Creating Templates

Gathering the Details

Begin by gathering the information relevant to your campaign

Name - Think of a name for your template. This will come in useful when identifying it in the future. Especially if this is a generic phishing campaign that will be reused (E.g.,Important Updates on Employee Dress Code)
Subject - Give the template a subject title. This should be something engaging that the end-user will want to click on.
Sender - Provide a name for the user or organization that the email is simulating. This could be something as simple as [COMPANY] to a specific user working at the company you're impersonathing e.g., [John Doe]

Building the Template

This may be the hardest part of your day. Creating a convincing pretext that will convince the target to click a link or download a document.

Thankfully there are several repositories available online with templates and pretext ideas that are ready to go:

The following details a template that I've used previously. The landing page was a link to the employee login where after credentials were entered where once I successfully landed a phish I could access the employee portal and attempt credential stuffing throughout the environment.

<html>
<head>
	<title></title>
</head>
<body>
<div align="center"><img 
[SNIP]
<p><font face="Verdana">Dear {{.Email}},&nbsp;</font></p>

<p><font face="Verdana"><font face="Verdana">You&#39;ve received a package! Your company has enrolled you in Your Package Pickup to simplify the mailroom process and get your package to you fast!</font></font></p>

<p><font face="Verdana"><font face="Verdana">The details of your package are as follows:</font></font></p>

<p><font face="Verdana"><font face="Verdana"><strong>Type</strong>: Parcel<br />
<strong>Carrier</strong>: Fed Ex<br />
<strong>Tracking Number</strong>: 231300687629630<br />
<strong>Method</strong>: 2-Day Express Saver<br />
<strong>Origin</strong>: Cincinnati, OH</font></font></p>

<p><font face="Verdana"><font face="Verdana">TO get started, you&#39;ll need to log into your account. It only takes a minute to get going - you can use your corporate e-mail credentials to log in.</font></font></p>

<p><font face="Verdana"><font face="Verdana">Set up your account now!<br />
Your Username: {{.Email}}<br />
<a href="{{.URL}}">https://www.yourpackagepickup.com/pickup</a></font></font></p>

<p><br />
<font face="Verdana"><font face="Verdana">Once you&#39;ve set up your account online, you&#39;ll select how you&#39;d like to receive your package. It&#39;s really that easy!</font></font></p>

<p><font face="Verdana"><font face="Verdana">Let us know if you have any issues with your shipment at {{.URL}}.</font></font></p>

<p><br />
<font face="Verdana"><font face="Verdana">Best,&nbsp;<br />
Your Package Pickup Care Team<br />
hello@yourpackagepickup.com</font></font></p>

<p><br />
<font face="Verdana"><font face="Verdana">Copyright 2019 YourPackagePickup. All rights reserved.<br />
&nbsp;</font></font></p>

<p><font face="Verdana">{{.Tracker}}</font></p>
</body>
</html>

PreviousPhishing NextLeveraging AI During Template Creation

Last updated 1 year ago

<html> <head> <title></title> </head> <body> <div align="center"><img [SNIP] Dear {{.Email}},  You've received a package! Your company has enrolled you in Your Package Pickup to simplify the mailroom process and get your package to you fast! The details of your package are as follows: Type: Parcel Carrier: Fed Ex Tracking Number: 231300687629630 Method: 2-Day Express Saver Origin: Cincinnati, OH TO get started, you'll need to log into your account. It only takes a minute to get going - you can use your corporate e-mail credentials to log in. Set up your account now! Your Username: {{.Email}} <a href="{{.URL}}">https://www.yourpackagepickup.com/pickup</a> Once you've set up your account online, you'll select how you'd like to receive your package. It's really that easy! Let us know if you have any issues with your shipment at {{.URL}}. Best,  Your Package Pickup Care Team hello@yourpackagepickup.com Copyright 2019 YourPackagePickup. All rights reserved.   {{.Tracker}} </body> </html>