An e-Fax Phishing Scam with a trackable PDF File [Video]

Check whether and how many users download a supposed E-fax in PDF format and open it if necessary.

At the turn of the millennium, many companies banned the physical fax machine from the offices and instead introduced fax servers with mail functions. Since then, the number of fax messages sent has fallen almost to zero. Such seldom-used business functions are a popular attack vector for cybercriminals. The eFax attack template with integrated, traceable PDF file is one of the most popular scenarios of the LUCY Cyber Prevention Server. We show in a short video how to configure a phishing campaign and how to track the file download.

This campaign can be carried out with any version of LUCY, including the free Community Edition. The process is completely harmless and no confidential data will be sent to third parties.

Why does the scenario use a landing page for the ‘fax’? This is due to the fact that a PDF does not have a function that allows tracking as long as the end customer does not use a vulnerable PDF reader. The only way to track whether a PDF has been downloaded is to embed the file in a web page.

Further highlights of the LUCY software

  • In addition to phishing tests, the solution also allows comprehensive training of employees with many templates.
  • Local and cloud installation possible
  • LUCY’s Phishing Alarm Button allows easy notification in case of suspicion.
  • The Incident Console in LUCY automatically calculates an Email Risk Score and informs the end user about the risk potential of the reported message.
  • Prefabricated malware simulations show you to what extent an attack on your network would be successfulThe malware simulation also provides tips on how to fix any weak points.
  • You always remain in control of your data, no information is transmitted to third parties!
  • Complies with GDPR


or download LUCY here.


Phishing Campaigns done in one minute

In One Minute to your own Phishing Simulation – Predefined Campaign Template Feature [Video]

It’s the easiest and fastest way to a phishing simulation. Free for everyone! There is no more efficient way to set up a phishing test than with LUCY Server. Even in its simplest form, the easily created campaign meets GDPR’s data protection requirements.

In one minute to your own phishing simulation. This is how “Educational Social Engineering” is fun. Professionals also use the “Predefined Campaign Template” functionality to create a phishing scenario. Within less than a minute an attack can be launched, sent and monitored! See yourself how easy it is to work with the LUCY cyber prevention software!

In addition to phishing tests, the solution also allows comprehensive training of employees with many templates.

What the Antiphishing Software can do

More highlights:

  • LUCY’s Phishing Alarm Button allows easy notification in case of suspicion.
  • The Incident Console in LUCY automatically calculates an Email Risk Score and informs the end user about the damage potential of the reported message.
  • Prefabricated malware simulations show you to what extent an attack on your network would be successful
  • The malware simulation also provides tips on how to fix any weak points.
  • You always remain in control of your data, no information is transmitted to third parties!




We wish all our users a wonderful Christmas time and thank you for your loyalty! And what’s 4690?

This year was dedicated to the Threat Analyzer, the LUCY Risk Score and the Phishing Button: We started into 2017 with LUCY 3.2. Five major releases later we have even a more mature product, with a global customer base. Even the Gartner Group has already taken note of us this year, see here !

Content, content and again (training) content: We listen to our customers. More videos, shorter videos, tests and exams are becoming more and more important. That’s why we have started to provide shorter video clips and there are now also tests for the learning content. We will continue to expand this area in 2018!

What’s 4690? This is the number of  active LUCY instances in the world today, we find it incredible! We thank you for your trust and we will do our utmost to ensure that LUCY remains the best cyber prevention and employee awareness product! Be curious about LUCY 4.0: -)

Phish yourself, Train yourself, Hack and Assess yourself!

Have a great time and see you again in 2018 – Oliver and Palo from LUCY Security


It is a GDPR compliant IT Security Awareness solution

GDPR is met: LUCY is the most secure IT security awareness system!

GDPR is no problem for LUCY and its customers. The LUCY server is secure and the customer data is protected, the personal data can also be kept anonymous.

GDPR places high demands on the providers of anti-phishing solutions. Security has always been a top priority at LUCY Phishing Server. The design decision to offer a locally installable standard product despite the cloud hype was clearly due to the security needs of many customers.

