Generating and deploying phishing templates

What is claimed is: 1 . A system for generating and deploying phishing templates, the system comprising: one or more memories; and one or more processors, communicatively coupled to the one or more memories, configured to: receive a set of email messages that are associated with a set of users and that are associated with an indication of legitimacy; perform clustering on the set of email messages to identify a subset of similar email messages from the set of email messages and a subset of users from the set of users that are associated with the subset of similar email messages; generate, for the subset of users, an email template based on the subset of similar email messages; incorporate, into the email template, at least one indicator of phishing; generate, from the email template, a test email message addressed to at least one user in the subset of users and based on at least one email message in the subset of similar email messages; transmit the test email message to the at least one user; receive an indication of one or more interactions with the test email message; and transmit a report based on the indication of the one or more interactions. 2 . The system of claim 1 , wherein the indication of legitimacy is associated with junk or spam. 3 . The system of claim 1 , wherein the one or more processors, to generate the email template, are configured to perform at least one of: determining a logo to include in the email template; generating a subject line for the email template; or determining a layout for a body of the email template. 4 . The system of claim 1 , wherein the one or more processors, to generate the test email message, are configured to perform at least one of: inserting content into a subject line of the test email message based on at least one email message, in the subset of similar email messages, associated with the at least one user; or inserting content into a body of the test email message based on the at least one email message associated with the at least one user. 5 . The system of claim 1 , wherein the one or more processors are configured to: update a trust score, associated with a sender, based on the indication of the one or more interactions. 6 . The system of claim 1 , wherein the one or more interactions include opening the test email message, discarding the test email message, accessing a resource that is hyperlinked in the test email message, or replying to the test email message. 7 . The system of claim 1 , wherein the at least one indicator of phishing includes a suspicious hyperlink, a suspicious sender, or a suspicious phone number. 8 . The system of claim 1 , wherein the one or more processors, to transmit the report, are configured to perform at least one of: transmitting the report to the at least one user; or transmitting the report to an administrator associated with the set of email messages. 9 . A method of generating and deploying phishing templates, comprising: receiving a set of email messages that are associated with a set of users; performing clustering on the set of email messages to identify a subset of similar email messages from the set of email messages and a subset of users from the set of users that are associated with the subset of similar email messages; generating, for the subset of users, an email template based on the subset of similar email messages; incorporating, into the email template, at least one indicator of phishing; generating, from the email template, a test email message addressed to at least one user in the subset of users; transmitting the test email message to the at least one user; receiving an indication of one or more interactions with the test email message; and updating a policy associated with the set of users based on the indication of the one or more interactions. 10 . The method of claim 9 , further comprising: applying a machine learning model to the subset of similar email messages, wherein the email template is generated using output from the machine learning model. 11 . The method of claim 9 , wherein performing the clustering on the set of email messages comprises: applying a machine learning algorithm to map the set of email messages to a plurality of clusters based on linguistic similarities, wherein the subset of similar email messages is included in a single cluster of the plurality of clusters. 12 . The method of claim 9 , wherein updating the policy comprises at least one of: blocking a sender associated with the test email message; or applying a label to future email messages from a sender associated with the test email message. 13 . The method of claim 9 , wherein the set of email messages are associated with an indication of legitimacy. 14 . The method of claim 9 , further comprising: updating a trust score based on the indication of the one or more interactions, wherein the policy is updated based on the updated trust score. 15 . A non-transitory computer-readable medium storing a set of instructions for generating and deploying phishing templates, the set of instructions comprising: one or more instructions that, when executed by one or more processors of a device, cause the device to: receive an email template, associated with a set of users, that was generated based on a set of email messages associated with an indication of legitimacy and that includes at least one indicator of phishing; generate, from the email template, a test email message addressed to at least one user in the set of users; transmit the test email message to the at least one user; receive an indication of one or more interactions with the test email message; and transmit a report based on the indication of the one or more interactions. 16 . The non-transitory computer-readable medium of claim 15 , wherein the one or more instructions, when executed, cause the device to: select a training, from a plurality of possible trainings, based on the indication of the one or more interactions; and transmit a message, to the at least one user, indicating the selected training. 17 . The non-transitory computer-readable medium of claim 15 , wherein the one or more instructions, when executed, cause the device to: determine a category for the one or more interactions, wherein the report indicates the category for the one or more interactions. 18 . The non-transitory computer-readable medium of claim 15 , wherein the one or more instructions, that cause the device to generate the test email message, cause the device to: extract a phrase from a recent email message, in the set of email messages, associated with the at least one user; and insert the phrase into a body of the test email message. 19 . The non-transitory computer-readable medium of claim 15 , wherein the one or more instructions, that cause the device to generate the test email message, cause the device to: select a phase, from a plurality of possible phrases, to include in the test email message, based on a recent email, in the set of email messages, associated with the at least one user. 20 . The non-transitory computer-readable medium of claim 15 , wherein the one or more instructions, when executed, cause the device to: generate, from the email template, an additional test email message addressed to at least one additional user in the set of users; transmit the additional test email message to the at least one additional user; receive an additional indication of one