This section describes how to use the template editor.
1. Template Editor Top Bar
If you have a dedicated library account, you will see a button allowing you to transfer a template from another account to your library account.
In order to send yourself a preview email of the template, use the Preview & Test button. You can only send Preview & Test emails for phishing templates.
You will need to click the Save button in order to retain any changes you have made while editing, this includes any information entered on a pop-up window.
Clicking the Close button will return you to the Manage Phishing Templates page.
2. Email Editor
Edit the content of the template email as would appear in a typical email client.
Any links you want to redirect to the template’s landing/training page (and be tracked) should use {hook_url} as the URL. The system will replace this tag automatically with the appropriate link.
When editing the template, the Variables dropdown allows you to select items that will be replaced in the actual test email. These include, but are not limited to, such items as the target’s name, or optional group and target fields. See the appendix for a listing of available variables. The “hook_url” can be used in place of the “hook_link”. This option will show the entire URL in the email. This is also used if you want a clickable image. Images may also be clickable for tracking purposes, simply place {hook_url} in the Image URL field.
3. Phishing Email Details & Settings
The Template Settings sidebar contains dropdown menus that allow you to configure more specific template options.
If there is an error with your template, it will be displayed above the Template Settings section.
- Template Settings - Displays general information about the phishing email template.
- Template Name - Name of the template to be displayed throughout the portal.
- Template Description - A Brief description of the template to be displayed throughout the portal.
- Template Categories - Categories assigned to the template to be used for filtering.
- Email Settings - Displays settings specific to the currently displayed template localization.
- From Name - Name to be used in the email's from address.
- From Email - Email to be used in the email's from address (Cannot include special characters).
- Reply-To Email - Email to be used in the email's reply-to address
- Email Subject - Subject line of the email.
- Default Locale - Toggle to make the currently viewed localization the default for the template. The default localization will be used as the localization for any Targets that do not have a language set.
- Completion Settings - Set up the next step in the phishing progression upon target failure.
- Completion Options - Select a redirect option that triggers if a target clicks on a link in the email.
- No Redirect (Reply-To only) - Targets will not be redirected.
- Landing Page Template - Select a landing page to redirect the target to, either a custom page or a system library page. There is also an option to copy the current landing page (if one is already selected) or create a new page from scratch.
- URL Redirect - Redirect the user to any URL you choose.
- Training Page - Select a training page to redirect the target to, either a custom page or a system library page. There is also an option to copy the current training page (if one is already selected) or create a new page from scratch.
The appropriate secondary fields you will need to fill out will appear based upon your selection in landing Page Options, either a drop-down to select the landing/training page you want or a text input field to enter a URL.
- Domain Name - This allows you to specify what the domain of the landing/training page is. It is recommended to use the same domain as the From and Reply-To domain on the template. When you change the domain name for the template, it will automatically change it for all localizations.
- Completion Options - Select a redirect option that triggers if a target clicks on a link in the email.
-
Custom Mail Servers - Configure your own mail servers to send the test emails (the SMTP settings) or a custom inbox (the IMAP settings) to receive reply-to emails that the system can scan and log. For each, you will need to know the host, port, username, password, and encryption type. Once your settings are entered, you will need to click the Test Settings button to verify that the system can connect. The Clear button allows you to remove all settings.
- NOTE: Custom inboxes are no longer required to log reply-to failures.
- Tracking Settings - Adjust how failures will be tracked for the template.
- Track Attachment Open - Add an attachment to your email that can be tracked in the system. In order to use this option, you must use the predesigned file from the system (Word .doc or Excel .xlsm). You can download this file directly from the template editor. This file contains a special tracking key that the system is listening for. In order for the download tracking to work, targets must have protected mode turned off and macros enabled on their Word or Excel app. You are free to add your own content to this file, however, do not modify the TrackingKey.
The TrackingKey must be in sheet 1 in cell A299. Save as .xlsm. Once you have finished editing your files you can upload them using the Add Attachment button.
- NOTE: If you would like to use images in the .xlsm file, they must be bound to cells in order to preserve the formatting of the document for parsing. See the following article for more information: https://trumpexcel.com/insert-picture-into-excel-cell/
- Track Custom Domain Replies - Track email replies to your phishing emails. In order for this to work, you will need to set up an incoming mail server (IMAP) for the system to monitor. The system will log in periodically and scan for emails. To enter your IMAP credentials into the system, click on the Change Outgoing/Incoming Server link and a pop-up window will appear that will allow you to test the connection. If you are using a system domain replies will automatically be tracked as long as the reply-to address is using the same domain.
- Track Email Opens - This option can no longer be turned off.
- Track Attachment Open - Add an attachment to your email that can be tracked in the system. In order to use this option, you must use the predesigned file from the system (Word .doc or Excel .xlsm). You can download this file directly from the template editor. This file contains a special tracking key that the system is listening for. In order for the download tracking to work, targets must have protected mode turned off and macros enabled on their Word or Excel app. You are free to add your own content to this file, however, do not modify the TrackingKey.
- Miscellaneous
- Hook URL Link Text -
- Customize how the URLs are displayed in the emails. By entering text in this field you can customize how the anchor tag will read. Additionally, you can choose to check the Not Needed checkbox to display the link URL in the text instead.
NOTE: The {hook_url}/{hook_link} variables are how the system tracks a “Click” and the way you get your targets to the next step in the phishing progression (either to a landing or training page or a URL redirect). Unless you only want to track email opens and replies, your email MUST contain one of these customization tags in the email body. The {hook_url} contains the entire URL to the landing or training page, whereas the {hook_link} is clickable text that leads to the landing or training page. - Custom Header Name & Value - Add your own custom header information to your email to help you safelist (whitelist) and prevent test emails from going to the spam folder.
- Body Background Color - Change the background color of the email html.
4. Add Locale, Preview, and Fullscreen Editor Buttons
The buttons at the bottom of the template editor allow you to restore the template to the way it was when you originally loaded the page, open the WYSIWYG and/or HTML editor, as well as change the layout.
- Current Locale drop-down - The drop-down in the bottom-left corner of the template editor lets you display a different locale for the template. You can add a new locale by clicking the plus icon. A popup will appear asking you to choose an existing locale to copy and the new locale you want to add. Once the locale has been created you will need to edit it to add your translation.
- Restore - Remove any changes made since the last save.
- Edit HTML - Switches window to an HTML editor to edit the email HTML directly. The phishing email template automatically generates the <html>, <head>, and <form> tag for you. Everything you create will go inside the <form> tag. If you include these tags in your HTML it will cause errors on the email when loaded.
- Fullscreen Editor lets you edit the phishing email in the WYSIWYG editor.
Comments
0 comments
Please sign in to leave a comment.