Also secure cloud solution – Since LUCY server is heavily automized, it is not an issue to run thousands of separated cloud instances. Each LUCY Cloud instance is a private server to which only the customer has access and where the data is as secure as if you were in a protected corporate network. Because

->Data storage is encrypted
->LUCY supports the complete anonymization of personal data
->Each installation is a closed system and belongs to the customer.

Extended security mechanisms – For the individual protection of a LUCY server, extended security mechanisms can be set up and used for system protection:

  • Restricted network-based access to LUCY
  • Secure and restricted user access
  • Safe setup of LUCY in a DMZ or SSZ
  • Secure (and anonymous) storage of data
  • Secure communication channels
  • Transparent network communication
  • Secure Remote Support
  • Regular updates of the application and operating system
  • Custom Admin URL for Administrator GUIs
  • Ability to monitor all system activities
  • And the ability to monitor the system in real time

and LUCY’s cloud servers are located in ISO27001 certified data centers. More information about security can be found in our wiki:

LUCY has no problems with GDPR and data security – it is the safest cybersecurity awareness solution!

Secure employee awareness training with LUCY Server: employee training, phishing simulations, self-executable infrastructure asessements and efficient alerting with the phishing alarm button. Dozens of templates and many training videos are included! The software is compliant to GDPR data privacy laws.

Configuration and Usage of the LUCY Phishing Button for Outlook [Video]

Simply and reliably report phishing attempts during operation. And all at a great price!

The LUCY webcast “How to install, configure and use the LUCY Phishing Incident Plugin” for MS-Outlook briefly shows the following steps:

  1. Configuration of the’ Phishing Button’.
  2. Download and installation of the feature in Outlook (c)
  3. Usage: A phishing simulation mail is reported using the plugin
  4. Short insight into the LUCY Threat Console and the calculation of the LUCY Risk Score.

The Phish button works under MS-Windows / Microsoft-Outlook (32 and 64 BIT). The add-in also runs under MS-Outlook for Apple Mac and Office 365 (c) is also supported. Availability and Costs: The basic functionality of the alarm button is already available with the cheapest commercial version UNLIMITED. You can install the button as often as you want with STARTER Edition.

Availability and costs: The basic functionality of the alarm button is available with the basic commercial edition. You can install the button as often as you want with the’ Starter Edition’ (unlimited!).

1) Configuration of the’ Phishing Button’.

Log in to LUCY and go to the menu item “Incidents” and then click the button Settings –> Plugin Settings.

  • There you can maintain the “e-mail recipient” (where the e-mails are to be sent when the end user clicks on the button).
  • The “Thank You Message” contains the text that is returned after the user has clicked the button.
  • The “Thank You Message for LUCY Emails” is the message that comes up when the user submits an email using the Phish-Alarm button, in the case he’s submitting a LUCY Phishing Simulation Email Message.
  • With “Button Message” you enter the text that is shown on the button itself.
  • And Subject: It’s the subject line with which the messages are received by the administrator.

When selecting the transmission methods, the following options are available for selection (multiple answers possible)

  • Submission via HTTP (transmission via email)
  • Submission via SMTP (transmission via email)
  • “Use SMTP for receiving incident reports on Lucy “: Check this option if you want the Outlook Plugin to send a copy of the reported phishing mail to LUCY (into the Incident Console). The mails from phishing simulations are filtered out.
  • “Use smtp for receiving incident reports on LUCY” – If this option is enabled, LUCY Server assumes that the server needs to intercept the emails sent by the plug-in (add-in) via SMTP. The local LUCY Postfix server is configured accordingly. All received emails are added to the Incident Console. If you do not enable this, even if the email points to Lucy, nothing happens – the server does not wait for messages via SMTP.

2) Download and installation of the feature in Outlook

The plugin can be downloaded directly from the Incident console. To do this, a *. msi installation file is created when you click on it. If changes are made in the configuration of the button, the *. msi file has to be downloaded and installed again!

3) Use: A phishing simulation mail is reported using the plugin

When the user submits a LUCY phishing email, he is immediately informed in Outlook that the user has reported a phishing simulation email. This frees the administrator from the triage between’ simulated phishing mails’ and’ real external mails’.

4)  LUCY Threat Console &  the calculation of the LUCY Risk Score.

