Copying Real Phishing Emails to a Custom Template
Using a real phishing email as a baseline for a phishing campaign can help better train your users on how to spot current and real-world red flags in their inbox. The below sections will go into detail on how to best incorporate a real phishing email into a custom email template. If you need a refresher on how to customize emails in a phishing campaign, see our How to Create and Edit Email Templates and Landing Pages article.
Tip: If your organization uses PhishER, you can use PhishFlip to reuse user-reported emails in phishing campaigns in your KMSAT console. For more information, see our PhishFlip article.
Copying an Email to a Custom Template
To copy an existing email into your KMSAT console, follow the steps below:
- 1. In your browser, open the email and use your cursor to highlight everything you want to copy.
- 2. Right-click on the email and select Inspect. This will open the inspection window.
- 3. By default, the inspection window will open on the Elements tab and highlight a row of code. Right-click on the highlighted row and select Edit as HTML.
- 4. A window of HTML code will open. Copy all of the HTML in this window.
- 5. In your KMSAT console, navigate to Phishing > Email Templates and click +Create Phishing Template.
- 6. On the New Phishing Email Template page, click on the Source button in the top-left of the WYSIWYG (What You See is What You Get) editor.
- 7. Paste your HTML code from step four in the WYSIWYG editor.
- 8. Review the HTML and remove any unwanted or unnecessary information. See our Cleaning an Email Template section for a list of items to search for when reviewing an email template.
- 9. Click on the Source button again to view your template. Then, click on the Save button to save your email template to Drafts.
Cleaning an Email Template
An email template is considered to be clean once all malicious content is removed. The sections below describe how to remove malicious links or images when you clean an email template they you've created in the above section.
You can remove links in an email template by following the steps below:
- In the WYSIWYG source code, do a find (Cmd+F or Ctrl+F) for the href tag. This search will highlight all of the links in the email template.
- Replace the URL address of each link with the [[URL]] placeholder or a link that you know is safe.
Depending on the mail client that the email originated in or was copied from, there may be a secondary link in the href tag. These links typically start with “data-saferedirecturl…” and must be removed.
As a best practice, we recommend using only secure images in your email template. A secure image will have HTTPS in the URL instead of HTTP.
You can remove or replace images in an email template by following the steps below:
- 1. In the WYSIWYG source code, do a find (Cmd+F or Ctrl+F) for the src tag. This search will highlight all of the images in the email template.
- 2. Replace the image URL with a URL that you know is safe, or remove the image.
Visit our FAQ: Issues with Images in Phishing Templates article for more information about using images in your template.