Overview
The Phishing Email Template editor provides a flexible way to customize your phishing email templates. You can choose to edit emails using the intuitive WYSIWYG editor or, for more advanced customization, modify the HTML/CSS code directly.
Use the links below to jump to a section:
- Template Editor Top Bar
- Template Editor
- Phishing Email Details & Settings
- Add Locale, Preview, and Fullscreen Editor Buttons
- QR Codes
Template Editor Top Bar
-
The 'Preview & Test' button allows you to send a test copy of the phishing email to your inbox. Clicking this button will open a popup where you can enter the email address you’d like to send it to. Additionally, you can replicate a specific target by enabling the 'Replicate a specific target' toggle. This feature replaces any variables in the phishing email template, such as
{fname}
,{email}
,{company}
, etc., with the corresponding data for that specific target.
- To retain any changes made during editing, including information entered in a popup window, be sure to click the 'Save' button.
- If the Phishing Email template is configured with a Landing Page completion option, the 'Landing Page' tab will become visible. Click on this tab to access and view the Landing Page.
- If the Phishing Email template is configured with a Training Page completion option, or if the Landing Page is configured with a Training Page completion option, the 'Training Page' tab will be visible. Click on this tab to view the Training Page.
NOTE: If there are emails scheduled to send using the phishing email template, the top tab will display a spinning icon, indicating that this template is being used in an active campaign. This is how it appears:
Template Editor
You can customize the body of the template using the WYSIWYG editor, allowing you to add images, icons, tables, text, and more.
To ensure that any links redirect to the template’s Landing or Training Page and are tracked correctly, use {hook_url}
as the URL. The system will automatically replace this tag with the appropriate link. For example, if you include an anchor tag in the template that looks like this:
In the email that a target receives, the HTML for the link would appear similar to this:
When editing the template, the 'Variables' dropdown allows you to select items that will be dynamically replaced in the actual test email. This includes various fields such as the target’s name, as well as optional group and target fields. For a comprehensive listing of available variables, please refer to the Template Editor - Available Variables article.
You can use {hook_url}
instead of {hook_link}
. The {hook_url}
tag represents the full URL within the email, while {hook_link}
is an anchor tag that has its href attribute set to {hook_url}
. The display text for {hook_link}
can be configured under Miscellaneous > Hook URL Link Text.
Additionally, {hook_url}
can be utilized for clickable images; simply insert {hook_url}
in the Image URL field to enable tracking."
To upload an image to the phishing email template, click the Image button indicated below. You will need to select an image from your computer, upload it to the server, and then choose it for inclusion in the template.
The Code tab on the template editor allows you to edit the HTML/CSS of the template.
Phishing Email Details & Settings
The Phishing Email Details & Settings sidebar includes dropdown menus that enable you to configure detailed template options and settings.
If there are any errors in your template, they will be displayed prominently above the Template Settings section.
Template Settings
- Template Name - Name of the template to be displayed throughout PhishingBox.
- Template Description - A Brief description of the template to be displayed throughout PhishingBox.
- Template Categories - Categories assigned to the template (primarily used for to help you filter and group certain templates when searching).
Email Settings
- From Name - Name to be used in the email's from address.
- From Email - Email to be used in the email's from address (cannot include special characters).
- Reply-To Email - Email to be used in the email's reply-to address.
- Email Subject - Subject line of the email.
- Default Locale - Toggle this option to set the currently viewed localization as the default for the template. The default localization will apply to any targets that do not have a specific language set.
Completion Settings
Options in the Completion Settings section determine the next step in the phishing progression upon target failure.
-
Completion Options - Select a redirect option that triggers if a target clicks on a hook link in the email.
- No Redirect (Reply-To only) - Targets will not be redirected to a landing page, training page, or custom URL. This option is intended for reply only campaigns.
- Landing Page Template - Select a Landing Page to which the target will be redirected. The list will include both account-created and modified templates, as well as landing page templates from the PhishingBox Template Library.
- URL Redirect - Redirect the user to any URL you choose.
-
Training Page - Select a Training Page to which the target will be redirected. The list will include both account-created and modified templates, as well as training page templates from the PhishingBox Template Library.
NOTE: The relevant secondary fields will appear based on your completion selection. You will either see a dropdown menu to choose the desired landing or training page, or a text input field to enter a URL for URL redirection.
- Domain Name - This allows you to specify what the domain of the landing/training page is. It is recommended to use the same domain as the From and Reply-To domain on the template. When you change the domain name for the template, it will automatically change it for all localizations.