From the LUCY “Business Edition” onwards, the’ LUCY Email Risk Factor/Score’ is available. Here, risk scores for the mails submitted are calculated with the help of 4 different rule sets:

  1. Rules for header analysis
  2. Rules for Sender Domain Analysis
  3. Rules for the analysis of message content (body)
  4. Own, individual rules

This results in a score of 1-10. That’s it 🙂 We wish you a lot of fun with LUCY Server!


Simple awareness training content is often really efficient!

Maintain Attention with simple and efficient One-Pager IT Security Awareness Content

Simple and short awareness campaigns with LUCY are often sufficient to maintain employees’ awareness of Internet risks.

Today we present two employee awareness templates available in LUCY Server: the LUCY “PDF-Infoflyer” and the template for “One Pager Phishing Awareness (responsive)”. Both templates allow the provision of a simple but effective repertory for email security.

awareness onepager content against cybercrime are effectivePDF Infoflyer: A pager phishing awareness flyer (PDF) is embedded in a static awareness campaign website (or any other site). The corresponding Word template can be reloaded and edited. Afterwards the document can be saved as info. pdf and uploaded back to the LUCY server.

One Pager Phishing Awareness (Responsive, for Smartphones & Co.): This is a static single page phishing awareness HTML template. It works with a minimum resolution of 360 pixels.



Use LUCY as Cyber Swiss Army Knife : See the features

LUCY is the Cyber Swiss Army Knife

LUCY Server is the digital Swiss Army knife for a more relaxed attitude towards cybercrime and for smarter employees!

Digital Swiss Army Knife by LUCY: Features from LUCY Server shown on the Swiss Army Knife Tool


Awareness Training: Dozens of templates for rapid creation of training campaigns. Short and long videos, quiz programs, competitions, static pages / leaflets and even games are available! Benefit directly from our many years of experience and benefit from the tried and tested learning content included with LUCY. There are no additional costs!

Phishing Simulations: Test your employees with realistic Internet attacks. Only practice maintains vigilance against Internet threats. Use over 70 different attack templates to do this. Multilingualism is guaranteed at LUCY, for phishing templates and also for educational awareness content.

Spear Phishing: No other product allows such a targeted, highly individualized and personalized user approach as LUCY Server. Whaling or Spear Phishing is really easy with the product.

USB-based attack simulations: Create social engineering campaigns for USB, DVD or CD discs. Measure the success rates both within and outside the corporate network.

Engagement: The “Phish button”, automated Risk Analyzer with integrated e-mail risk score and the Risk Mitigator support your employees and relieve your IT team. The Phish button is suitable for companies of any size and is available for different platforms like Microsoft Outlook(c), Office365(c), etc.

Reporting: Sophisticated and very easy to create reports. Have the system automatically generate reports on the campaigns. Compare different campaigns with each other or display trends from running simulations. The various real-time cockpits provide detailed insights and statistical data on the campaigns.

SIEM-Hole: Test your infrastructure with the Malware Simulation Toolkit. Check with the integrated agents of the malware simulation whether your SOC team or other monitoring systems turn on the red lights when such a malware simulation is active. This is really a great feature of our digital Swiss Army Knife!

Malware Simulation: Emulate e. g. a Ransomware or types of malware.

API: The sophisticated interfaces allow the LUCY server to be integrated into larger infrastructures. Automated phishing, reporting and awareness training are just as much possible as the transfer of any data.

Swiss quality and reliability: As a Swiss company, it is important to us that we offer a great solution and comply with the European data protection regulations. From the very beginning, LUCY respects the rights of users and also allows a COMPLETELY ANONYMIZED EXECUTION of phishing campaigns.

LUCY is the digital Swiss Army Knife!

Not interested in a demo? Download the software here instead!

Longer and shorter videos for employee awareness education (and trackable)

Trackable educational IT security awareness videos with various durations from LUCY Security are included in all commercial editions of its Software.

Longer Videos for initial trainings and short videos for skilled workers! LUCY Security is aware that customers have individual needs. That’s why LUCY Best Practice Training Videos for employee education are rolled out in a long and in a short version. Today we present two recently added videos:

  • Secure Internet Usage Video (Long / Short)
  • Secure Social Media Usage Video (Long / Short)

Secure Social Media Usage Video: The content (animation, language, script) is customizable. The long video takes 5.4 Minutes and the short version is only one minute long.

