Understanding Injected Fields

This article explains injected fields, how they are used in phishing simulations, and the value they provide to the learning experience of clicking a phish!

What are injected fields?
What value do injected fields add?
What injected fields are available to use?
How are injected fields populated?

What are injected fields, and how are they used?

Injected fields essentially act as placeholders for user-specific or contextual values that you want to be "injected" into the simulated phishing templates delivered to end users as the result of a phishing campaign.

For example, if end-user John Smith is sent a simulated phishing template from Phin that includes the sentence "Hi {% raw %}{{FIRST_NAME}} {{LAST_NAME}}, please click the link below to see your service request.", what the end-user would see is an email that reads "Hi John Smith, please click the link below to see your service request."

📌 Injected field placeholders don't have to match anything specific to work, but when they do (such as using {{FIRST_NAME}} to pull in a user's first name), it helps tie together the expectation of what the end-user will experience when the simulated phishing email is rendered in their email inbox.

Why don't the placeholders have to be specific to work?
The values that are "injected" into injected fields are determined by which user-specific or contextual values are connected to the injected fields when the template is built and uploaded to the Phin platform in the Template Builder.

What value do injected fields add to phishing campaigns?

Emails that land in your inbox with gibberish for preview text, generic addressing such as Dear Sir or Dear Madam, and body content that contains little to no contextual information are likely to be reported, as they should. However, today's cybercriminals have more personal data at their disposal, whether stolen from legitimate company databases or purchased on the dark web, and they are using this personal information to craft emails that are more convincing to fall victim to than ever.

Injected fields add significant value because they allow our partners to deploy phishing campaigns that recreate the experience of receiving a phishing email that utilizes stolen information and social engineering tactics such as pretexting.

🔎 Injected fields help companies bridge the gap from delivering outdated phishing simulations to personalized simulations; ones that help keep end-users aware of today's more advanced phishing tactics.

List of Injected Fields by Type & Value

Below is a list of injected fields, each field's value, and a rendered example of each field. For demo purposes, let's say our end-user is John Smith. We have access to his user fields from Azure, such as job title, office location, and manager email, via the Phin Azure Sync.

User-Specific Injected Fields

Employee ID:
Your employee ID, {{EMPLOYEE_ID}}, is not listed in our system.
Your employee ID, e342553, is not listed in our system.

First Name:
Hi {{FIRST_NAME}}, are you able to open the attached file?
Hi John, are you able to open the attached file?

Last Name:
Dear Mr. {{LAST_NAME}}, are you available for a quick chat?
Dear Mr. Smith, are you available for a quick chat?

Email:
Please confirm your email is {{EMAIL}} by clicking the button below.
Please confirm your email is john@demoemail.com by clicking the button below.

Job Title: (Default Value Available)
Hi {{FIRST}}, would you be open to talking about your current position as a {{JOB_TITLE}}?
Hi John, would you be open to talking about your current position as a Software Developer?

Department Name / Department ID: (Default Value Available)
{{DEPARTMENT_NAME}} - {{DEPARTMENT_ID}}, needs to provide bank info to HR by EOD.
Software - S40T68, needs to provide bank info to HR by EOD.

Supervisor Name: (Default Value Available)
Your manager, {{SUPERVISOR_NAME}}, is requesting information for payroll.
Your manager, Bob Thomas, is requesting information for payroll.

Supervisor Email: (Default Value Available)
This email was sent to you at the request of your systems admin, {{SUPERVISOR_EMAIL}}.
This email was sent to you at the request of your systems admin, bobthomas@demoemail.com.

Office Phone:
You have a digital voicemail attachment associated with the #{{OFFICE_PHONE}}.
You have a digital voicemail attachment associated with the #302-555-1234.

Office Location: (Default Value Available)
A package was not delivered to {{OFFICE_LOCATION}}. Click to reschedule.
A package was not delivered to 1234 Demo St, Newark, DE. Click to reschedule.

Mobile Phone:
Please confirm that the best number to contact you is {{MOBILE_PHONE}}.
Please confirm that the best number to contact you is 302-555-4321.

Company Name: (Default Value Available)
Please see the linked invoice pertaining to services rendered for {{COMPANY_NAME}}.
Please see the linked invoice pertaining to services rendered for Demo Incorporated.

Mail Nickname:
You have digital mail addressed to {{MAIL_NICKNAME}}. See attached.
You have digital mail addressed to John. See attached.

Sign in Sessions Valid From Date Time:
{{SIGN_IN_SESSIONS_VALID_FROM_DATE_TIME}}
10/6/2024, 2:07 PM

Employee Type:
You are listed as {{EMPLOYEE_TYPE}} in our HR system.
You are listed as employee in our HR system.

Last Password Change Date Time:
You changed your password at {{LAST_PASSWORD_CHANGE_DATE_TIME}}.
You changed your password at 10/7/2024, 2:52 PM.

Preferred Language:
To change you're preferred language choice of {{PREFERRED_LANGUAGE}}, click here.
To change you're preferred language choice of english, click here.

Contextual Injected Fields

For context to time and date fields, this article was written at 10:03 AM on 10/11/2024.

Current Time:
Your confirmation link was sent at {{CURRENT_TIME}} and will expire soon.
Your confirmation link was sent at 10:03 AM and will expire soon.

Current Short Date:
Today, {{CURRENT_SHORT_DATE}}, is the last day to apply for an extension.
Today, 10/11/2024, is the last day to apply for an extension.

Current Huge Date:
Today, {{CURRENT_SHORT_DATE}}, is the last day to apply for an extension.
Today, Friday, October 11, 2024, is the last day to apply for an extension.

Past Time/Past Short Date:
We noticed a suspicious transaction at {{PAST_TIME}}, {{PAST_SHORT_DATE}}.
We noticed a suspicious transaction at 9:07 AM, 10/09/2024.

The past time and past date fields render random times and dates in the past 7 days before the simulated phishing email is sent to the user.

Past Huge Date:
We noticed a suspicious transaction on {{PAST_HUGE_DATE}}.
We noticed a suspicious transaction on Wednesday, October 9, 2024.

Future Time/Future Short Date:
The following link will expire at {{FUTURE_TIME}} on {{FUTURE_SHORT_DATE}}.
The following link will expire at 12:00 PM on 10/13/2024.

Future time and future date fields render random times and dates in the next 7 days from the time the simulated phishing email is sent to the user.

Future Huge Date:
The following link will expire on {{FUTURE_HUGE_DATE}}.
The following link will expire on Sunday, October 13, 2024.

Where are the values for User Fields pulled from?

Every end-user (employees receiving training or phishing simulations) has a "user profile" if you will. Users can be uploaded manually or via the Phin Azure Sync integration. Once users are uploaded, their metadata or "user field" values can be viewed by navigating to "Users" in the side navigation. Clicking on the icon under the "Actions" column aligned with the user you want to view or edit will open up that user's profile.

Users uploaded manually via a CSV or added individually using the "Add User" tool can still have their user profiles edited.
Users uploaded via the Phin Azure Sync integration can not be edited in the Phin App and must be modified via the source in your Azure instance.