Below is a customizable email you can send to your IT/Help Desk team while running a baseline phishing test. The email introduces the baseline test and explains how your IT/Help Desk team should handle the simulated phishing email and any user questions:
On [[DATE]], the [[CSIRT/IT/Security]] team will be running a simulated phishing test to [[COMPANY_NAME]] Employees. This is a blind test and users should not be made aware of the test at any stage until an official announcement is sent out from the management team. It is important to not click on the link on behalf of the user as the simulated emails are specific to each user, and any clicks will register as a fail for that user. If a user forwards the email: Reply that you have received it and will research it further and the user does not need to take any further action in order to not give away the test or have them warn other employees. If a user calls about the email: Thank the user and tell them to forward the email to [[example@domain]] for further research and they do not need to take any further action. If a user calls regarding the landing pages: The user has clicked the email and is on the landing page asking for their login credentials. If they ask you what to do at that point, let them know not to enter their credentials, and to forward the email and either the copied URL or a screenshot of the landing page. Examples of the email and two subsequent landing pages are attached below. Thank you for your participation as [[COMPANY_NAME]] works to build a global cybersecurity awareness program.