An e-Fax Phishing Scam with a trackable PDF File [Video]

Check whether and how many users download a supposed E-fax in PDF format and open it if necessary.

At the turn of the millennium, many companies banned the physical fax machine from the offices and instead introduced fax servers with mail functions. Since then, the number of fax messages sent has fallen almost to zero. Such seldom-used business functions are a popular attack vector for cybercriminals. The eFax attack template with integrated, traceable PDF file is one of the most popular scenarios of the LUCY Cyber Prevention Server. We show in a short video how to configure a phishing campaign and how to track the file download.

This campaign can be carried out with any version of LUCY, including the free Community Edition. The process is completely harmless and no confidential data will be sent to third parties.

Why does the scenario use a landing page for the ‘fax’? This is due to the fact that a PDF does not have a function that allows tracking as long as the end customer does not use a vulnerable PDF reader. The only way to track whether a PDF has been downloaded is to embed the file in a web page.

Further highlights of the LUCY software

  • In addition to phishing tests, the solution also allows comprehensive training of employees with many templates.
  • Local and cloud installation possible
  • LUCY’s Phishing Alarm Button allows easy notification in case of suspicion.
  • The Incident Console in LUCY automatically calculates an Email Risk Score and informs the end user about the risk potential of the reported message.
  • Prefabricated malware simulations show you to what extent an attack on your network would be successfulThe malware simulation also provides tips on how to fix any weak points.
  • You always remain in control of your data, no information is transmitted to third parties!
  • Complies with GDPR

 


or download LUCY here.

 

Phishing Campaigns done in one minute

In One Minute to your own Phishing Simulation – Predefined Campaign Template Feature [Video]

It’s the easiest and fastest way to a phishing simulation. Free for everyone! There is no more efficient way to set up a phishing test than with LUCY Server. Even in its simplest form, the easily created campaign meets GDPR’s data protection requirements.

In one minute to your own phishing simulation. This is how “Educational Social Engineering” is fun. Professionals also use the “Predefined Campaign Template” functionality to create a phishing scenario. Within less than a minute an attack can be launched, sent and monitored! See yourself how easy it is to work with the LUCY cyber prevention software!

In addition to phishing tests, the solution also allows comprehensive training of employees with many templates.

What the Antiphishing Software can do

More highlights:

  • LUCY’s Phishing Alarm Button allows easy notification in case of suspicion.
  • The Incident Console in LUCY automatically calculates an Email Risk Score and informs the end user about the damage potential of the reported message.
  • Prefabricated malware simulations show you to what extent an attack on your network would be successful
  • The malware simulation also provides tips on how to fix any weak points.
  • You always remain in control of your data, no information is transmitted to third parties!

 

 

Configuration and Usage of the LUCY Phishing Button for Outlook [Video]

Simply and reliably report phishing attempts during operation. And all at a great price!

The LUCY webcast “How to install, configure and use the LUCY Phishing Incident Plugin” for MS-Outlook briefly shows the following steps:

  1. Configuration of the’ Phishing Button’.
  2. Download and installation of the feature in Outlook (c)
  3. Usage: A phishing simulation mail is reported using the plugin
  4. Short insight into the LUCY Threat Console and the calculation of the LUCY Risk Score.

The Phish button works under MS-Windows / Microsoft-Outlook (32 and 64 BIT). The add-in also runs under MS-Outlook for Apple Mac and Office 365 (c) is also supported. Availability and Costs: The basic functionality of the alarm button is already available with the cheapest commercial version UNLIMITED. You can install the button as often as you want with STARTER Edition.

Availability and costs: The basic functionality of the alarm button is available with the basic commercial edition. You can install the button as often as you want with the’ Starter Edition’ (unlimited!).

1) Configuration of the’ Phishing Button’.

Log in to LUCY and go to the menu item “Incidents” and then click the button Settings –> Plugin Settings.

