Spear phishing is the act of sending an email to a specific and well-researched target audience while pretending to be a trusted sender. A phishing email is sent to a large number of individuals with generic and no targeted information. Rather, a spear-phishing email is purposefully built by a threat with the hopes of penetrating an entire organisation. It is well researched with names, roles, trusted company names and branding to catch individuals out. If a single individual engages with a spear-phishing email, it can compromise the entire organisation.
It is important to test your organisation using spear-phishing templates to ensure they are always thinking about cyber security and reporting malicious emails.
This article will cover how to use the spear-phishing feature to send a specific template to a select user/s or group. It is recommended that you create your own template that is tailored to your organization. This allows you to also make it as sophisticated as you want, however, you are still able to clone and use one of the existing templates within the portal.
How to Create a Spear Phishing Template:
1. Go to the Email Templates tab and select Templates > New Template > Spear Phishing
2. Choose to Upload a file or Create From Blank Template
3. Edit Template Title, From, Subject, Attach file (optional), Description (optional) and craft your message with the editor via Visual, HTML, or Plain Text
4. Further Customise your template by using the menu on the right hand side of the screen
Options for customising your spear phishing email template:
- Type - Type of email template you would like to create.
- Credential Capture - This is a method used to steal account names and passwords.
- Micro Course - Select content related to this email template for learners to be trained on if they click on a link
- Domain - Here you can see all links and emails used in your template
- Personalise - Personalise this template with any property that exists on a contact record (e.g., name or email)
Note: If you populate attributes in your Active Directory synchronisation for students list, then you can use those fields to customise the email template in more detail.
- Share Template - Set which zones can use this template
Note: This will appear if you have sub zone (subaccounts)
- Spear Phishing - This allows you to create a Spear Phishing block so that you can send this template to select learners
Once finished you have the option to Preview and Test, Save, and Publish the template.