Manage your phishing template library
Browse stock phishing templates, customize them for your org, save reusable variants, and prune the customs you no longer need.
The Template Library at /org/phishing/library is the catalog of
phishing emails you can send through Hook. It mixes stock templates
that ship with the product (curated and shared across all orgs) and
custom templates that belong only to your organization. Reach for
stock templates when you want a quick, well-tested simulation; reach
for customs when you want a stock template tweaked to match your brand,
your industry, or a specific lure your team has seen.
Browse and preview
The library opens to a paged grid of template cards. Each card shows the template name, a one-line description, Difficulty (Easy / Medium / Hard) and Category badges, lifetime usage and click rate, and a small Custom badge when the template belongs to your org.
From the left nav, go to Phishing, then click Template Library in the sub-nav. The page header reads Browse and preview phishing simulation templates.
Use the left filter sidebar to narrow the list. Type into Search to match on name, description, or tags. Click any Category — Financial, Technical, Executive, Seasonal, Social, Company, Logistics, Security — to filter. Tick Custom templates only to hide stock content and see just your org's library.
Use the Sort dropdown above the grid (Alphabetical or Newest) to reorder. The result count next to the dropdown updates as filters change.
On any card, click Preview for a quick-look modal with the sender,
subject, and rendered email body. From the modal, click View Full
Template to open the detail page at /org/phishing/library/<id>,
which adds Email / Training Page tabs, Images and Dark
mode toggles, and a sidebar of metadata.
Screenshot pending
[Template Library page with the filter sidebar (Search + Category list + Custom templates only checkbox) and the card grid showing difficulty/category badges and the Preview / Customize / Use Template buttons.]
Duplicate and edit a template
You can't edit stock templates directly — they're shared across all orgs. Duplicate & Edit copies a stock template into your org's custom library and drops you straight into the editor.
Open the template's detail page and click Duplicate & Edit in the right sidebar. The same flow lives behind the Customize button on any stock card in the library grid.
You land on the editor at /org/phishing/library/<id>/edit with the
copied content pre-filled. The form column on the left exposes
Template name, Subject, From name, From email
(local-part input plus a domain dropdown limited to your org's
allow-listed sending domains), Reply-to, and a rich-text Body
editor. The right column shows a live preview that updates as you
type.
Adjust whatever you need. Subject is required (capped at 998
characters); the sender's local part accepts only
A–Z, 0–9, ., _, %, +, and -; the domain must come from
the dropdown.
Click Send test to me to drop the current draft into your own inbox (rate-limited per hour). When you're satisfied, click Save. A Template saved toast confirms, and you land back on the library list with the new Custom badge on the row.
Screenshot pending
[Template editor at /org/phishing/library/<id>/edit with the Subject, From name, From email (local part + domain dropdown), Reply-to, and Body fields on the left and the live preview on the right.]
Use a template in a campaign
Both the library grid and the detail page expose a Use Template
button (sometimes labelled Use in Campaign, same action). Clicking
it opens the campaign wizard at
/org/phishing/campaign?templateId=<id> with the template
pre-selected on step 3, so you only fill in name, timing, and
targeting. For the full wizard walkthrough, see
Run a phishing campaign.
Delete a custom template
You can only delete templates your org owns — stock templates have no Delete button at all. Deletes are scoped to your org and don't affect campaigns that already shipped using the template.
Open the custom template's detail page. The right sidebar shows Edit and a red-tinted Delete button (instead of the Duplicate & Edit button you'd see on a stock template).
Click Delete. A confirmation dialog appears with the message Delete custom template? This will remove "<name>" from your library. Active campaigns already using the template will not be affected. This action cannot be undone. Click Delete to confirm or Cancel to back out.
Check usage before deleting
The detail header shows lifetime usage. Deleting doesn't recall in-flight emails or break running campaigns, but you lose the template as a starting point for the next variant. Duplicate it first if you might want it back.
What good custom templates look like
Lures should feel realistic without being sneaky — match a tone, sender pattern, or workflow your users actually see, but don't impersonate a specific real coworker or weaponize an active incident. Rotate at least two or three custom templates per quarter so the same recognizable subject line doesn't train muscle memory.
Common pitfalls
- The From email domain dropdown isn't free-form. You can only send from your org's allow-listed phishing domains. If the one you want isn't there, ask your CSM or Hook admin to add it before you save — otherwise the campaign delivers from a domain your users won't recognize.
- Custom templates aren't editable from inside the campaign wizard. If you select an existing custom template on step 3 of the wizard, the Edit for this campaign button is disabled. Edit the custom template here in the library first, then start the wizard.
Related
Run a phishing campaign
The four-step wizard from naming through launch, plus how to save one-off template edits as customs.
Read the executive summary report
Make sense of KPIs, risk score, and recommended training after a campaign closes.
Concepts
How phishing simulations, training, and reporting fit together in Hook.