An e-Fax Phishing Scam with a trackable PDF File [Video]

Check whether and how many users download a supposed E-fax in PDF format and open it if necessary.

At the turn of the millennium, many companies banned the physical fax machine from the offices and instead introduced fax servers with mail functions. Since then, the number of fax messages sent has fallen almost to zero. Such seldom-used business functions are a popular attack vector for cybercriminals. The eFax attack template with integrated, traceable PDF file is one of the most popular scenarios of the LUCY Cyber Prevention Server. We show in a short video how to configure a phishing campaign and how to track the file download.

This campaign can be carried out with any version of LUCY, including the free Community Edition. The process is completely harmless and no confidential data will be sent to third parties.

Why does the scenario use a landing page for the ‘fax’? This is due to the fact that a PDF does not have a function that allows tracking as long as the end customer does not use a vulnerable PDF reader. The only way to track whether a PDF has been downloaded is to embed the file in a web page.

Further highlights of the LUCY software

  • In addition to phishing tests, the solution also allows comprehensive training of employees with many templates.
  • Local and cloud installation possible
  • LUCY’s Phishing Alarm Button allows easy notification in case of suspicion.
  • The Incident Console in LUCY automatically calculates an Email Risk Score and informs the end user about the risk potential of the reported message.
  • Prefabricated malware simulations show you to what extent an attack on your network would be successfulThe malware simulation also provides tips on how to fix any weak points.
  • You always remain in control of your data, no information is transmitted to third parties!
  • Complies with GDPR

 


or download LUCY here.

 

Phishing Campaigns done in one minute

In One Minute to your own Phishing Simulation – Predefined Campaign Template Feature [Video]

It’s the easiest and fastest way to a phishing simulation. Free for everyone! There is no more efficient way to set up a phishing test than with LUCY Server. Even in its simplest form, the easily created campaign meets GDPR’s data protection requirements.

In one minute to your own phishing simulation. This is how “Educational Social Engineering” is fun. Professionals also use the “Predefined Campaign Template” functionality to create a phishing scenario. Within less than a minute an attack can be launched, sent and monitored! See yourself how easy it is to work with the LUCY cyber prevention software!

In addition to phishing tests, the solution also allows comprehensive training of employees with many templates.

What the Antiphishing Software can do

More highlights:

  • LUCY’s Phishing Alarm Button allows easy notification in case of suspicion.
  • The Incident Console in LUCY automatically calculates an Email Risk Score and informs the end user about the damage potential of the reported message.
  • Prefabricated malware simulations show you to what extent an attack on your network would be successful
  • The malware simulation also provides tips on how to fix any weak points.
  • You always remain in control of your data, no information is transmitted to third parties!

 

 

It is a GDPR compliant IT Security Awareness solution

GDPR is met: LUCY is the most secure IT security awareness system!

GDPR is no problem for LUCY and its customers. The LUCY server is secure and the customer data is protected, the personal data can also be kept anonymous.

GDPR places high demands on the providers of anti-phishing solutions. Security has always been a top priority at LUCY Phishing Server. The design decision to offer a locally installable standard product despite the cloud hype was clearly due to the security needs of many customers.

Also secure cloud solution – Since LUCY server is heavily automized, it is not an issue to run thousands of separated cloud instances. Each LUCY Cloud instance is a private server to which only the customer has access and where the data is as secure as if you were in a protected corporate network. Because

->Data storage is encrypted
->LUCY supports the complete anonymization of personal data
->Each installation is a closed system and belongs to the customer.

Extended security mechanisms – For the individual protection of a LUCY server, extended security mechanisms can be set up and used for system protection:

  • Restricted network-based access to LUCY
  • Secure and restricted user access
  • Safe setup of LUCY in a DMZ or SSZ
  • Secure (and anonymous) storage of data
  • Secure communication channels
  • Transparent network communication
  • Secure Remote Support
  • Regular updates of the application and operating system
  • Custom Admin URL for Administrator GUIs
  • Ability to monitor all system activities
  • And the ability to monitor the system in real time

and LUCY’s cloud servers are located in ISO27001 certified data centers. More information about security can be found in our wiki:

LUCY has no problems with GDPR and data security – it is the safest cybersecurity awareness solution!

Secure employee awareness training with LUCY Server: employee training, phishing simulations, self-executable infrastructure asessements and efficient alerting with the phishing alarm button. Dozens of templates and many training videos are included! The software is compliant to GDPR data privacy laws.

Configuration and Usage of the LUCY Phishing Button for Outlook [Video]

Simply and reliably report phishing attempts during operation. And all at a great price!

The LUCY webcast “How to install, configure and use the LUCY Phishing Incident Plugin” for MS-Outlook briefly shows the following steps:

  1. Configuration of the’ Phishing Button’.
  2. Download and installation of the feature in Outlook (c)
  3. Usage: A phishing simulation mail is reported using the plugin
  4. Short insight into the LUCY Threat Console and the calculation of the LUCY Risk Score.

The Phish button works under MS-Windows / Microsoft-Outlook (32 and 64 BIT). The add-in also runs under MS-Outlook for Apple Mac and Office 365 (c) is also supported. Availability and Costs: The basic functionality of the alarm button is already available with the cheapest commercial version UNLIMITED. You can install the button as often as you want with STARTER Edition.

Availability and costs: The basic functionality of the alarm button is available with the basic commercial edition. You can install the button as often as you want with the’ Starter Edition’ (unlimited!).

1) Configuration of the’ Phishing Button’.

Log in to LUCY and go to the menu item “Incidents” and then click the button Settings –> Plugin Settings.

  • There you can maintain the “e-mail recipient” (where the e-mails are to be sent when the end user clicks on the button).
  • The “Thank You Message” contains the text that is returned after the user has clicked the button.
  • The “Thank You Message for LUCY Emails” is the message that comes up when the user submits an email using the Phish-Alarm button, in the case he’s submitting a LUCY Phishing Simulation Email Message.
  • With “Button Message” you enter the text that is shown on the button itself.
  • And Subject: It’s the subject line with which the messages are received by the administrator.

When selecting the transmission methods, the following options are available for selection (multiple answers possible)

  • Submission via HTTP (transmission via email)
  • Submission via SMTP (transmission via email)
  • “Use SMTP for receiving incident reports on Lucy “: Check this option if you want the Outlook Plugin to send a copy of the reported phishing mail to LUCY (into the Incident Console). The mails from phishing simulations are filtered out.
  • “Use smtp for receiving incident reports on LUCY” – If this option is enabled, LUCY Server assumes that the server needs to intercept the emails sent by the plug-in (add-in) via SMTP. The local LUCY Postfix server is configured accordingly. All received emails are added to the Incident Console. If you do not enable this, even if the email points to Lucy, nothing happens – the server does not wait for messages via SMTP.

2) Download and installation of the feature in Outlook

The plugin can be downloaded directly from the Incident console. To do this, a *. msi installation file is created when you click on it. If changes are made in the configuration of the button, the *. msi file has to be downloaded and installed again!

3) Use: A phishing simulation mail is reported using the plugin

When the user submits a LUCY phishing email, he is immediately informed in Outlook that the user has reported a phishing simulation email. This frees the administrator from the triage between’ simulated phishing mails’ and’ real external mails’.

4)  LUCY Threat Console &  the calculation of the LUCY Risk Score.

From the LUCY “Business Edition” onwards, the’ LUCY Email Risk Factor/Score’ is available. Here, risk scores for the mails submitted are calculated with the help of 4 different rule sets:

  1. Rules for header analysis
  2. Rules for Sender Domain Analysis
  3. Rules for the analysis of message content (body)
  4. Own, individual rules

This results in a score of 1-10. That’s it 🙂 We wish you a lot of fun with LUCY Server!

 

Longer and shorter videos for employee awareness education (and trackable)

Trackable educational IT security awareness videos with various durations from LUCY Security are included in all commercial editions of its Software.

Longer Videos for initial trainings and short videos for skilled workers! LUCY Security is aware that customers have individual needs. That’s why LUCY Best Practice Training Videos for employee education are rolled out in a long and in a short version. Today we present two recently added videos:

  • Secure Internet Usage Video (Long / Short)
  • Secure Social Media Usage Video (Long / Short)

Secure Social Media Usage Video: The content (animation, language, script) is customizable. The long video takes 5.4 Minutes and the short version is only one minute long.

