. You can click on the name of any Landing Page to open it in the WYSIWYG editor and alter it to your needs. If you save a landing page, it will create a copy under the “My Landing Pages” area where you will need to categorize it for it to show up as an option when creating email templates.
Creating a landing page
Click the “+New Landing Page” button to open the WYSIWYG editor for landing pages. You can place whatever content you wish here, however, any images you utilize must be hosted externally (do not drag and drop images onto the editor).
If you wish to create a Data Entry landing page (a landing page which tries to get the user to enter sensitive information), it is recommended you read this article for the technical specifications for our data entry forms.