In today’s digital landscape, phishing attacks remain one of the most persistent threats to individuals and organizations alike. To empower security teams with robust simulation tools that reflect the evolving tactics of cybercriminals, our team embarked on a project to develop a comprehensive set of phishing templates. Our goal: to create 50 new, highly realistic phishing templates spanning a variety of attack types, difficulty levels, and world languages. Here’s a behind-the-scenes look at our process and what this means for security awareness training.
Selecting diverse attack types, calibrating difficulty levels, and translating templates into world languages are all essential for effective phishing simulation. Attack types ensure that employees are exposed to the full range of real-world tactics, from fake payment requests to social media notifications, improving their ability to spot threats in any context. Varying the difficulty levels—from obvious to highly sophisticated—lets organizations challenge everyone from new hires to seasoned staff, supporting continual security skill development. Finally, translating templates into multiple languages makes the training accessible to global workforces, ensuring that every employee, regardless of language or location, gains the tools to recognize and report phishing attempts.
Crafting the Foundation: 10 Attack Themes, 50 Templates
We began by outlining ten common attack themes that reflect the current threat landscape. Each theme received careful attention to ensure the scenarios were both plausible and up-to-date. The themes included:
- Account Compromise
- Payment Request
- Security Alert
- Document Share
- HR Update
- Social Media Notification
- Shipping Confirmation
- Subscription Renewal
- Survey Request
- Job Offer
For each theme, we generated five unique phishing templates, resulting in a total of 50 templates. The templates impersonated a diverse range of brands and services—from Gmail, Amazon, and Microsoft 365 to social media giants like Facebook, LinkedIn, and TikTok, as well as industry-specific platforms such as SAP and Workday. This diversity ensures that organizations can run simulations relevant to their users’ daily digital experiences.
Realism Meets Challenge: Difficulty Levels
A critical aspect of the project was ensuring that our templates covered a spectrum of difficulty levels:
- High: Sophisticated messages with realistic branding, convincing pretexts, and minimal tell-tale signs.
- Medium: Plausible but with some subtle cues that can trip up the unwary.
- Low: Obvious errors or red flags, suitable for baseline training or new users.
Each template was carefully crafted to match its assigned NIST-aligned difficulty level. For example, a high difficulty “Account Compromise” email might impersonate a trusted financial institution like Chase Bank, complete with professional language and accurate branding.
In contrast, a low-difficulty template might feature a poorly formatted message from an unfamiliar sender.
From English to Global: 25 Languages
Phishing is a global threat, and so is the need for security awareness. After generating the initial batch of 50 English-language templates, we translated each one into 24 additional languages. This resulted in a total of 1,250 templates (50 templates x 25 languages), making it possible for multinational organizations to run simulations that are linguistically and culturally relevant for their user base.
Impact: Training for the Real World
With this new library, security teams can now deploy a wide variety of phishing simulation campaigns:
- Breadth: Covering everything from fake HR updates to convincing payment requests and social media notifications.
- Depth: Difficulty levels let organizations tailor simulations to user maturity, from new hires to executives.
- Localization: Language support means no employee is left out of critical phishing awareness training.
Most importantly, these templates reflect real-world tactics—helping users build the skills and instincts they need to stay one step ahead of attackers.
Ready for the Next Challenge?
The threat landscape will continue to evolve, and so will our templates. By building a scalable, diverse, and realistic library, we’re helping organizations transform their users into their first line of defense—no matter where they are in the world.
Explore the full set of templates and see how you can strengthen your organization’s phishing resilience today.
