Welcome to our monthly series featuring 5 Phishing Simulation Templates brought to you by our Wizer Phishing team.
Creating a successful phishing simulation can be arduous and time-consuming, as it requires finding phishing simulation email examples that accurately imitate real-world scenarios while avoiding repetition. So, we did the work for you.
Let’s imagine we’re working away, and an email arrives from FedEx, saying they were unable to deliver a package. We weren’t expecting a package… but our mind will briefly run about to check it hasn’t forgotten anything! And what might creep in is doubt - can you be sure someone hasn’t sent you something you don’t know about? Is it merch from a vendor? Could this be the wrist support I asked HR for? Well… It could be.
And that’s what scammers want to trigger, curiosity. They want you to investigate and find out more which will usually be through clicking on a link or contained within an attachment.
Now let’s tweak the scenario a little. We placed an order a week ago that said 4 days for delivery, so it’s late. We’re busy, but do have ‘contact seller’ on our to-do list so we can follow up. THEN.. a FedEx email arrives, saying they were unable to deliver a package. Ah! That explains it. Or more accurately, that gives us a perfect explanation to a story we have in our head, that needs a happy ending.
And this is why delivery failure notices make great phishing simulation templates. They can be used to highlight how our likelihood to fall for a scam isn’t constant. The stories we have in our day-to-day lives can hugely affect how we react. While scammers know that some people will not fall for it, they also know if they send enough out, they will get lucky, and find enough stories to finish with their own ending.
It’s no surprise that money is extremely attractive to cyber criminals, it’s hard to think of any activities they are involved in where the end goal isn’t financial gain. So they’re always very keen to get a foot in the door as close to where money moves as possible - making finance and accounts departments very attractive targets.
It’s important your simulated phishing templates can help train your colleagues about what form threats could take because the stakes are too high to be left to chance. The email above might look very simple, but it’s easy to miss all the ingredients that feature within it.
First, there is the use of authority - it’s from a C-level executive. Then the subject line mentions a bank that’s been in the headlines over recent weeks, SVB. To add to that, it states “Urgent”.
In the body of the email the tone stresses for urgency yet again and reinforces why it’s important - because some of our customers use SVB. Then there’s a direct request to please read about the new processes. As a good employee it would be in our nature to want to know how they might affect what we do as accounts professionals.
Note - Before using this type of simulation we recommend speaking to the CFO, or whoever you choose to impersonate for this type of template to ensure transparency and communication. You should always be mindful that to build a strong security culture comes with the responsibility of anticipating how those you might want to impersonate would feel about being included. As an alternative, you may wish to send it from a more generic sender title.
Educate your employees how to identify and avoid phishing attacks with Wizer Boost.
It’s easy to go along with something when we aren’t an expert in it. This is why some people can feel uneasy at an auto-repair shop, they’re trusting the problems that they’re alerted to are genuine and the risks of ignoring them are accurate.
And scammers are well versed in using authority to get us to go along with their underhand plans, and authority as an IT expert is a common identity for them to adopt. It's understandable, there are endless reasons someone might need to hand over information to an expert to keep us up and running. Updates, slow connections, infringements, restrictions, account trouble… a lot of these can also be weaved into a story where it makes sense we’ve not seen evidence of the problem.
IT Support related phishing templates are a vital part of any phishing simulation, as it’s one of the most direct steps a scammer can take to compromise a machine. It allows an organization to highlight their processes, and detail what information employees won’t be asked to provide, over email or over the phone.
Phishing simulations should educate and be a fire drill for threats our colleagues could face, if not right now, then in the near future. Cyber criminals are extremely quick to recognize when a new trend emerges that gives them a way to get noticed - and ChatGPT is gathering more attention, and excitement, by the second.
As a phishing simulation topic it is designed to not replicate an exact threat that’s out there right now. Rather, it’s aim is to introduce the likely threat preemptively, to educate how social engineers will try and weaponize the hype around this fascinating emerging technology.
That's it for this month's phishing template ideas - looking for more ideas for phishing templates? Check out February's edition of Top 5 Must-Know Phishing Simulation Templates
One other idea before you go is to use these images in your awareness campaign as examples to educate - Download PDF here
And check back next month for more!
Ready to launch your next phishing campaign? Register now for a free 10-day trial of Wizer Boost to explore all of Wizer’s Phishing Simulation Templates and Phishing Exercises.