In the second featured rich media training we talk about secure internet usage. Also here the content (animation, language, script) is customizable. The long version is 4.3 Minutes and the short one is one Minute long.

Video Statistics available

Who watched how long? These awareness training templates provide statisticial insights. They are reported in the dashboards as well in the campaign reporting.

State of Internet Crime Banner

State of Cyber Attacks 2018 – A big Overview about Cybercrime [Infographic]

Phishing, Trojans, Ransomware and Viruses: Hardly a day goes by without hacker attacks against companies or private individuals.  This huge LUCY Infographic shows the explosion of internet crime



State of Cyber Crime 2018 – Numbers in detail


  • In the United States by Internet crime caused damage in 2001:17.8 million USD.
  • In the United States by Internet crime caused damage in 2016: 1.45 billion USD.


The most frequently attacked applications are the browser and Android devices with a total of 75 %.

Number of infected devices by selected malicious programs:

  • IloveYou” (2000): 50 million
  • “Sasser” (2004): 1 million
  • “Storm” (2007): 10 million
  • “Conficker” (2009): 2.9 million


  • Number of all detected malware by 2005: 1.7 million
  • Number of all detected malware by 2017: 600 million


Budget of Microsoft’s bounty fund to seize malware programmers: 5 million


Distribution of attacks on Windows by malware type in 2016:

  • Viruses 49,2 Precedent
  • Trojan generally 30.3 percent
  • Worms 11.5 percent
  • Scripts 4.32 percent
  • Backdoors 0.87 percent
  • Ransomware 0.87 percent


Strength of a DDoS attack of the malware Mirai of 2016: 620 Gbit / s

Daily new malicious programs: 390,000


The computer worm MyDoom holds the record for the fastest spreading rate to date, it was in every twelfth e-mail in 2004, slowing down the world’s Internet access by 10 percent.


Estimated number of civilian Red Hacker Alliance in China: 100,000


  • Malware detection rate Windows devices: 77.22%
  • Malware detection rate for Android devices: 5.83%


52 percent of all malicious programs are distributed via “.com” domains

The smallest virus family to date is called “Mini” or “Trivial” and is, in some variants, only 13 byte (big)

Booty generated by tthe Ransomware WannaCry: 70,000 Dollars

Paid ransom by a South Korean Web Hoster in June 2016 after a Ransomware attack: 1 million US dollars

Share of Ransomware victims who pay ransom but do not retain access to their data: 20 percent


Average amount victims are willing to pay after a Ransomware attack by Country

  • Great Britain 568 USD
  • Denmark 446 USD
  • USA 350 USD
  • Germany 227 USD
  • France 203 USD


Globally registered phishing attacks 2016: 1.22 million

Globally registered phishing attacks 2015: 0.43 million


Phishing simulation campaigns sent by the LUCY server by S1 / 2017 for training purposes: 7200

43% of spear phishing attacks target small businesses

Small businesses lose an average of $41,000 per cyber security incident

Social Engineering like Phishing are key to successful cybercrime. Of the bad guys…

  • 3% try to exploit a technical flaw
  • 97% try to trick a user with some social engineering scheme
  • 91% of cyberattacks and the resulting data breach begin with a spear phishing email

Global ransomware damage 2015: 325,000,000 USD (345 M)
Global ransomware damage 2017: 5,000,000,000 USD ( 5B)


Connected devices infected with malware, top 3 countries:

  1. China 47%
  2. Turkey 43%
  3. Taiwan 39%


Top 5 countries in Q2 / 17 sending spam mails:

  1. Vietnam 12.4%
  2. USA 10.1%
  3. China 9%
  4. India 8.8%
  5. Germany 5.1%

Top 5 countries in Q2 / 17 receiving spam mails

  1. Germany 12.7%
  2. China 12.1%
  3. Russia 9.1%
  4. Japan 5.87%
  5. Russia 5.67%


Sources: BitDefender,, Kaspersky Lab Report 2017, LUCY Security, Symantec ISTR 2016, 2016 Phishme Enterprise Phishing Susceptability and Resiliency Report, Cybersecurity Ventures Ransomware Damage Report 2017

This information contained herein has been obtained from sources believed to be reliable. LUCY Security disclaims all warranties as to the accuracy, completenesss or adequacy of such information. LUCY Security shall have no liablility for errors, omissions or inadequacies in the information contained herein or for the interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results.

