To customize the phishing email and include personalized elements, click Duplicate on any scenario card in the scenario library.

After completing the scenario details step, click Continue.

Arsen phishing-scenario creation screen showing scenario name, language, difficulty, and highlighted “Continue” button.

1 – Objectives

Adapt a phishing email to your organization
Insert dynamic elements using tokens
Identify and highlight Red Flags in the training page
Edit the HTML code for advanced customization

2 – Prerequisites

Admin permissions to edit scenarios
A duplicated scenario with details already completed

3 – Edit the email’s general settings

3.1 – Open the HTML Builder

Click the HTML Builder section to open the editor

Arsen phishing email editor showing the “Microsoft 2FA Enforcement” template with preview and sender settings.

3.2 – Edit the main fields

Customize the following:

Sender’s name
Sender’s email
Email subject

3.3 – Configure the sender domain

Select a sending domain from the dropdown

Arsen email editor with sending-domain dropdown opened, displaying available phishing domains.

To add a custom sending domain:

Go to Settings
Open Phishing Domains
Click + Add New Phishing Domain

Arsen Phishing Domains page showing the active domains list and the highlighted “Add New Phishing Domain” button.

4 – Use Red Flags

4.1 – Enable or disable a Red Flag

Check a Red Flag box to mark the field as suspicious
Uncheck it if no warning is needed

Arsen email settings with Red Flag indicators turned on for suspicious ele

4.2 – Display Red Flags in the training page

Checked fields will appear highlighted in red in the Just-in-Time Training page
To customize the explanatory message, go to Settings → Just-in-Time Training Page

⚠️ Warning
Red Flags appear only in training campaigns.
For details on the difference between training and assessment campaigns, click here.

5 – Edit the email body

5.1 – Use the visual editor

In the editor, you can:

Modify or add text
Adjust typography and formatting

Arsen email editor showing a selected text block from the “Microsoft 2FA Enforcement” template with formatting toolbar visible.

5.2 – Insert dynamic tokens

Click the { } dropdown to insert dynamic merge fields.

Arsen merge-field dropdown showing Target and Organization token categories

Available tokens

Token	Example	Description
`{{ target.firstname }}`	John	Recipient’s first name
`{{ target.lastname }}`	Doe	Recipient’s last name
`{{ target.email }}`	john.doe@arsen.co	Recipient’s email
`{{ organization.name }}`	Arsen	Organization name
`{{ organization.domain }}`	arsen.co	Organization domain
`{{ toImage(organization.logo.url) }}`	`<img src="..."/>`	Organization logo
`{{ toImage(organization.logo.url, { heigth:100, width:100 }) }}`	`<img … />`	Resized logo
`{{ organization.logo.url }}`	URL	Logo URL
`{{ campaign.phishingUrl }}`	https://…	Phishing link
`{{ toImage(phishing.qrCode.url) }}`	QR image	Phishing QR code
`{{ target.phone }}`	+336…	Recipient's phone
`{{ formatDate(now, 'short') }}`	04/10/2022	Short date
`{{ formatDate(now, 'medium') }}`	04 Oct. 2022	Medium date
`{{ formatDate(now, 'long') }}`	Friday, 14 October 2022	Long date
`{{ formatDate(now, 'time') }}`	14:56	Current time

Attack-vector tokens

Phishing link: {{ campaign.phishingUrl }}
Phishing QR code: {{ toImage(phishing.qrCode.url) }}

5.3 – Edit the HTML code

Click < > Source to edit the HTML directly
Useful for layout, custom styles, and advanced components

Arsen HTML source editor showing the full raw HTML of a phishing email.

5.4 – Add images

Upload an image from your computer

Arsen email editor showing the image-upload button used to insert images into the phishing template.

Allow Automatic Image Download in Received Emails

Scenarios Library

Editing the Landing Page

Editing an AI-Generated Scenario

Editing a Phishing Email