  • There you can maintain the “e-mail recipient” (where the e-mails are to be sent when the end user clicks on the button).
  • The “Thank You Message” contains the text that is returned after the user has clicked the button.
  • The “Thank You Message for LUCY Emails” is the message that comes up when the user submits an email using the Phish-Alarm button, in the case he’s submitting a LUCY Phishing Simulation Email Message.
  • With “Button Message” you enter the text that is shown on the button itself.
  • And Subject: It’s the subject line with which the messages are received by the administrator.

When selecting the transmission methods, the following options are available for selection (multiple answers possible)

  • Submission via HTTP (transmission via email)
  • Submission via SMTP (transmission via email)
  • “Use SMTP for receiving incident reports on Lucy “: Check this option if you want the Outlook Plugin to send a copy of the reported phishing mail to LUCY (into the Incident Console). The mails from phishing simulations are filtered out.
  • “Use smtp for receiving incident reports on LUCY” – If this option is enabled, LUCY Server assumes that the server needs to intercept the emails sent by the plug-in (add-in) via SMTP. The local LUCY Postfix server is configured accordingly. All received emails are added to the Incident Console. If you do not enable this, even if the email points to Lucy, nothing happens – the server does not wait for messages via SMTP.

2) Download and installation of the feature in Outlook

The plugin can be downloaded directly from the Incident console. To do this, a *. msi installation file is created when you click on it. If changes are made in the configuration of the button, the *. msi file has to be downloaded and installed again!

3) Use: A phishing simulation mail is reported using the plugin

When the user submits a LUCY phishing email, he is immediately informed in Outlook that the user has reported a phishing simulation email. This frees the administrator from the triage between’ simulated phishing mails’ and’ real external mails’.

4)  LUCY Threat Console &  the calculation of the LUCY Risk Score.

From the LUCY “Business Edition” onwards, the’ LUCY Email Risk Factor/Score’ is available. Here, risk scores for the mails submitted are calculated with the help of 4 different rule sets:

  1. Rules for header analysis
  2. Rules for Sender Domain Analysis
  3. Rules for the analysis of message content (body)
  4. Own, individual rules

This results in a score of 1-10. That’s it 🙂 We wish you a lot of fun with LUCY Server!

 

Longer and shorter videos for employee awareness education (and trackable)

Trackable educational IT security awareness videos with various durations from LUCY Security are included in all commercial editions of its Software.

Longer Videos for initial trainings and short videos for skilled workers! LUCY Security is aware that customers have individual needs. That’s why LUCY Best Practice Training Videos for employee education are rolled out in a long and in a short version. Today we present two recently added videos:

  • Secure Internet Usage Video (Long / Short)
  • Secure Social Media Usage Video (Long / Short)

Secure Social Media Usage Video: The content (animation, language, script) is customizable. The long video takes 5.4 Minutes and the short version is only one minute long.

In the second featured rich media training we talk about secure internet usage. Also here the content (animation, language, script) is customizable. The long version is 4.3 Minutes and the short one is one Minute long.

Video Statistics available

Who watched how long? These awareness training templates provide statisticial insights. They are reported in the dashboards as well in the campaign reporting.

Create and run a smishing attack in two minutes - LUCY screencast

Setup and Run a Smishing Attack in 2 Minutes – Educational Social Engineering with LUCY

A smishing attack is done easily with LUCY Server. Set up your educational social engineering campaigns and train your people.

Create and Run a Smishing Attack Simulations with LUCY Server. A Smishing Campaign is like a Phishing Campaign, but the distribution is done over SMS messages instead using email. With LUCY you can set up such a campaign as easy as a phishing simulation. This Video shows how it’s done. You need to have the mobile numbers from the recipients. Please take note that Smishing is unlawful in some countries! LUCY Security from Switzerland makes cyber prevention and IT-Security awareness affordable and available to everbody!

 

Ransomware Explainer Video by LUCY

Did you know that you can customize our Ransomware Explainer Video?

Adapt LUCY’s Ransomware Explainer Video to your own needs. Owners of a commercial edition can customize every educational video delivered by LUCY for a reasonable price.

Our Ransomware video explains in less than two minutes how to protect against Ransomware attacks. This is about the behaviour of each individual: do not open links from unknown, think twice before you click.

