Choosing the Right Template

This support article is written for AntiPhish customers who find out how to choose the right phishing campaign.

Phishing emails can vary dramatically in sophistication; the current trend of malicious phishing ‘in the wild’ seems to point towards ever-increasing realism. In turn, organisations find it harder each year to detect and ‘weed out’ the criminal’s number one attack vector. AntiPhish plans to change this. 

The campaign you have commissioned can be fully customised to allow you to gauge your organisation’s baseline click rate, target training and then effectively monitor the reduction in employee phishing susceptibility, all whilst gathering key statistics. 

All phishing emails are designed by our team of experienced social engineering consultants who bring leading industry knowledge and experience to your campaign. Within the remits of this service, we aim to replicate common phishing email tactics such as quid pro quo, distraction and realism.

There is no one template-for-all. Every business is unique; each business will have a different mix of systems and suppliers. The aim is not to try and ‘catch out’ employees during a phishing campaign, but to replicate an attack as a cyber criminal would. A cyber criminal would spend time getting to know your organisation, finding out what makes your employees ‘tick’. 

So when choosing your templates, remember our tips: 

• Identify what systems you use: If your organisation’s email is managed by Google, it makes sense not to choose Microsoft branded emails.
• Identify your suppliers: Your organisation will have certain suppliers, such as DHL, FedEx or Royal Mail. 
• Watch the news: Choosing a topical email is more likely to be successful than one that isn’t. For example, travel distributions may work well during winter months.

Reading and sharing threat intelligence from CISP or OWSAP can often identify what threats are currently targeting organisations.