download-stats-of-a-phishing-cammpaign-with-file-but-no-sucess-lucy-antiphishing-server

Phishing Reports: How to read and analyze Stats of a Ransomware Simulation or a File based Phishing Attack

How do you read the results of a Phishing Campaign containing an file attachment or even of a Ransomware Simulation? A hands-on example explains how to get campaign insights and how to read LUCY Phishing Reports.

The initial situation and the question

You prepared a file based phishing scenario. The attachement is a word file containing a ‘malicious’ macro. And now you want to track the results.

Say you sent 50 messages, 20 were clicked (good campaign!), vou got 2 file downloads and 1 user activated the macros.

The Question: How can you list the users who downloaded the file, but didn’t activate the macros? For example you’re should have a list of 2 users somewhere for this but you can’t find it.

The Answers: Analyzing the Phishing Reports

1. Who downloaded the File and who did activate the macros? You can see who clicked, and who executed the file (success) in CSV for example (here’s an example of mixed scenario with macro) and the success condition set to “Data Submit”. As you can see it’s only the last user who downloaded AND executed the file has a ‘success entry’. The user who only accessed the file has only a success entry at link click (column ‘clicked):

Who clicked on the File Link? Who even activated the Word Macro in the File - Analyzing Campaign Reports generated by LUCY Anti-Phishing Server

2. Download summaries are visible in overall stats:

Summary Report on the amount of people who downloaded a attachement from a LUCY Phishing Simulation / Attack

3. See in detail how downloaded what and how was the success: But if you want to see in detail who downloaded a file you can sort the phishing report list by a variable that only appears if the user accessed the webpage (e.g. plugins) and then you can see in the details if the user downloaded the file and executed the file (= The check mark at “Successful Attack”)…

details if the user downloaded the file and executed the file. This is a success event of a file based phishing simulation

…or only accessed the link, downloaded the file, but did not execute the file (no success check mark):

A user downloaded the file but he didn't activate the word macro. This means that this particular phishing attack was not successful. Success Checkmark is empty - Antiphishing Simulation with LUCY Server

5. Alternative: Analyze transmitted Data back to LUCY – Another possibility to track only users who executed the simulation is to actually see under “Collected Data”. Such an event when a user is clicking a link/file is reported back to LUCY: 

When a user clicks on a link or a file, this information is send back to LUCY Phishing Server and is available for further analysis under the Menu "Collected Data"

Happy Reporting with LUCY Anti-Phishing and Awareness Training Server!

LUCY is Winner of the Cyber Security Excellence Awards 2017 - Category Awareness Platform

Yes! – LUCY won it’s Second Award!

After the Info Security Products Guide Gold Winner 2016 we won our second price! LUCY got the “Cybersecurity Excellence Award 2017” in the category “Awareness Platform”. We’re proud of it!

cybersecurity_awards_winner-108x150

We’ve been white hackers and IT-security auditors for 20 years. At this time, we were rather reserved in the communication to the outside. It took time for us to open up to the public. But as brand new product developers we had to do so and it helped us to participate in competitions!

So, we are looking forward to seeing more prices in the future.

LUCY rocks!

Phishing Campaigns with hundred of thousands of users - Robert Bosch is a LUCY Customer

Phishing Campaigns with up to 300,000 recipients – Robert Bosch LLC is a LUCY Customer

Robert Bosch is a LUCY Anti-Phishing Software CustomerRobert Bosch  – “Bosch” is one of LUCY Security’s first big corporate customers. Thanks to its support, the LUCY Anti Phishing and Awareness Training Server was able to develop rapidly.

Their Enterprise Security Team is using LUCY since early 2016. Since then they have conducted various campaigns with up to 300,000 users and in more than 10 different languages. They also started to use the new function of “portable media phishing” (USB) recently.

The company did choose LUCY because of its excellent price / performance ratio and due to the fact that Bosch can run LUCY  Anti-Phishing Server as a local installation (on-Premise). So they can ensure that no sensitive data from employees leaves the company. That’s also why the Enterprise Security Team obtained quickly the approval from the works council, since they convincingly could demonstrate that no employee monitoring is being done. The company uses LUCY in a global, corporate scale and implements specific, custom made Security Awareness Trainings and Phishing Scenarios. LUCY as a product helps very much maintaining and developing this specific content.

“I can say that LUCY is a very efficient tool for my team, for creating awareness amongst our employees and it meets all our requirements!” – Patrick Zeller – Senior Manager Enterprise Security, Robert Bosch Gmbh

 

New certified Phishing Simulation and Anti-Phishing Consulting Partners in Amerca, Africa, South-East Europe and Switzerland - Certified LUCY Partners

New certified LUCY Partners in North America, Nigeria, Slovenia and Switzerland

lucy-phishing-tagline-new-awareness-content-2017

Big Update: Awareness Training and Phishing Attack Templates 02/2017 – IT Security Training reloaded!

report-scam-and-analyze-with-lucy

Report Scams Quickly and Assure Speedy Threat Analysis – Phish Button for Outlook

Phishing Awareness Content Templates for LUCY Server 01/2017

Phishing Awareness and Attack Scenario Update 01/2017 – Lot of new or improved content!

lucy-ransomware-simulation-locked-screen

How to Educate Unteachable Security Ignorants – Screenlocker Ransomware Simulation

LUCY Phishing Software Java Dropper for Awareness Training

11 Great Things LUCY Phishing Software 2017

lucy-boot

Please Update to LUCY 3.2.5 (Patch)