LUCY Security remains innovative and grows in Asia and South America

  • Deutsche Bahn is a major new customer of renown. This proves that customers of all sizes can benefit from the product’s new efficiency potential
  • With the Chilean Pentest SPA, LUCY Security was able to win a very renowned partner in South America. The company offers its services far beyond national borders.
  • In India, LUCY Server is already very popular. Indian company Irisk Assurance is now the first partner on the subcontinent
  • The current version of LUCY V3.7 has a lot of new functionality for the automated analysis of suspicious emails by the user.

ZURICH (06.11.2017) The Equifax Databreach in the United States and the wave of phishing attacks on the largest Swiss email portal at the end of October clearly show the technical, organizational and personnel weaknesses of today’s security arrangements.  It is therefore not surprising that the Swiss provider of cyber prevention products LUCY Security continues to grow rapidly and internationally. In recent months, Chilean and Indian partner companies have been trained and certified to handle the product LUCY Server. The customer portfolio is also growing internationally and Deutsche Bahn has gained a reference that is known far beyond the German border. Deutsche Bahn can also benefit from the new and comprehensive interface capabilities of LUCY V 3.7.


LUCY-Security is a Swiss company with customers in over 50 countries. The product, LUCY-Server, enables companies to run themselves realistic cyberattack simulations for test purposes since the beginning of 2015. At the same time, tailored security awareness programs and early warning systems can be used to increase cyber-security for employees. The LUCY server also carries out cyber-prevention for the first time in the form of a standardized product that is affordable for everyone. In addition, customers also have the opportunity to test and improve their IT security without specialist knowledge.

We are happy about the indian summer hat-trick: First of all, we have found a partner in Pentest SPA, who was missing in South Merica. The company is highly qualified and well known in the market. The team has built up an astonishing amount of know-how about our LUCY server in the last few months. This will finally allow Spanish speaking customers to have access to local support, which in our experience is an important success factor for South American business. Secondly, there is our new Asian partner Irisk Assurance, with whom we have been working for a long time. Now we were able to complete the cooperation with a certification. Customers in India and the Middle East will thus also have a competent contact partner in the region. And thirdly, we are very pleased that „DB“ has chosen our product and that we can also publicly name this top-class reference customer with a consignment character,”says LUCY founder Oliver Münchow.

Among all the ‘Best of Breed tools’, LUCY stands out with its products features and flexibility. From pre-defined, re-configurable phishing email templates that allow for detailed statistics at the user level, to high quality employee awareness modules, LUCY has a wide repertoire of everything needed to perform successful phishing simulations. LUCY is incredibly flexible and can be used on-premise or from the cloud“, says Bala R.  Managing Director and CEO, Irisk Assurance.

For more information, especially about the new product features of LUCY V 3.7, please contact palo (a t)  lucysecurity-dot-com and ask for Oliver Münchow or Palo Stacho.  LUCY Phishing GmbH, Seestrasse 13 | CH-8800 Thalwil, Switzerland | +41793017810


About LUCY Security:

The LUCY Phishing Awareness Training Server is used to simulate social engineering attacks and it’s universally applicable from SMEs up to large enterprises. The product can be installed directly at the customer’s site, with a cloud variant equally being offered. The Swiss solution provides dozens of preconfigured phishing templates and training modules, which can be independently used, by the end user.

The “Phishing Incident Plugin” for Microsoft Outlook also gives the user the possibility to quickly alert an attack. In this case, the security team is relieved of their work, by the automated threat analysis. The product has over 3900 installations in more than 50 countries and has hundreds of paying customers in more than 20 countries. Certified Eco-System Partners in 14 countries offer additional value-added services based on LUCY Server.

There is a free community edition, which is suitable for SMEs with up to 50 employees. The commercial versions start at 680 USD, while the unlimited editions are available as from 3’400 USD.

CONTACT: Palo Stacho,  + 41 79 301 78 10, palo (a t) lucysecurity (do t) com | LUCY Phishing GmbH, Seestrasse 13, 8800 Thalwil, Switzerland