Chapter 5.2: Phishing Kits

BullPhish ID allows you to create your own custom phishing email through an easy-to-use kit creation system. In this article, you can learn how to create a phishing kit step-by-step.   

On the Phishing Kits page, you will see a list of pre-made phishing kits provided by BullPhish ID. This list is frequently updated by the BullPhish development team and features a variety of kits for most industries. 

Create New Kit

To create a new kit, follow the below steps:

1. Log into your BullPhish ID Portal.

2. Navigate to your left-side menu and select Phishing Kits under Phishing Simulation.

3. Click Create New Kit.

4. Once you click the Create New Kit, the page will take you to Create Kit, where you can begin creating your own kits.

Generally, phishing kits contain the following Phishing Kit Components:

• Kit information
• Email template information
• A landing page
• Phishing template
• Sending a profile to simulate a phishing event to your targeted group. 

Kit Information: In the Kit Information section, enter the title of the Phishing Kit, the language it will be in, the pre-existing landing page, and the sending profile the targeted user will see where it was sent from. You can also enter optional fields like active, pin, existing template, and attachments if you want to.

Important: You can view the Existing Template and Email Template Information once you select a Language from the Kit Information section. With the help of existing template functionality, you can create a template from a blank HTML field or select a pre-made template to edit the form.

Landing Page

A landing page is an HTML file that mimics a legitimate login form often used by phishing scams to retrieve information. Once a data submission button is clicked, the action is recorded, and the user is taken to a screen that displays a video educating the user on the dangers of phishing. However, users have no access to edit the landing page.

Sent From (Sending Profile)

Sending profiles are available for sending phishing campaigns. The email address from which your campaign will be sent. Click the dropdown to check the available sending profiles.

If you do not want to use existing sending profiles, you can create your own sending/domain profiles using the custom domain feature. To learn more, check out the below articles.

• Note: Sending profile should have a verified domain.
• Reference articles:
  • How to create Sending Profile?
  • Custom Domains Configuration Guide

Existing Template:

You can create a template from a blank HTML field or select a pre-made template to edit the form.

A template is an HTML file mimicking a legitimate email sent by a trusted entity or organization. It contains a {{.URL}} HTML token that automatically links to the target landing page, which is included in a kit. You can create a template from a blank HTML field or select a pre-made template to edit the form.

Option 1: Create a phishing kit with a new email template.

1. To create a new email template, click the No toggle button from the Existing Template. 
2. You can create a template from a blank HTML field. Required mandatory fields:
   • Name: Provide the email template name.
   • Email Title users will see: Define email subject line as the headline of an email, the copy that appears in a recipient’s email inbox. 
3. Once you enter your email template information, click Save or Preview & Save.

Note: You can add a list of variables, such as names, hyperlinks, images, tables, simple buttons, etc., to your email templates. 

Option 2: Create a custom kit using an existing email template. 

1. If you wish to use the Existing Template, choose Yes.
2. Once you select Yes, you can see a dropdown box with a list of existing templates.
3. Select one of the existing templates.
4. Once a language has been selected, the Existing Template field will appear. From the Existing Template field, (1) select Yes, (2) followed by clicking the drop-down and choosing an existing template that best suits your phishing kit. For example, "Template_3ebay_suspicious_activity."

Click here to learn more about How to edit an existing email template in Phishing Kit.

5. Go to the Email Template Information section to edit or add hyperlinks to the specified email template. 

Place the cursor on the page where you want to add the content or the body of the HTML Email Template and highlight a text that will take your targets to the selected landing page. 

• Click the Link icon on the Formatting Controls ribbon.
  • Ensure the Link Type is a URL.
  • Select <other> from the Protocol drop-down; enter the {{.URL}} on the pop-up dialog box. 
    • Please note a template is an HTML file mimicking a legitimate email sent by a trusted entity or organization. It contains a {{.URL}} HTML token automatically links to the target landing page, which is included in a kit; do not add any additional information to this HTML token.

      Landing Page: A landing page is an HTML file that mimics a legitimate login form that is often used by actual phishing scams to retrieve information. Once a data submission button is clicked, the action is recorded, and the user is taken to a screen that displays a video educating the user on the dangers of phishing.

      •  
  • Click OK to save the link.

• Recommend clicking Preview & Save.

Note: The changes you make here will not overwrite the existing template but save it as a copy.

Once you have finished configuring your email settings, you can preview the email.

5. Click Save to apply changes.

Email Preview page

As soon as you click Save, you can create a campaign with the new kit. Click Yes will take you to the Create Phishing Simulation page.

You can view your created phishing kit on the Phishing Kits page.

Click to view all your available Phishing Kits under the Phishing Simulations dropdown. To view the content on your list, you can sort the content under the header columns. The following category briefs you on the Phishing Kits page icon functionalities.

You can click the thumbtack icon to pin a kit for easy access. Select a kit's name under the Kit Title column to view a kit's contents.

Once you click the View icon, the page will redirect you to the specific kit landing page.

This is a hot icon; if you check this filter icon, only hot kits will be displayed on the screen. This feature shows the hot kits for two weeks from the date of selection. Additionally, you can fetch kits by applying the Only hot filter. 

You can edit the kit using the edit icon (pencil icon).

 Select the kit that you want to update and click the edit icon. 

Once you click edit, you will see the statistics table columns: Open Rate, Click Rate, Submit Data Rate, and Last Updated.  

Open Rate - Open rate column displays how many targets have opened emails with phishing kits (counts/total emails sent).
Click rate - The click rate column displays how many targets clicked the phishing email link (counts/total email sent).
Submit Data Rate - Submit Date Rate column displays how many targets filled data on the phishing website and submitted it (counts/total email sent). 

All rates are calculated if a specific target's current state is the last of the action. In case when you open an email, click on the link in the email and submit data - this case is calculated only as Submit Data rate. 

Last update – Displays the last updated date of kit configuration. Changing some data into an email or phishing template, changing the name or set kit as Hot, etc., is updating this field. 

After updating the kit, click save. 

Additional Information

Additionally, you can select a simulated attachment consisting of a file name and type. This attachment will be displayed in the email, and in case the target tries to download this file target will be redirected to the phishing page. 

Related Articles:

Check out the below articles for more information on:

How do I use Filters functionality?

How do I use Customize Columns?