Phishing Template FAQ
What adjustments can be made to the phishing templates?
Our SoSafe Select templates have proven effective over the years. They provide different levels of difficulty and work with various psychological factors. It is not recommended to adjust these templates outside of the specified placeholders.
There are various placeholders in the templates that we can tailor to your company. In the initial stage, these include the sender address and company domain, salutation, phishing link, and signature, for example. We can also adjust any logos.
The scope of (further) adjustments depends on the booked package.
Customized templates:
Customized spear phishing templates (Premium) can be adjusted to suit your internal communications (manner of speech, signature), thereby increasing the difficulty.
Further information can be found in the Spear Phishing FAQ.
Can real names be used for the sender?
Real names are available in the Premium Package on request. This increases the difficulty of the template significantly and should be discussed with the person whose name is being used.
If an individual responds to a simulated email from someone they believe to be an actual coworker, this response is not sent to the respective employee, but rather to us. We are however unable to read it and only count the number of responses to an email (answer rate). The person who responded will receive an automated response in which they are notified that they responded to a simulated phishing email. It may also be possible for the users to personally contact the supposed sender to ask whether the e-mail is genuine. The person whose name we are using should be prepared for this and capable of identifying the email as a phishing simulation and directing the recipient to the learning page if they are asked about the email.
However, in our simulations we state that fake names also lead to high click rates, meaning that real names are not absolutely necessary.
Can we also exclusively use external templates?
We do recommend using a wide range of different templates, including your own and those that we provide. However, if you want to use external emails only, please discuss this with your Implementation Manager.
Are the simulated phishing emails actually sent from our domain?
No. The phishing emails are solely sent from our servers with our domains. The domains you see in the whitelisting list (in the SoSafe Manager under Settings / Whitelisting), and which a user could see if they try to respond to a simulated email.
The technology used for this ("domain spoofing") is very common. This way actual criminals can easily make an email look as it came from an internal address.
Does it make sense to adjust the signature?
Please note that adjusting the signature makes the templates considerably more difficult.
We are happy to replicate your signature (Premium Package). This can be done for various language, too. Please send your Implementation Manager your internal signature and he/she will handle it from there.
What are interactive templates?
Interactive templates are landing pages that users are directed to after clicking on a link in a phishing mail. On this page they are for example asked to log in, deceiving users to give up their login credentials. Of course, this is all part of a phishing simulation and the users will be forwarded to our landing page.
Currently, 20 different interactive templates are available, and there are still more to come.
Our internal communication works / looks differently.
Not all templates are perfectly tailored to your manner of speech. This is intended and good for these reasons
This way we can offer different levels of difficulty. Templates that are supposedly simple often achieve a high click rate.
We also want to achieve a learning effect, as the templates should be puzzling for the users at first glance.
Of course, we can tailor the customized phishing templates (Premium Package) to your exact internal communication (manner of speech, signature), thereby increasing the difficulty.