Many customers use the video without customization to train your organization. But there is also a considerable amount that want to individualize the video or they want to add customer-specific information into the video. With the help of our storybooks, which we deliver to the customer as needed, this is done quickly. This allows the desired changes or extensions to be clearly and easily documented and specified.

Thus, a rapid and low-cost individualisation of the learning content is made possible.

Contact us if necessary or if you have more questions here: Request a semi-custom video.

 

Educational Advanced Spear Phishing Simulation with the appropriate Malware

Advanced Spear Phishing Campaign and appropriate Malware [Video-Tutorial]

Suitable for reproduction: Build your own advanced Spear Phishing Simulation with the appropriate attached Malware with LUCY. A 30 minute video gives you the possibility to build up an advanced phishing and malware simulation almost off the cuff!

LUCY Founder Oliver explains how you can set up an advanced Educational Spear Phishing campaign and store it as an reusable template. Contents are:

  • Create a new attack template for your own purpose
  • Create a file-based or mixed advanced spear phishing scenario, using pre-defined templates.
  • Configure the phishing mails, so that thy contain personalized content
  • Configure and integrate harmless Trojans (Malware) into the file-based scenario
  • Set a default behavior of the Trojan (f.e. commands on the client to be executed or the listing of “Recent Documents” on the target computer)
  • Start, monitor and finalize the campaign
  • Reporting: Analyze the results of the Spear Phishing campaign
  • Useage of the scheduler with multiple scenarios (Q+A at the end)

You would like to reproduce/replay this educational phishing campaign? Just request a Demo System here:

 

You want to copy an existing Website for a Social Engineering Scam? (Simulation) – We show you how it’s done

After 2 (two!) minutes you have a cloned website for your Phishing Scenario. LUCY Social Engineering Simulation Server empowers you when you set up an IT-Security Awareness Campaign [Screencast].

Advanced Phishing Simulations: Clone a Website and add your own Login Form – Do you want to create a phishing simulation and you want to use an social engineering simulation with LUCY - Cloning an existing Website and inserting a login form for data capturealready existing website as a landing page? This 2 minute video shows you quickly how to create a custom landing page with the website copy feature and adding a custom login form for data capture.

Just create a new scenario and select an empty Web based scenario. You can also select any other Web based scenario template for the social engineering simulation you want to customize, because the “Website Copy Feature” overwrites the default Landing Page of the template.

The steps described in the webcast are

  1. In LUCY, create a new campaign, edit the basic settings and save it
  2. Create a new scenario by selecting a Web based attack template (or chose an empty one), populate all mandatory fields and save it.
  3. Go to the Landing Page Menu Item of the scenario you created just before
  4. Push the “Copy Website Button”, the ‘WebSiteCopy’ dialogue appears
  5. Fill out the fields:
    • URL – The source website you want to copy
    • Language – With that you’re defining your language version (LUCY allows multiple languages in the same campaign)
    • File – Select the appropriate value in the poplist, choose f.e. index.html
  6. Push the “Start” Button and the Website Copy is executed. Even really big sites can be copied. And it’s fast!
  7. After the copy is finished, use the Back Button of the dialoge (not of the browser)
  8. Go into the editor, place the cursor where you want to add the login form, push the button “Insert Login Form”
  9. The System provides you three predefined login forms. Select an appropriate one and press OK. If you want to modify it later on, you can do that manually.
  10. The login form appears on the landing page from you social engineering simulation / phishing scenario. Save your setup of the landing page and you’re done with it!

 

Thank you for using LUCY. If you want to see the full end-to-end process from setting up the campaign until sending out and tracking the phishing simulation messages, the just watch the longer webcast below.

Watch the full and more detailed Scenario: Social Engineering Simulation Webcast

 

 

How to configure an IT Security Awareness Training with LUCY Interactive Training Templates

Security Awareness Training – Screencast How to customize your own Training using the Mixed Interactive Template

Use Malware and Ransomware simulations from LUCY: Screencasts, examples and tutorials

Create and run malware simulations – LUCY Screencasts