This section describes how to use the template editor.
1. Template Top Bar
Contains several important items.
You will need to click the Save button in order to retain any changes you have made while editing, this includes any information entered on a pop-up window.
Clicking the Close button will return you to the Manage Phishing Templates page.
In order to send yourself a preview email of the template use the Preview & Test button.
2. Template & Email Details
This sidebar contains dropdown menus that allow you to configure more specific template options. Here, you can specify the From and Reply-To email address as well as the From Domain.
If there is an error with your template, it will be displayed above the Template Settings section.
3. Email Editor
Edit the content of the template email as would appear in a typical email client.
4. Editing Options
The buttons at the bottom of the template editor allow you to restore the template to the way it was when you originally loaded the page, open the WYSIWYG and/or HTML editor, as well as change the layout.
Clicking Change Layouts lets you choose a different layout type for your template.
Clicking Edit HTML lets you edit the HTML in a popup.
Clicking the Fullscreen Editor lets you edit the template in the WYSIWYG editor. You can also edit the CSS and HTML of the template in the popup after clicking Fullscreen Editor button.
Any links you want to redirect to the template’s landing/training page (and be tracked) should use {hook_url} as the URL. The system will replace this tag automatically with the appropriate link.
When editing the template, the Variables dropdown allows you to select items that will be replaced in the actual test email. These include, but are not limited to, such items as the target’s name, or optional group and target fields. See the appendix for a listing of available variables. The “hook_url” can be used in place of the “hook_link”. This option will show the entire URL in the email. This is also used if you want a clickable image. Images may also be clickable for tracking purposes, simply place {hook_url} in the Image URL field.
5. Settings Drop-Downs
There are several useful settings drop-downs to the right of the template editor.
1. Template Settings - Displays general information about the email template including name, description, categories, and the phishing domain used by the template. Click "Configure Domain Name" to change the domain used by the template.
To use a custom domain or CNAME on a phishing template, see article: Configure a Custom Domain or CNAME
2. Email Settings - Set the from name, from email, reply-to email, and subject line for the phishing email.
3. Completion Settings - Set up the next step in the phishing progression.
- Landing Page - Select a landing page to redirect the target to where they can continue to be phished, either your own custom page or a system library page. There is also an option to copy the current landing page (if one is already selected) or create a new page from scratch.
- Training Page - Select a training page to redirect the target to, either your own custom page or a system library page. There is also an option to copy the current training page (if one is already selected) or create a new page from scratch.
- URL Redirect - Redirect the user to a URL of your choosing.
- Domain Name - Lets you specify what the domain of the landing/training page is. It is recommended to use the same domain as the From and Reply-To domain on the template.
The appropriate secondary fields you will need to fill out will appear based upon your selection in landing Page Options, either a drop-down to select the landing/training page you want or a text input field to enter a URL.
4. Custom Mail Servers - Configure your own mail servers to send the test emails (the SMTP settings) or a custom inbox (the IMAP settings) to receive reply-to emails that the system can scan and log. For each, you will need to know the host, port, username, password, and encryption type. Once your settings are entered, you will need to click the Test Settings button to verify that the system can connect.
- NOTE: Custom inboxes are no longer required to log reply-to failures.
5. Tracking Settings - Adjust how failures will be tracked for the template.
- Track Attachment Open - Add an attachment to your email that can be tracked in the system. In order to use this option, you must use the predesigned file from the system (Word .docm or Excel .xlsm). You can download this file directly from the template editor. This file contains a special tracking key that the system is listening for. In order for the download tracking to work, targets must have protected mode turned off and macros enabled on their Word or Excel app. You are free to add your own content to this file, however, do not modify the {{tracking_key}}. The {{tracking_key}} must be in sheet 1 in cell A299. Save as .xlsm. Once you have finished editing your files you can upload them using the Add Attachment button.
- NOTE: If you would like to use images in the .xlsm file, they must be bound to cells in order to preserve the formatting of the document for parsing. See the following article for more information: https://trumpexcel.com/insert-picture-into-excel-cell/
- Track Custom Domain Replies - Track email replies to your phishing emails. In order for this to work, you will need to set up an incoming mail server (IMAP) for the system to monitor. The system will log in periodically and scan for emails. To enter your IMAP credentials into the system, click on the Change Outgoing/Incoming Server link and a pop-up window will appear that will allow you to test the connection. If you are using a system domain replies will automatically be tracked as long as the reply-to address is using the same domain.
6. Misc. Settings
- Hook URL Link Text - Customize how the URLs are displayed in the emails. By entering text in this field you can customize how the anchor tag will read. Additionally, you can choose to check the Not Needed checkbox to display the link URL in the text instead.
NOTE: The {hook_url}/{hook_link} variables are how the system tracks a “Click” and the way you get your targets to the next step in the phishing progression (either to a landing or training page or a URL redirect). Unless you only want to track email opens and replies, your email MUST contain one of these customization tags in the email body. The {hook_url} contains the entire URL to the landing or training page, whereas the {hook_link} is clickable text that leads to the landing or training page. - Custom Header Name & Value - Add your own custom header information to your email to help you safelist (whitelist) and prevent test emails from going to the spam folder.
Comments
0 comments
Please sign in to leave a comment.