cancel
Showing results for 
Search instead for 
Did you mean: 

How to customize the email messages used in phishing campaigns

No ratings

How to customize the email messages used in phishing campaigns with Webroot’s Security Awareness Training

 

Webroot’s Security Awareness Training is a very effective method for testing user’s security knowledge and behaviors. One of the reasons is because the email templates used as part of the simulated phishing campaigns are very realistic. These templates are made to closely resemble official messages sent by the actual companies they represent, using logos, accurate terminology and a professional format and presentation.

 

It is possible to modify existing templates or create brand new templates using your own images, body text, subject, from name and from email address. This level of customization ensures that if an existing template does not meet the needs as it exists, the right message can be created and used.

 

This article contains information to assist with specific scenarios, click the title to be taken to that section:

 

Creating a custom template while setting up a new phishing campaign

The simulated phishing email message used as part of a campaign can be configured when a new campaign is created.

 

To start a new phishing campaign:

 

  1. Log into the GSM console.
  2. Open the Webroot Security Awareness Training console.
  3. Select New Campaign from the options in the left hand navigation area.
  4. Click the Start a new simulation --> link to begin the creation of a new phishing campaign.
    sat-pheml-1.png
  5. Enter a Simulation Name and Description, then click the Save Simulation button.sat-pheml-2.png
  6. Click the Save/Next button in the top right corner to advance to the next step of selecting targets, which opens the Targets page.
  7. Once the target list has been configured using the Targets page, click the Save/Next button in the top right corner to advance to the next step of configuring the simulated phishing attack email message. This will open the Design Phishing Email page.
  8. On this page you will select the template to use for the phishing email or create a customized template for this campaign.
    • If the template has already been created, enter the name of the template into the text block labeled Type to search for email templates to select it to use for this campaign.
    • To create a customized template for this campaign, click the envelope button to open the Select an Email Template page to see the complete list of all pre-existing templates that can be customized.sat-pheml-3.png
  9. The Select an Email Template page provides a list of all the pre-existing templates. By default, it will display 5 templates at a time, this can be changed to display 25, 50, 100, 250 or 500 records. Selecting a specific template will display that template and allow customization. 

    In this example, we will customize the Alaska Airlines Password Expired template.sat-pheml-4.png
  10. After clicking the Alaska Airlines Password Expired template, you will be returned to the Design Phishing Email page.
    • To use this template as a starting point, click the Customize this template button (in blue) to bring up the editor so changes can be made to the template. Proceed to step 11.
    • To start with a completely blank message body and enter all the information manually, click the Use empty template button. Proceed to step 13.
      sat-pheml-5.png
  11. This shows the editor, which is a page titled Customize Email Template, after selecting the Alaska Airlines Password Expired template. Make the desired changes to the template, then click the Save Changes button.
    sat-pheml-6.pngNOTE: If a system email template is modified, the modified copy will be saved, but the original template will remain unchanged.
  12. Now that the email template has been customized and saved, complete the campaign setup process to begin using the customized template.
  13. This shows the editor, which is a page titled Customize Email Template, after clicking the Use empty template Use this screen to customize the From Name, From Address, Subject and Email Body. Once changes have been made, click the Save Changes button to commit them.
    sat-pheml-7.png
  14. Now that the email template has been customized and saved, complete the campaign setup process to begin using the customized template.

 

Creating a custom template from a pre-existing template using the Settings page

 

  1. Log into the GSM console.
  2. Open the Webroot Security Awareness Training console.
  3. From the left hand navigation bar, click Settings, then Email.
  4. This will open the Email Templates page. To browse through existing templates, click the System tab, which displays all of the templates.
    sat-pheml-8.png
  5. Selecting an individual template will open that template in a view only mode, so the details of that template can be viewed. These details include template name, from name, from email, subject and email body.
  6. Click the Clone to Site Templates button to save a copy of this template locally that can then be edited.
    sat-pheml-9.png
  7. Once the template has been cloned, the editor window will have new buttons, which include Save, Close and Delete Template. Once changes have been completed, click the Save button to save the changes made.
    sat-pheml-10.png
  8. The created template will now be viewable in the Site section of the Email Templates page. It will also be available to use for other campaigns as they are created. Enter the template name when defining what template to use as part of a campaign to use it.

sat-pheml-11.png

 

Creating a brand new template from the Settings page

  1.  Log into the GSM console.
  2. Open the Webroot Security Awareness Training console.
  3. From the left hand navigation bar, click Settings, then Email. This opens the Email Templates page, which defaults to Site settings and will display any existing custom templates.
  4. Click the +New Email Template button to open the editor and begin creating the new template.
    sat-pheml-12.png
  5. The Email Templates page will display the editor and allow full customization of the email template, including:
    • Template Name – name of template
    • Categories – keywords that are used to group templates
    • Scope – site or global
    • Type – phishing, training, welcome or reminder
    • Status – unpublished or published
    • From Name – name of sender
    • From Email – email address of sender
    • Subject – subject of email
    • Email Body – body of email
      sat-pheml-13.png
  6. The embedded editor is very powerful and allows the creation of advanced text. Hovering over individual buttons will display a tool-tip to describe that buttons function. Text effects, numbered lists, embedded images and even iframes can be added as needed.
    sat-pheml-14.png
  7. Once the template has been customized, click the Save button to commit the changes. There are Save buttons at the top and bottom of the page.
  8. Any custom templates are viewable from WSAT Console > Settings > Email.
Version history
Revision #:
9 of 9
Last update:
‎08-13-2018 11:21 AM
Updated by:
 
Contributors