Phishing Templates

Template Difficulty Ratings Overview

Note:We’re updating the look of phishing templates! We’ll be migrating to this new experience by October 2024. For more information, see the Phishing Templates Guide.

Each of our system phishing templates is assigned a difficulty rating. Our templates are rated on a basic scale of one to five stars, with one being the least difficult and five being the most difficult. The following factors are considered when determining a template's difficulty rating: grammar, spelling, punctuation, use of logos, overall design, and use of targeted information from user-specific or account-specific placeholders.

For examples of each of these ratings, see the list below:

  • One to two stars: An email with this rating may have a lot of spelling or punctuation errors.
  • Three stars: An email with this rating may include a logo from an organization it is trying to spoof, but it may also misspell the spoofed organization's email address. Additionally, this email won't include targeted user information.
  • Four to five stars: An email with this rating is designed to appear more authentic, with very few red flags for the user to spot. The email may also utilize targeted user information. For example, the email may spoof your own domain and appear to be a well-crafted internal message from your HR or IT team.

You can also rate any templates that you design yourself by using the Difficulty Rating drop-down menu in our What You See Is What You Get (WYSIWYG) editor.

We recommend using templates with one or two-star difficulty ratings after your users have taken an introductory security awareness training course. These templates will help your users detect social engineering red flags and prepare them for the templates with four or five-star difficulty ratings.

When creating your phishing campaign, you can choose to only include templates with specific difficulty ratings. Before doing so, we recommend that you choose multiple template categories to increase the variety of templates that you are using to phish your users.

Can't find what you're looking for?

Contact Support