Manage your phishing template library
Browse stock phishing templates, customize them for your org, save reusable variants, and prune the customs you no longer need.
The Template Library at /org/phishing/library is the catalog of
phishing emails you can send through Hook. It mixes stock templates
that ship with the product (curated and shared across all orgs) and
custom templates that belong only to your organization. Reach for
stock templates when you want a quick, well-tested simulation; reach
for customs when you want a stock template tweaked to match your brand,
your industry, or a specific lure your team has seen.
Browse and preview
The library opens to a paged grid of template cards. Each card shows the template name, a one-line description, category badges, lifetime usage, and the Preview, Customize, and Use Template actions. Custom templates carry a small Custom badge when the template belongs to your org.
From the left nav, go to Phishing, then click Template Library in the sub-nav. The page header reads Browse and preview phishing simulation templates.
Use the filter bar to narrow the list. Type into Search to match on name, description, or tags. Use the Category, Level, Industry, and Psychological Triggers filters to refine the catalog. Tick Custom only to hide stock content and see just your org's library.
Use the Sort dropdown above the grid (Alphabetical or Newest) to reorder. The result count next to the dropdown updates as filters change.
On any card, click Preview for a quick-look modal with the sender,
subject, and rendered email body. From the modal, click View Full
Template to open the detail page at /org/phishing/library/<id>,
which adds Email / Training Page tabs, Images and Dark
mode toggles, and a sidebar of metadata.

Duplicate and edit a template
You can't edit stock templates directly — they're shared across all orgs. Duplicate & Edit copies a stock template into your org's custom library and drops you straight into the editor.
Open the template's detail page and click Duplicate & Edit in the right sidebar. The same flow lives behind the Customize button on any stock card in the library grid.
You land on the editor at /org/phishing/library/<id>/edit with the
copied content pre-filled. The form column on the left exposes
Template name, Subject, From name, From email
(local-part input plus a domain dropdown limited to your org's
allow-listed sending domains), Reply-to, and a rich-text Body
editor. The right column shows a live preview that updates as you
type.
Adjust whatever you need. Subject is required (capped at 998
characters); the sender's local part accepts only
A–Z, 0–9, ., _, %, +, and -; the domain must come from
the dropdown.
Click Send test to me to drop the current draft into your own inbox (rate-limited per hour). When you're satisfied, click Save. A Template saved toast confirms, and you land back on the library list with the new Custom badge on the row.

Use a template in a campaign
Both the library grid and the detail page expose a Use Template
button (sometimes labelled Use in Campaign, same action). Clicking
it opens the campaign wizard at
/org/phishing/campaign?templateId=<id> with the template
pre-selected on step 3, so you only fill in name, timing, and
targeting. For the full wizard walkthrough, see
Run a phishing campaign.
Delete a custom template
You can only delete templates your org owns — stock templates have no Delete button at all. Deletes are scoped to your org and don't affect campaigns that already shipped using the template.
Open the custom template's detail page. The right sidebar shows Edit and a red-tinted Delete button (instead of the Duplicate & Edit button you'd see on a stock template).
Click Delete. A confirmation dialog appears with the message Delete custom template? This will remove "<name>" from your library. Active campaigns already using the template will not be affected. This action cannot be undone. Click Delete to confirm or Cancel to back out.
Check usage before deleting
The detail header shows lifetime usage. Deleting doesn't recall in-flight emails or break running campaigns, but you lose the template as a starting point for the next variant. Duplicate it first if you might want it back.
What good custom templates look like
Lures should feel realistic without being sneaky — match a tone, sender pattern, or workflow your users actually see, but don't impersonate a specific real coworker or weaponize an active incident. Rotate at least two or three custom templates per quarter so the same recognizable subject line doesn't train muscle memory.
Common pitfalls
- The From email domain dropdown isn't free-form. You can only send from your org's allow-listed phishing domains. If the one you want isn't there, ask your CSM or Hook admin to add it before you save — otherwise the campaign delivers from a domain your users won't recognize.
- Custom templates aren't editable from inside the campaign wizard. If you select an existing custom template on step 3 of the wizard, the Edit for this campaign button is disabled. Edit the custom template here in the library first, then start the wizard.
Related
Run a phishing campaign
The four-step wizard from naming through launch, plus how to save one-off template edits as customs.
Read the executive summary report
Make sense of KPIs, risk score, and recommended training after a campaign closes.
Concepts
How phishing simulations, training, and reporting fit together in Hook.
Monitor a live phishing campaign
Read the campaign detail page — engagement stats, delivery details, the enrolled-users table — and know when to refresh versus when stats are degraded.
Safelist Hook's sending domains and IPs
Give your IT or mail team the sender domains and sending IPs they must allowlist so phishing simulations reach inboxes instead of being filtered.