Custom Mail Servers - This setting has been migrated to the Mail Settings page.
NOTE: Custom inboxes are not required to log reply-to actions.
Tracking Settings
Configure attachment tracking in the Tracking Settings section.
Use the "Track an Attachment" switch to enable attachment tracking on the template.
Select attachment (Coming Soon!)
Use the "Select attachment" control to select an attachment for the phishing email.
Select a file type - attachments can be sent as .html or .pdf files.
Click the "Download Preview" button to download a preview of the respective HTML or PDF file.
Attachments will contain hook links that when navigated to or requested by an HTTP client will log an "Opened Attachment" action in your testing data.
Attachments can be viewed, created, and updated via the Manage Attachments page (if applicable - only enabled for some accounts). Selectable attachments will be populated based on library attachments that are enabled for your account.
If there are no attachments suitable for your desired phish experience, attachments may be created per your request.
Track .xlsm or .doc attachments (DEPRECATED)
NOTE: Tracking .xlsm or .doc files is a deprecated feature that will be removed in a future version. Leveraging .xlsm or .doc tracking may not reliably track attachment opens.
- Track Attachment Open - Add an attachment to your email that can be tracked in the system. In order to use this option, you must use the predesigned file from the system (Word .doc or Excel .xlsm). You can download this file directly from the template editor. This file contains a special tracking key that the system is listening for. In order for the download tracking to work, targets must have protected mode turned off and macros enabled on their Word or Excel app. You are free to add your own content to this file, however, do not modify the TrackingKey.
- If using a word doc (.doc), the document must contain the string `phishTrackingPixel` to record attachment open actions.
- If using excel (.xlsm), the string `TrackingKey` must be in sheet 1 in cell A299 to record attachment open actions. Save as .xlsm. Once you have finished editing your files you can upload them using the Add Attachment button.
NOTE: If you would like to use images in the .xlsm file, they must be bound to cells in order to preserve the formatting of the document for parsing. See the following article for more information: https://trumpexcel.com/insert-picture-into-excel-cell/
- Track Custom Domain Replies - This setting is deprecated. Replies to phishing emails will always be logged. However, if the reply goes to an email address with a domain that is not a PhishingBox domain, then the reply action will be logged only if there is a Reply Inbox connection configured for the email address (see the Mail Settings page for instructions on configuring a Reply Inbox).
Miscellaneous
-
Hook URL Link Text - This text is displayed whenever the
{hook_link}
variable is used. By entering text in this field, you can customize the display text of the anchor tag. Alternatively, you can check the 'Not Needed' checkbox to display the link URL in place of the text.
NOTE: The
{hook_url}
and{hook_link}
variables are essential for tracking 'Click' events and guiding your targets to the next step in the phishing progression, whether it be a landing page, training page, or a URL redirect. Unless your goal is to track only email opens and replies, your email must include one of these customization tags in the body. The{hook_url}
variable contains the complete URL to the landing or training page, while the{hook_link}
variable represents clickable text that directs users to that same page. - Custom Header Name & Value - Add your own custom headers information to the email. You can then create safelisting rules in your mail client based on the custom headers.
- Body Background Color - Change the background color of the email.
Add Locale, Preview, and Fullscreen Editor Buttons
The buttons at the bottom of the Template Editor provide several functionalities: you can restore the template to its original state when the page was first loaded, modify or create locales, and access the WYSIWYG and/or HTML editor.
-
Current Locale drop-down - The drop-down in the bottom-left corner of the template editor lets you display a different locale for the template.
- Delete Locale - Click the 'Delete' button to remove the currently selected locale. Please note that the default locale cannot be deleted.
- Create New Locale - Add a new locale by clicking the plus icon. A popup will appear asking you to choose an existing locale to copy and the new locale you want to add. Once the locale has been created you will need to edit it to add your translation.
- AWS Translate - Clicking the globe icon will open the AWS Translate popup. This tool translates the default localization into the selected languages, creating a new locale for each language.
- Import localizations - Import localizations via CSV.
- Restore - Remove any changes made since the last save.
- Fullscreen Editor - This option expands the Template Editor to full screen, with one half dedicated to the code editor and the other half displaying the WYSIWYG editor.
QR Codes
QR codes can be inserted into templates. These codes must be scanned by a QR code reader to work. QR readers are available through the camera of most smartphones. To add a QR code you must select the {qrcode}
variable from the Variables drop down or insert the following code into the HTML.
<img align="middle" class="qrcode-replace" src="{qrcode}"/>
Comments
0 comments
Please sign in to leave a comment.