Our newest phishing templates for Engage are built on insights from Mimecast’s Threat Intelligence Group research into the XRED Malware Campaign (read more here).
We’re delivering these templates with an eye toward the tactics used by XRED, including warnings about strict compliance windows, low-effort responses to giveaways and professional development offers, and government compliance messaging. These enhanced templates leverage the most effective XRED campaign tactics—sender spoofing, urgency, official formatting, schema-less URLs, and advanced evasion—to create highly realistic phishing simulations. By incorporating these techniques, our templates simulate real-world phishing threats, helping organizations train employees to recognize and respond to increasingly sophisticated attacks.
Leveraging the latest threat intelligence, these templates provide a critical layer of defense in your Human Risk strategy. These templates show the evolving tactics of cybercriminals but also helps employees build the skills needed to detect and report phishing attempts. As attackers continue to innovate, organizations must stay ahead by preparing their workforce to recognize even the most convincing scams. These simulations are a vital step toward fostering a culture of vigilance and resilience in the face of modern cyber threats.
A Range of Challenges
We designed our templates to cover a range of difficulty levels, with varied attractants from different areas of interest or concern that help guide your organization to examine potential threats with a critical eye.
Each template aligns with accepted NIST difficulty standards and is crafted to test specific skills. For example, a high-difficulty "Account Compromise" email might impersonate a trusted financial institution, using professional language and accurate branding to appear legitimate. Sports-themed templates spur users to act quickly before losing access to online fan benefits. This month’s new templates ensure that users face realistic challenges, helping users build the skills needed to identify phishing attempts in real-world scenarios.
Ready for What’s Next?
As phishing tactics evolve, so do our templates. By offering a scalable, diverse, and realistic variety of templates, we empower organizations to transform their employees into their first line of defense—no matter where they are in the world. We’re committed to delivering new templates that meet your skill, locality, and needs in the moment, with relevant new discoveries and tactics.
Keep an eye on this space – we'll continue bringing you new, relevant templates on a continuous basis via future product blog posts.
Using these Templates with Engage
Download your HTML template.
- From the blog post above, download the .txt file associated with the template you'd like to use.
Import your HTML template
- Navigate to Phishing Training
- In the Engage platform, go to the Phishing Training section.
- Open the Template Library
- Click on the Template Library menu item.
- Customize an Existing Template
- Find any template in the library and click the Customize button.
- This will open the template in the WYSIWYG editor.
- Access the Source Code Editor
- In the WYSIWYG editor toolbar, locate and click the View Source Code button ( represented by </> ).
- An editable pop-up modal will appear, displaying the current HTML source code.
- Replace with Your HTML
- Open your .txt file containing the HTML source code.
- Copy all the HTML from your file.
- In the Engage source code modal, select all existing code and paste your HTML in its place.
- Click Save.
- Preview Your Template
- You should now see your custom email template rendered in the right-hand preview pane.
Optimize and Save Your Template
- Give your template a unique name for easy identification.
- Update the Subject Line to match your campaign’s theme.
- Set the Difficulty Level and select a Phishing Category that best fits your template.
- Add a Display Name and any relevant tags to help with organization and reporting.
- Consider adding graphics or logos that map to the img tag in the downloadable templates for added realism.
Launch a Phishing Campaign Using Your Template
- Go to Campaigns
- Under thePhishing Training menu, select Campaigns.
- Add a New Campaign
- Configure Your Campaign
- Fill in the campaign details as you normally would.
- When prompted to select a template, choose your newly created template by its unique name from the Templates dropdown.
- Complete and Launch
- Review your settings and launch the campaign.
Pro Tips
- Double-check your HTML for broken links or missing images before saving.
- Use descriptive tags and a clear display name for easier tracking and reporting.
- Test your template by sending a preview to yourself or a test group before launching to all users.
