Phin Security

Create Custom Phishing Templates

The recommended method for creating custom phishing templates involves externally building an HTML file with technical tools, then uploading and configuring it via the Phin Template Builder by naming the template, importing the HTML, setting email details such as subject and sending domain, selecting a learning type (Learning Moment, Video, or Custom URL), injecting dynamic fields using Mustache syntax, and organizing with predefined tags before saving.

Build Externally and Upload via Phin Template Builder

Building externally and uploading via the Template Builder is the recommended way of building phishing templates. This method requires technical knowledge of HTML and CSS.

Steps

  1. 1.Build your HTML file using a text editor such as Dreamweaver, Atom, or Visual Studio.
  2. 2.Navigate to the Template Library page from the side navigation under Phishing.
  3. 3.Click the "Create a New Template" button and follow these steps:
    1. 1.Name your template and select "Email" from the dropdown.
    2. 2.Click the import button.
    3. 3.Copy and paste your HTML template into the import modal and click "Import".
    4. 4.Your template will appear in the "Edit Template" section of the builder.
    5. 5.Scroll below the preview to fill in the following information:
      • Email Subject
      • Display Name
      • Sending Name (choose a sending domain from the drop-down)
        • Bug: The first option in the drop-down selection for sending domain cannot be chosen at this time.
      • Learning Type(s):
        • Learning Moment: Default and intended method. Action URLs are transformed into dynamic links that bring an end-user to a learning moment page.
        • Video: Clicking a link directs the user to a training video. Not recommended as the videos are outdated and no learning moment is tracked as complete.
        • Custom URL: Clicking a link leads to a URL of your choosing. User clicks are tracked, but learning moments are not tracked as complete.
      • Injected Fields: Match the "Field Name" (using Mustache HTML injection) to one of the values from the "Selected Values" list. If a default value is available, it will be used as a fallback if a user's data is not available.
      • Tags: Keywords used to organize phishing templates by category type (e.g., notification, purchase, etc.). Custom tags cannot be created.
    6. 6.Once all required fields are completed, click the "Save" button in the bottom right corner of the modal.
  4. 4.Your new phishing template will now appear in the "Your Templates" section at the top of the Phishing Template Library. From here, you can:
    • Preview: Opens the email in a browser window.
    • Clone: Duplicates the email template.
    • Share: Shares a copy of the email template across companies.
    • Delete: Deletes the email template (does not delete shared templates in other companies).
  5. 5.Celebrate the fact that you just created your very own custom phishing template!

Build Directly in the Phin Template Builder

Building phishing templates using the WYSIWYG toolset inside the Template Builder is possible but not recommended for adding phishing templates to your company.

Steps

  1. 1.Navigate to the Template Library page from the side navigation under Phishing.
  2. 2.Click the "Create a New Template" button and follow these steps:
    1. 1.Name your template and select "Email" from the dropdown.
    2. 2.Use the WYSIWYG component selector on the right side of the screen to build your phishing email.
      • This tool is best used to build simple text emails requesting information with a link.
    3. 3.Once your email template is complete, scroll below the preview to fill in the following information:
      • Email Subject
      • Display Name
      • Sending Name (choose a sending domain from the drop-down)
        • Bug: The first option in the drop-down selection for sending domain cannot be chosen at this time.
      • Learning Type(s):
        • Learning Moment: Default and intended method. Action URLs are transformed into dynamic links that bring an end-user to a learning moment page.
        • Video: Clicking a link directs the user to a training video. Not recommended as the videos are outdated and no learning moment is tracked as complete.
        • Custom URL: Clicking a link leads to a URL of your choosing. User clicks are tracked, but learning moments are not tracked as complete.
      • Injected Fields: Match the "Field Name" (using Mustache HTML injection) to one of the values from the "Selected Values" list. If a default value is available, it will be used as a fallback if a user's data is not available.
      • Tags: Keywords used to organize phishing templates by category type. Custom tags cannot be created.
    4. 4.Once all required fields are completed, click the "Save" button in the bottom right corner of the modal.
  3. 3.Your new phishing template will now appear in the "Your Templates" section at the top of the Phishing Template Library. From here, you can:
    • Preview: Opens the email in a browser window.
    • Clone: Duplicates the email template.
    • Share: Shares a copy of the email template across companies.
    • Delete: Deletes the email template (does not delete shared templates in other companies).
  4. 4.Celebrate the fact that you just created your very own custom phishing template!

Testing Templates

To send yourself an email preview of the template:

  1. 1.Navigate to the Phishing Dashboard on the left-hand navigation menu.
  2. 2.Select "Launch a Phishing Campaign" (this can be discarded and is just for the purpose of sending yourself a test).
  3. 3.Fill in the campaign name and description (these can both be "test"). Select 'Fixed Length'.
  4. 4.Select the template you just created by clicking the blue "+" sign, turning it into a green check mark (which means this will be included in the campaign).
  5. 5.Scroll to the very bottom and under "Publish Options" select "Run a Preview".
  6. 6.Enter your email address or whoever is receiving the preview of the template.
  7. 7.Once the email is populated, select "Run Preview" in the bottom right-hand corner. The email preview should be sent immediately and will reflect how an end user will view the template.

Notice that the {{action_url}} in the template is turned into a clickable link in the preview.

If you have any questions, reach out to the support team.