Step 1: Navigate to template creation
Navigate to the PhishGrid Dashboard.
Click on ‘New Template’ to begin creating your phishing template.
Step 2: Click on ‘Create’ in Email Attack Designer
Step 3: Enter Basic Information
Enter the “Template name” and “Template description” to help identify and describe the purpose of your template.
Step 4: Configure Template Settings
- Type in any relevant “Tag” for better categorization.
- Choose the difficulty level by clicking on options like ‘Beginner’,‘Intermediate’, ‘Advanced’., based on the complexity of the template.
- Click on ‘Private’ if you wish to make this template accessible only to your organization. (By default templates are private)
Step 5: Specify Email Details:
- Type “Sender’s Name” in the field provided.
- Enter “Sender’s Username” to customize the sender’s username that will appear in the email.
- Select the sender’s email server from the options provided (e.g.‘mailservers.xyz’, ‘secure365.org’)
- Enter a “logo url” if you want to include an image in the email template.
- Type the “Email subject” to define the subject line of the phishing email.
Step 6: Adding Content to Your Template:
You have three options for adding content to your phishing template:
WYSIWYG Editor:
Directly edit or add content to your template using the What You See Is What You Get (WYSIWYG) editor. This option allows for a hands-on approach to customizing the content with formatting options.
Email to Generate Template:
You can mail your template to [email protected]. The content of the sent email will be used to generate your phishing template. This method is useful if you want to use an actual phishing attempt or a specific email format as a base for your template.
Upload an EML File:
If you have an email saved as an .eml file, you can upload this file directly. This option is convenient for using pre-existing email content or importing templates from other sources.
Step 7: Select Default Awareness content
You can add default awareness content with template that will be shown to the phished user, to aware about such phishing emails.
Also you can choose domain to serve your awareness contents in “Advance options” while selecting content.
Step 8: Add an attachment (Optional)
Before completing your template in PhishGrid, utilize the “Attach File” or “Add Attachment” feature found in the template editor to include a document, PDF, or any non-malicious file to your phishing email. Select this option, choose a relevant and safe file from your computer, and
confirm the upload.
Best Practices for Using Attachments in Phishing Templates
Relevance: Make sure the attachment is relevant to the scenario you are simulating. For example, a fake invoice for financial-themed phishing or a bogus internal report for spear-phishing targeted at specific departments.
Safety: Ensure the attachment is harmless and does not contain any actual malicious code. The goal is to educate, not to harm.
File Type Awareness: Be aware of the file types that are commonly flagged by email security systems. While it’s important for simulations to be realistic, you don’t want your educational emails to be automatically blocked or cause undue alarm.
Instructional Value: Consider using the attachment as part of the learning process. For instance, you could include tips on identifying malicious attachments within the document, providing immediate
educational value when the target opens it.