By Ariz Soriano

The Purpose of Artificial Intelligence (AI) in Email Pretexting

Creating effective email pretexts has always been one of the more challenging aspects of red team operations. It’s more than just writing— It’s crafting a message that feels authentic, resonates with the target, and seamlessly integrates into the scenario you’re building. Achieving the right balance of realism and creativity often takes time and effort.

 Artificial Intelligence (AI) is a valuable enabler, enhancing the human touch by automating repetitive tasks, providing fresh ideas, and maintaining template consistency. For instance, AI can replicate the tone and structure of corporate emails or quickly generate visually polished templates with embedded elements like QR codes or clickable buttons.

 Using AI for email pretexting enables red teams to work smarter, not harder. This is especially crucial when deadlines are tight and the scope of the engagement is broad. The following sections highlight practical scenarios where AI can support more impactful and scalable email campaigns.

Scenario-based Emails with AI

Several use cases were explored to assess the effectiveness of AI in crafting email pretexts. These examples were tested using the ChatGPT-4o model, highlighting AI’s practical applications in red team operations.

Generating Corporate-Style Templates

During testing, AI was used to replicate professional tone and design typical of corporate emails. This proved particularly effective when creating pretexts that needed to mimic internal communications, such as HR announcements or IT support messages. 

Scenarios include:

      • A fake HR email requesting employees to review a new policy document.
      • An IT notification asking for account verification to resolve a system issue.

The following prompt was used to test the capabilities of AI in generating a corporate-style email template based on the scenario:

“Let’s create a corporate-style email template using the following scenario: An IT notification asking for account verification to resolve a system issue. Ensure that the CSS inside the HTML code is inline and there should be an action button or a link where the recipients can click. Beautify the code and make sure to make it look like a realistic email template.”

The resulting email template included the following:

      • A header with the subject of the notification, styled to catch the recipient’s attention.
      • A body text that explained the reason for the notification clearly and concisely, maintaining a formal tone.
      • An actionable button linking to the verification process is designed to stand out while matching the corporate theme.
      • A footer with security tips and IT support contact details to build credibility and provide additional guidance.
Figure 1: As shown above, the result provided a strong foundation for the email template, leaving only the need to customize and adapt it with themes and content specifically aligned to the target recipient.
Embedding QR Codes for Multifunctional Pretexts

The next test explored AI’s ability to generate email templates that include QR codes for user interaction. This is particularly useful in scenarios requiring quick action or added engagement. For example:

      • Event invitations requiring RSVP via a QR code scan.
      • Fake customer surveys offering incentives for scanning and completing a form.

To test this capability, the following prompt was used:

“Create a professional email template for an event invitation. The email should include inline CSS, a visually appealing design, and a QR code, stored as a PNG file inline in an image element that users can scan to RSVP. For the QR code value, let’s put a link to https://google.com for testing. Ensure the template is suitable for corporate use.”

The resulting email template was incomplete, as the QR code was represented by a placeholder rather than being generated directly by the AI.

Figure 2: This template demonstrates the limitation of the initial output, where the QR code is represented by a placeholder rather than an embedded, scannable image

The output initially included a placeholder instead of a functional QR code.

Figure 3: Example of an incomplete QR code email template with a missing image.

The prompt was refined to provide clearer instructions for the AI to generate a QR code and embed it directly into the email template, ensuring the output includes a functional QR code rather than a placeholder. Below is the adjusted AI prompt used to regenerate the template.

“Create a professional email template for an event invitation. The email should include inline CSS, a visually appealing design, and a QR code, stored as a PNG file inline in an image element that users can scan to RSVP. For the QR code value, let’s put a link to https://google.com for testing. Generate a QR code first and store it in a base64 string before placing it in the inline image element. Ensure the template is suitable for corporate use.”

As shown in the result below, the QR code was successfully generated and the value stored in it is accurate.

Figure 4: The QR code was successfully generated and the value stored in it is accurate.

As demonstrated, the QR code was successfully generated and embedded into the email template, with the correct value encoded. This highlights the capability of AI to seamlessly integrate QR codes within professional email designs. The next step involves tailoring the template further customizing its content, visuals, and tone to align with the preferences and needs of the specific target audience, ensuring maximum engagement and relevance.

