Begin by gathering the information relevant to your campaign
- Name - Think of a name for your template. This will come in useful when identifying it in the future. Especially if this is a generic phishing campaign that will be reused (E.g.,Important Updates on Employee Dress Code)
- Subject - Give the template a subject title. This should be something engaging that the end-user will want to click on.
- Sender - Provide a name for the user or organization that the email is simulating. This could be something as simple as [COMPANY] to a specific user working at the company you're impersonathing e.g., [John Doe]
This may be the hardest part of your day. Creating a convincing pretext that will convince the target to click a link or download a document.
Thankfully there are several repositories available online with templates and pretext ideas that are ready to go:
The following details a template that I've used previously. The landing page was a link to the employee login where after credentials were entered where once I successfully landed a phish I could access the employee portal and attempt credential stuffing throughout the environment.
<html>
<head>
<title></title>
</head>
<body>
<div align="center"><img
[SNIP]
<p><font face="Verdana">Dear {{.Email}}, </font></p>
<p><font face="Verdana"><font face="Verdana">You've received a package! Your company has enrolled you in Your Package Pickup to simplify the mailroom process and get your package to you fast!</font></font></p>
<p><font face="Verdana"><font face="Verdana">The details of your package are as follows:</font></font></p>
<p><font face="Verdana"><font face="Verdana"><strong>Type</strong>: Parcel<br />
<strong>Carrier</strong>: Fed Ex<br />
<strong>Tracking Number</strong>: 231300687629630<br />
<strong>Method</strong>: 2-Day Express Saver<br />
<strong>Origin</strong>: Cincinnati, OH</font></font></p>
<p><font face="Verdana"><font face="Verdana">TO get started, you'll need to log into your account. It only takes a minute to get going - you can use your corporate e-mail credentials to log in.</font></font></p>
<p><font face="Verdana"><font face="Verdana">Set up your account now!<br />
Your Username: {{.Email}}<br />
<a href="{{.URL}}">https://www.yourpackagepickup.com/pickup</a></font></font></p>
<p><br />
<font face="Verdana"><font face="Verdana">Once you've set up your account online, you'll select how you'd like to receive your package. It's really that easy!</font></font></p>
<p><font face="Verdana"><font face="Verdana">Let us know if you have any issues with your shipment at {{.URL}}.</font></font></p>
<p><br />
<font face="Verdana"><font face="Verdana">Best, <br />
Your Package Pickup Care Team<br />
[email protected]</font></font></p>
<p><br />
<font face="Verdana"><font face="Verdana">Copyright 2019 YourPackagePickup. All rights reserved.<br />
</font></font></p>
<p><font face="Verdana">{{.Tracker}}</font></p>
</body>
</html>