Phishing Template Library: Localization and Import/Export

Marcus Chen··7 min read
Editing a localized phishing email template

A phishing simulation is only as realistic as the email that lands in the inbox. If the template looks nothing like the lures your employees actually encounter, the training value diminishes sharply - people are being tested on a fiction rather than a credible threat. empowsec's phishing template library is built around reusability, multilingual delivery, and the kind of operational flexibility that lets security teams, resellers, and MSPs maintain a high-quality template inventory without duplicating effort.

This article covers how the template library works, how localization ensures every employee sees the lure in their own language, and how import/export makes templates shareable and version-controlled.

Reusable Templates at the Core of Every Campaign

Every phishing simulation campaign in empowsec draws on a library of reusable phishing email templates. Rather than writing a new email for every campaign, security teams build and refine a set of templates once and then deploy them repeatedly across different recipient groups, departments, or time periods. Reuse is deliberate: it keeps quality high because you invest in polishing a template once rather than producing disposable content under time pressure.

Templates are managed by admins, giving the organization's security team control over what scenarios are available for campaigns. This matters because the credibility of a simulation depends on careful template design - the sender name, the pretext, the call to action, and the linked landing page all need to work together to create a believable scenario. Templates pair with simulated landing pages, so the full phishing flow from email to fake login form is contained within the template ecosystem.

Per-Language Translations for Every Recipient

The most important design decision in the empowsec template library is that each template can carry translations for multiple languages. This is not a cosmetic feature - it is fundamental to running realistic simulations in any organization where employees work in more than one language.

Consider what happens without multilingual support. An organization with English-speaking, German-speaking, and French-speaking employees either runs separate campaigns for each language group, maintains duplicate templates for each language, or sends everyone the same English email and calls it a test. None of these approaches is sustainable, and the last one actively undermines realism.

With empowsec's translation model, a single template definition carries the subject line, sender details, and email body in as many languages as you need. When a campaign runs, each recipient receives the version in their own language - for example an English-speaking employee gets the English lure and a German-speaking colleague gets the German version of the same scenario. The tracking, landing page, and remediation follow-up all work identically regardless of which language was served.

This approach also reduces maintenance overhead significantly. When a lure scenario needs updating, you update one template and all its language variants stay together. There is no risk of the English version drifting out of sync with the German version because they live in the same record.

app.empowsec.com / phishing / templates
1
IT Helpdesk - Mailbox Quota Warning
Last used: 14 May 2026 - paired with credential-harvest landing page
English
2
HR: Urgent - Payroll Update Required
Last used: 2 Jun 2026 - 2 languages
English
3
DocuSign: Signature Pending
Last used: 28 May 2026 - 2 languages
English
The template gallery lists each lure with its language variants and last-used date.

Admin and Reseller Template Management

Template access is role-aware in empowsec. Company admins manage the template library for their organization, deciding which scenarios are active and what landing pages are paired with each one. Resellers, however, have an additional capability: they can maintain their own custom phishing templates that are separate from the standard library. This is particularly valuable for MSPs who manage many client companies and want to build a curated, branded set of lure scenarios that reflect the actual threat landscape their clients face.

A reseller's custom templates can be deployed across any of the companies they manage, giving them a shared asset that raises quality consistently rather than requiring each client organization to build its own template inventory from scratch. This is one of the ways empowsec makes operating a security awareness program at scale, across dozens or hundreds of client organizations, operationally manageable.

Template editor
Manage language variants for this template.
EnglishDeutsch
Subject lineAction required: verify your account
Sender nameIT Support
Landing pageCredential harvest - generic login
The template editor shows language tabs (English active, Deutsch) and key fields for each locale variant.

Import and Export for Sharing, Review, and Version Control

Templates in empowsec can be imported and exported as JSON, both individually and in bulk. This capability addresses a practical need that becomes apparent as soon as you are managing templates seriously rather than just dabbling: template quality requires review cycles, and template libraries benefit from version control.

The JSON export format means a security team can pull their entire template library out of empowsec, review it in a text editor or a diff tool, track changes in a Git repository, and import an updated version when the review is complete. This workflow is familiar to any team that already treats configuration as code, and it ensures that changes to templates are deliberate and auditable rather than ad-hoc edits that are difficult to trace.

Bulk import is equally useful for getting started. An organization migrating from another platform, or a reseller setting up a new client company with a predefined scenario library, can import a prepared set of templates in one operation rather than recreating them by hand. Single-template import and export also supports sharing specific scenarios between teams or organizations, for example passing a particularly effective executive-impersonation lure to a peer who wants to add it to their own library.

The combination of a well-structured JSON format and bulk operations means that managing even a large template inventory does not require excessive manual effort. Templates become assets that can be versioned, shared, reviewed, and maintained with the same discipline you would apply to any other piece of security content.

Tip
Export your template library to JSON after each quarterly review. Store it in version control to track which scenarios were active at any given point - useful for audit trails and incident analysis.

Templates and Per-Recipient Tracking

Each template in empowsec works with the platform's per-recipient tracking system. Every simulated email generated from a template carries a unique tracked link and a tracking pixel for that recipient. This means that opens, clicks, form submissions, replies, and reports are all attributed accurately to individuals, not aggregated at the campaign level only. The template is the creative vehicle; the tracking infrastructure ensures the resulting data is precise enough to be useful.

When a recipient interacts with a simulated email, the template they received is part of the event record. This lets you analyze not just who clicked, but which scenario caught them. Over multiple campaigns you build a picture of which lure types are most effective against specific departments or roles, which informs both template selection for future campaigns and the content of remedial training for those who were caught.

What This Means for Your Team

  • A reusable template library lets you invest in quality once and deploy it repeatedly, rather than creating disposable content campaign by campaign.
  • Per-language translations within each template ensure every employee receives the simulation in their own language, making the test genuinely realistic.
  • Admin and reseller management gives the right people control over which scenarios are available, while MSPs benefit from a shared custom library across all their clients.
  • JSON import/export for single templates and bulk libraries supports review workflows, version control, and sharing between organizations.
  • Per-recipient tracking ties directly to templates, so you know not just who was caught but which scenario was effective - intelligence that improves both future campaigns and remedial training.
Share: