Send emails or SMS with a link to a customized landing page that encourages users to enter sensitive information. LUCY is harmless Phishing Software.
The LUCY Social Engineering Suite and Malware Testing Suite facilitate multiple application areas. They can be used for:
– People testing and education
– Technology assessments
– An inoffensive penetration test showcase
LUCY Multitenant Server can be downloaded and run on-premise within your intranet so that no data is transmitted outside of your organization. As an alternative, it can be used as a cloud-based solution with restricted access for only your staff.
How to test people and educate them?
IT-security awareness training, people testing and education – LUCY Phishing Software makes fake phishing campaigns and IT-security awareness trainings easy! It is the best solution to maintain vigilance against malware attacks and educate your organization to recognize cyber threats.
Everything is a campaign based on a scenario – And its easy! You can choose out of 70 different best-practice templates when you create a campaign and adapt it to your own specific needs. There are all types of scenario templates available: Phishing (hyperlink, file/download, mobile storage device and even SMiShing), awareness training or technical malware templates (see below).
Mixed and custom campaigns – Of course, you can mix your campaign with different scenarios and send different templates to different recipients. If you do not want to use templates you launch entirely custom-built phishing simulations.
Designed for non-technical persons – Input for best-run phishing simulations often comes from the business side of an organization rather than from its IT department. That is why one of the key benefits of LUCY is the potential for campaigns and simulations to be managed by users who are not technically-trained individuals. You do not need to go to a “hacking school” to operate LUCY!
Educate your people and improve their cyber threat knowledge with predefined learning content or add your own training content.
Report, analyze, learn and improve your future simulations – Detailed state-of-the-art reporting generally fits the needs of risk management and GRC officers, or other stakeholders. LUCY’s integrated dashboard and in-depth statistics provide the data necessary for IT-security specialists to analyze past campaigns or improve future ones. The integrated campaign comparison and trend analytics functionality facilitate this work, especially for larger organizations.
Rerun and become safer! – Cyber threats and IT-security risks are real. Having a campaign-based view does not lead to a well-prepared workforce or a vigilant organization. Simulations and campaigns need to be run on an ongoing basis. LUCY allows you to run campaigns the whole year round!
What is LUCY’s Technology Assessment?
When a simulated phishing attack is successful you can run customized client vulnerability detection routines. They check out the posture of browsers installed in the organization; it checks if there are any hooks, which can be used by attackers, and determines to what degree they could be exploited. Results are shown in the campaign reporting.
Our second technology assessment method uses LUCY’s Malware Simulation Module. After a successful infection, it starts with the client and goes through a long list of client configuration items to determine if they are set correctly. But you also can start the program manually without a phishing simulation campaign to directly determine if there are any flaws in your IT infrastructure.
In addition to the methods mentioned above, LUCY provides safe and harmless tools for manual technology assessments executed by senior assessors.
People Testing and Education
Test and train your people with all kind of Phishing campaigns. Educate them with rich media content and awareness campaigns. Reporting provides you important insights. And do everything on an ongoing basis!
Awareness campaign creation based on world-class best practices made easy – Our company has accumulated knowledge through decades of penetration testing and by running Social Engineering projects for all types of customers. A major part of our know-how is incorporated into more than 70 different campaign templates. When you create an awareness campaign, just choose one of these best-practice templates and adapt it to your own specific needs: Select your category: hyperlink (data entry), mobile storage device scenarios and even templates for SMiShing attacks are available. Of course, you can mix your campaign with different scenarios and also send different templates to different recipients. If you want to learn more about the process to set up and execute a campaign please refer to the article How to set up a Data Entry Phishing Campaign.
Develop and run full custom campaigns and clone existing websites for your landing pages – If you do not want to use templates, you can design and launch entirely custom-built phishing simulations and subsequent trainings. Landing pages used in your custom attack scenario can be instantly cloned and deployed with the website cloning feature and an integrated credit to purchase DNS entries that serve your campaign.
Train, educate and improve the knowledge of your people in the area of cyber threats with predefined and customizable video content or interactive questionnaires and quizzes. You can use the already existing rich media content designated to train your staff. If needed, you can adapt the text, the videos or the quizzes, or you can enhance and respectively replace each with any other training and education content.
Reporting – Learn and improve your future simulations. People testing and awareness training is a journey. Most customers start simple and they become more sophisticated in running campaigns and trainings over the time. LUCYs built in reporting capabilities support this way and they are provide you insights and statistics for the further development of your company.
Analytical capabilities with vulnerability detection and client security testing – Run your own hack attack without doing harm! Find out if your IT infrastructure is secure. Discover possible vulnerabilities and go even further with LUCY than you can with any other tool to realize just how far an intruder could likewise go. LUCY contains custom client vulnerability detection routines developed and used by our own penetration testers countless times. Client security testing is used to determine the posture of browsers installed in the organization. It checks if there are hooks, which can be used by attackers, and determines to what degree they could be exploited. All these actions are monitored by the SysAdmin. Regular users do not have access to these features and no data is transmitted anywhere if you do not want it to be.
Active technology assessment through Malware Simulation, Client Security Testing and the Penetration Test Kit – It is difficult to think and to act like a hacker when you are not used to it. Most malicious exploits either have their roots in a simple, easily identifiable misconfiguration of clients, e.g. PCs, or in the creativity of the intruder. LUCY’s Malware Simulation goes through a long list of client configuration items and checks if they are set correctly. Unlike the Malware Simulation, which tries to harvest low-hanging fruit, the Penetration Test Kit allows users to simulate highly sophisticated and complex threat scenarios. It can thus be assessed to what extent attacks like the Sony Hack or the Carbanak APT Case would be possible.
Dropper functionality for senior assessors – Experts often stress a special area of IT security: the possibility of deploying and executing malicious code within the internal secured network. All real attacks possess three main phases in common. The first step introduces malicious code into the network. Next, the code executes in a manner that goes unnoticed. The final step retrieves the captured data from the network. LUCY provides dedicated dropper functionality in order to assess how and to what extent the code can be introduced into the organization and executed. In order to ensure the safety of this solution, only exclusive LUCY executables are, or can be, used.
Inoffensive Penetration Test Showcase
Run your own hack attack without doing any harm! – The malware testing suite allows you to act like a penetration tester and to run a technology assessment of your own IT infrastructure based on best practices from our IT-security specialists.
For pitching purposes or quick web drive-by attack demos – Penetration testers can benefit by instantly setting up their own penetration test environment, regardless of the goals they want to achieve.
Report Phishing with the Outlook Phishing Incident Plugin!
Empower the users with a simple button within Microsoft Outlook. If a user spots a suspicious e-mail in his Inbox, he can report it for further inspection to a predefined authority. The administrator can check it the reported Phishing scam is really an attack, if it’s a false alarm or if it is ‘only’ a simulation run by LUCY Server. It is a simple but really powerful feature.
For small and big Companies!
On the one hand, a big customer recently ran a single phishing simulation for more than 80,000 customers. On the other hand, there are more than 2,000 active installations of the Community Edition, which perfectly fits the needs of companies with fewer than 50 employees, impressively demonstrating that IT-security awareness is not only a topic for big companies!
LUCY: Easy to use for SMBs and a powerful tool for global enterprises!