Skip to main content
All CollectionsuPhishPhishing Attachments
Creating a phishing email attachment
Creating a phishing email attachment

Learn how to create a phishing email attachment for your uPhish simulations.

Anna Cunningham avatar
Written by Anna Cunningham
Updated over a week ago

In this article you will learn how to create an attachment for a phishing email simulation and where to upload it to your chosen email template.

Do I need to create my own attachment?

You are not required to create your own attachment for phishing attachment simulations.

When creating a phishing simulation in uPhish, if you have selected an attack type that includes an attachment, you can select an email that already comes with an attachment from the Template Library or alternatively you can create your own attachment.

How do I create my own attachment?

If you would like to create your own attachment, the creation of an attachment for uPhish simulations would need to be done outside of the app and the attachment would need to be in Microsoft Word .docx format, as this is currently the format that uPhish supports for attachments.

As long as the attachment is saved in the compatible format (.docx), you have free rein on what your attachment looks like, allowing the creation of an attachment that mimics typical documents sent within your organisation.

How do I upload my attachment to uPhish?

Once you have chosen an attachment attack type, and chosen/created your email, at the ‘Configure’ stage of the Create Simulation process you will be able to upload your attachment.

If you have chosen a pre-built email template from the Template Library, you can also remove the pre-built attachment and upload your own.

If you remove the pre-built attachment by mistake, you can just click on the Reset to Template Default button, and the pre-built attachment will be restored back to the email template.

Does my attachment need a link?

If you have chosen the attack type Attachment Open, your custom attachment does not need a link, as the compromise will be triggered when the user opens the attachment.

If you have chosen the attack type Attachment Open + Landing Page, your custom attachment will need to have a link to the landing page for a compromise to be triggered.

The Create Simulation set-up wizard will not prompt you to add a link in your custom attachment if you have uploaded a file without a link in it.

What URL can I use for the link in my custom attachment?

You can use any link in your custom .docx attachment. When the simulation is sent out, the URL you have inserted will be overwritten to link to your chosen landing page.

Next steps

Did this answer your question?