Best Practices for Using Template Difficulty Ratings
Each template within our System Templates has a difficulty rating assigned to it. This is measured based on the content of the email and estimates how easy it will be for your users to detect that the email is a phishing email.
You can use these difficulty ratings in a number of different ways. For example, following Security Awareness Training, you can start with one or two star difficulty rating templates to "ramp up" your users' ability to detect the red flags of social engineering and prepare them for more difficult (four to five star difficulty rating) tests.
System Templates sorted by Difficulty Rating
How can I use templates based on difficulty ratings?
When setting up your phishing campaign, you can limit the campaign to only include templates with specific difficulty ratings you want to use. We recommend that you choose multiple template categories to increase the variety of templates that you are phishing your users with before doing so.
We also recommend ramping your users up with easier templates at first and increasing difficulty as they become better and better at successfully identifying these emails as phishing emails.
Modifying Difficulty Rating when Creating Phishing Campaign
How do you rate your templates?
Our templates are rated on a basic scale of one to five stars. We use a number of different factors to figure how to rate each template, such as grammar, spelling, punctuation, use of targeted user information (for example, templates utilizing placeholders for the end-user such as first and last name), or visuals (use of logos/overall design).
- 1-2 Stars: An example of an email rated at this level may have lots of spelling errors or misuse of punctuation.
- 3 Stars: An example of an email rated at this level may include a logo from a company it is trying to spoof, but may obviously misspell the spoofed company's email address and have no other targeted user information that would relate to the user.
- 4-5 Stars: Emails rated at this level are designed to appear more authentic, with very few red flags for the user to spot. They may utilize targeted user information. An example of this style of email could be a well-crafted internal style message, such as from HR or IT from your domain.
You can also rate any templates you design yourself, using the Difficulty Rating drop-down within our WYSIWYG editor.