Personalizing Campaigns with Injected Fields in Phin
Injected fields in Phin are placeholders within simulated phishing email templates that dynamically insert user-specific or contextual information—such as first name, last name, job title, or employee ID—enabling organizations to create personalized, realistic phishing campaigns that mimic advanced social engineering tactics and improve end-user awareness by reflecting how actual phishing emails use stolen personal data.
What are injected fields, and how are they used?
Injected fields act as placeholders for user-specific or contextual values that are "injected" into simulated phishing templates delivered to end users during a phishing campaign.
For example, if a simulated phishing template includes the sentence "Hi {{FIRST_NAME}} {{LAST_NAME}}, please click the link below to see your service request.", the end-user John Smith would see: "Hi John Smith, please click the link below to see your service request."
Injected field placeholders don't have to match anything specific to work, but when they do (such as using {{FIRST_NAME}} to pull in a user's first name), it helps create a more realistic experience for the end-user when the simulated phishing email is rendered in their inbox.
The values injected into these fields are determined by which user-specific or contextual values are connected to the injected fields when the template is built and uploaded to the Phin platform in the Template Builder.
What value do injected fields add to phishing campaigns?
Emails with generic addressing or little contextual information are more likely to be reported as phishing. However, cybercriminals increasingly use personal data to craft convincing phishing emails.
Injected fields allow organizations to deploy phishing campaigns that recreate the experience of receiving a phishing email that uses stolen information and social engineering tactics. This helps bridge the gap from outdated, generic simulations to personalized ones that keep end-users aware of advanced phishing tactics.
List of Injected Fields by Type & Value
Below is a list of injected fields, their values, and rendered examples. For demonstration, the end-user is John Smith, with user fields from Azure such as job title, office location, and manager email.
User-Specific Injected Fields
-
Employee ID:
- Template: Your employee ID, {{EMPLOYEE_ID}}, is not listed in our system.
- Rendered: Your employee ID, e342553, is not listed in our system.
-
First Name:
- Template: Hi {{FIRST_NAME}}, are you able to open the attached file?
- Rendered: Hi John, are you able to open the attached file?
-
Last Name:
- Template: Dear Mr. {{LAST_NAME}}, are you available for a quick chat?
- Rendered: Dear Mr. Smith, are you available for a quick chat?
-
Email:
- Template: Please confirm your email is {{EMAIL}} by clicking the button below.
- Rendered: Please confirm your email is john@demoemail.com by clicking the button below.
-
Job Title: (Default Value Available)
- Template: Hi {{FIRST}}, would you be open to talking about your current position as a {{JOB_TITLE}}?
- Rendered: Hi John, would you be open to talking about your current position as a Software Developer?
-
Department Name / Department ID: (Default Value Available)
- Template: {{DEPARTMENT_NAME}} - {{DEPARTMENT_ID}}, needs to provide bank info to HR by EOD.
- Rendered: Software - S40T68, needs to provide bank info to HR by EOD.
-
Manager Name: (Default Value Available)
- Template: Your manager, {{MANAGER_NAME}}, is requesting information for payroll.
- Rendered: Your manager, Bob Thomas, is requesting information for payroll.
-
Manager Email: (Default Value Available)
- Template: This email was sent to you at the request of your systems admin, {{MANAGER_EMAIL}}.
- Rendered: This email was sent to you at the request of your systems admin, bobthomas@demoemail.com.
-
Office Phone:
- Template: You have a digital voicemail attachment associated with the #{{OFFICE_PHONE}}.
- Rendered: You have a digital voicemail attachment associated with the #302-555-1234.
-
Office Location: (Default Value Available)
- Template: A package was not delivered to {{OFFICE_LOCATION}}. Click to reschedule.
- Rendered: A package was not delivered to 1234 Demo St, Newark, DE. Click to reschedule.
-
Mobile Phone:
- Template: Please confirm that the best number to contact you is {{MOBILE_PHONE}}.
- Rendered: Please confirm that the best number to contact you is 302-555-4321.
-
Company Name: (Default Value Available)
- Template: Please see the linked invoice pertaining to services rendered for {{COMPANY_NAME}}.
- Rendered: Please see the linked invoice pertaining to services rendered for Demo Incorporated.
-
Mail Nickname:
- Template: You have digital mail addressed to {{MAIL_NICKNAME}}. See attached.
- Rendered: You have digital mail addressed to John. See attached.
-
Sign in Sessions Valid From Date Time:
- Template: {{SIGN_IN_SESSIONS_VALID_FROM_DATE_TIME}}
- Rendered: 10/6/2024, 2:07 PM
-
Employee Type:
- Template: You are listed as {{EMPLOYEE_TYPE}} in our HR system.
- Rendered: You are listed as employee in our HR system.
-
Last Password Change Date Time:
- Template: You changed your password at {{LAST_PASSWORD_CHANGE_DATE_TIME}}.
- Rendered: You changed your password at 10/7/2024, 2:52 PM.
-
Preferred Language:
- Template: To change your preferred language choice of {{PREFERRED_LANGUAGE}}, click here.
- Rendered: To change your preferred language choice of english, click here.
Contextual Injected Fields
-
For context to time and date fields, this article was written at 10:03 AM on 10/11/2024.
-
Current Time:
- Template: Your confirmation link was sent at {{CURRENT_TIME}} and will expire soon.
- Rendered: Your confirmation link was sent at 10:03 AM and will expire soon.
-
Current Short Date:
- Template: Today, {{CURRENT_SHORT_DATE}}, is the last day to apply for an extension.
- Rendered: Today, 10/11/2024, is the last day to apply for an extension.
-
Current Huge Date:
- Template: Today, {{CURRENT_SHORT_DATE}}, is the last day to apply for an extension.
- Rendered: Today, Friday, October 11, 2024, is the last day to apply for an extension.
-
Past Time/Past Short Date:
- Template: We noticed a suspicious transaction at {{PAST_TIME}}, {{PAST_SHORT_DATE}}.
- Rendered: We noticed a suspicious transaction at 9:07 AM, 10/09/2024.
- Note: Past time and date fields render random times and dates in the past 7 days before the simulated phishing email is sent.
-
Past Huge Date:
- Template: We noticed a suspicious transaction on {{PAST_HUGE_DATE}}.
- Rendered: We noticed a suspicious transaction on Wednesday, October 9, 2024.
-
Future Time/Future Short Date:
- Template: The following link will expire at {{FUTURE_TIME}} on {{FUTURE_SHORT_DATE}}.
- Rendered: The following link will expire at 12:00 PM on 10/13/2024.
- Note: Future time and date fields render random times and dates in the next 7 days from the time the simulated phishing email is sent.
-
Future Huge Date:
- Template: The following link will expire on {{FUTURE_HUGE_DATE}}.
- Rendered: The following link will expire on Sunday, October 13, 2024.
Where are the values for User Fields pulled from?
Every end-user (employees receiving training or phishing simulations) has a user profile. Users can be uploaded manually or via the Phin Azure Sync integration. Once uploaded, their metadata or "user field" values can be viewed by navigating to "Users" in the side navigation. Clicking on the icon under the "Actions" column for a user opens that user's profile.
- Users uploaded manually via a CSV or added individually using the "Add User" tool can have their profiles edited.
- Users uploaded via the Phin Azure Sync integration cannot be edited in the Phin App and must be modified via the source in your Azure instance.