Mimicking Templates from Screenshots or Images

The final test focused on AI’s ability to analyze screenshots or images of authentic communications and replicate them as email templates. A popular use case involved mimicking a DocuSign-style email template to demonstrate how realistic phishing simulations could be achieved. This proved particularly valuable for creating templates that closely matched real-world designs such as corporate or vendor templates, saving significant time while maintaining design fidelity. The following example showcases the target image, and the prompt used to guide the AI:

Figure 5: This is the image the AI was asked to replicate based on the prompt below.

“Can you copy the image and create an email template written in HTML? Ensure that the CSS is stored inline and the actual colours used in the image are accurate.”

Below is the resulting email template generated by AI.

Figure 6: The template showed only a loose resemblance to the original image

As shown above, the recreated template does not exactly match the original image and bears only a slight resemblance. Further prompt refinements will help achieve a closer match and improve accuracy.

“Please replicate the provided image as an email template written in HTML. Ensure the CSS is stored inline, and carefully matches the font styles, colors, and sizes of all elements, including buttons, text, and backgrounds. Follow these guidelines:

      • Use a functional and accurate logo, accessible and consistent with the original image.
      • Limit the white box to include only the DocuSign review document button and sender details. Place the additional footnotes outside the white box.
      • Match all colors in the design precisely.
      • Align the white box and the footer with the rest of the template, ensuring consistent spacing and formatting.

         

Ensure the result adheres to these details for accuracy.”

Below is the updated email template generated by AI.

Figure 7: The AI-generated layout is a solid starting point but lacks full design precision. Manual refinements are still needed to achieve a close match to the original.

The generated template was not fully accurate and will require manual adjustments to closely match the provided image. However, the AI engine successfully produced a starting point, making the process of refining and customizing the template much more efficient.

Challenges of Using AI in Email Template Creation

While AI has proven to be a powerful tool for creating email templates, it is not without its challenges. Understanding these limitations is crucial for effectively leveraging AI in such tasks:

AI Needs Proper Guidance Through Prompts

AI-generated outputs heavily depend on the clarity and precision of the prompts provided. Vague prompts often result in suboptimal outputs, requiring users to refine and iterate on their prompts multiple times to achieve the desired outcome. Crafting the perfect prompt is often an iterative process in itself, requiring time and effort.

Manual Adjustments Are Still Necessary

While AI can create a solid foundation, the final output often requires manual intervention to fine-tune and adjust details. Elements such as layout alignment, color accuracy, and exact font matching frequently need to be refined manually to meet the intended specifications. AI simplifies the process but does not eliminate the need for human oversight.

AI Can Misinterpret Complex Instructions

AI can misinterpret complex or layered instructions, leading to outputs that miss key requirements. For instance, when tasked with reproducing intricate designs or balancing multiple formatting rules, the AI might overlook certain elements or prioritize others incorrectly. This limitation highlights the need for careful verification and adjustments.

Conclusion

AI has demonstrated real value in streamlining tasks such as email template creation, offering a significant time-saving advantage. It provides an excellent starting point for projects, reducing the manual effort involved in building templates from scratch. However, its effectiveness is tied to the clarity of user inputs, and achieving a perfect result often requires manual intervention.

As AI advances, its ability to manage complex tasks will continue to improve. For now, it serves as a valuable assistant, complementing human creativity and precision to deliver high-quality results. By understanding its challenges and working around its limitations, users can maximize the potential of AI for their projects.

About THEOS Cyber

THEOS Cyber is a trusted cybersecurity services provider for organizations across the Asia-Pacific region. We specialize in digital forensics and incident response (DFIR), managed threat detection and response (MTDR), and offensive security. Our teams support regulated industries with expert-led services that deliver clarity, speed, and results. Learn more at theos-cyber.com.

About THEOS Cyber Offensive Security

Offensive security at THEOS Cyber simulates real-world adversaries to expose blind spots before attackers do. From penetration testing to red teaming, we help you uncover weaknesses and validate your ability to detect and respond.