In the second featured rich media training we talk about secure internet usage. Also here the content (animation, language, script) is customizable. The long version is 4.3 Minutes and the short one is one Minute long.

Video Statistics available

Who watched how long? These awareness training templates provide statisticial insights. They are reported in the dashboards as well in the campaign reporting.

State of Internet Crime Banner

State of Cyber Attacks 2018 – A big Overview about Cybercrime [Infographic]

Phishing, Trojans, Ransomware and Viruses: Hardly a day goes by without hacker attacks against companies or private individuals.  This huge LUCY Infographic shows the explosion of internet crime

 

 

State of Cyber Crime 2018 – Numbers in detail

 

  • In the United States by Internet crime caused damage in 2001:17.8 million USD.
  • In the United States by Internet crime caused damage in 2016: 1.45 billion USD.

 

The most frequently attacked applications are the browser and Android devices with a total of 75 %.

Number of infected devices by selected malicious programs:

  • IloveYou” (2000): 50 million
  • “Sasser” (2004): 1 million
  • “Storm” (2007): 10 million
  • “Conficker” (2009): 2.9 million

 

  • Number of all detected malware by 2005: 1.7 million
  • Number of all detected malware by 2017: 600 million

 

Budget of Microsoft’s bounty fund to seize malware programmers: 5 million

 

Distribution of attacks on Windows by malware type in 2016:

  • Viruses 49,2 Precedent
  • Trojan generally 30.3 percent
  • Worms 11.5 percent
  • Scripts 4.32 percent
  • Backdoors 0.87 percent
  • Ransomware 0.87 percent

 

Strength of a DDoS attack of the malware Mirai of 2016: 620 Gbit / s

Daily new malicious programs: 390,000

 

The computer worm MyDoom holds the record for the fastest spreading rate to date, it was in every twelfth e-mail in 2004, slowing down the world’s Internet access by 10 percent.

 

Estimated number of civilian Red Hacker Alliance in China: 100,000

 

  • Malware detection rate Windows devices: 77.22%
  • Malware detection rate for Android devices: 5.83%

 

52 percent of all malicious programs are distributed via “.com” domains

The smallest virus family to date is called “Mini” or “Trivial” and is, in some variants, only 13 byte (big)

Booty generated by tthe Ransomware WannaCry: 70,000 Dollars

Paid ransom by a South Korean Web Hoster in June 2016 after a Ransomware attack: 1 million US dollars

Share of Ransomware victims who pay ransom but do not retain access to their data: 20 percent

 

Average amount victims are willing to pay after a Ransomware attack by Country

  • Great Britain 568 USD
  • Denmark 446 USD
  • USA 350 USD
  • Germany 227 USD
  • France 203 USD

 

Globally registered phishing attacks 2016: 1.22 million

Globally registered phishing attacks 2015: 0.43 million

 —

Phishing simulation campaigns sent by the LUCY server by S1 / 2017 for training purposes: 7200

43% of spear phishing attacks target small businesses

Small businesses lose an average of $41,000 per cyber security incident

Social Engineering like Phishing are key to successful cybercrime. Of the bad guys…

  • 3% try to exploit a technical flaw
  • 97% try to trick a user with some social engineering scheme
  • 91% of cyberattacks and the resulting data breach begin with a spear phishing email

Global ransomware damage 2015: 325,000,000 USD (345 M)
Global ransomware damage 2017: 5,000,000,000 USD ( 5B)

 

Connected devices infected with malware, top 3 countries:

  1. China 47%
  2. Turkey 43%
  3. Taiwan 39%

 

Top 5 countries in Q2 / 17 sending spam mails:

  1. Vietnam 12.4%
  2. USA 10.1%
  3. China 9%
  4. India 8.8%
  5. Germany 5.1%

Top 5 countries in Q2 / 17 receiving spam mails

  1. Germany 12.7%
  2. China 12.1%
  3. Russia 9.1%
  4. Japan 5.87%
  5. Russia 5.67%

 

Sources: BitDefender, APWG.org, Kaspersky Lab Report 2017, LUCY Security, Symantec ISTR 2016, 2016 Phishme Enterprise Phishing Susceptability and Resiliency Report, Cybersecurity Ventures Ransomware Damage Report 2017

www.lucysecurity.com/state-of-cyber-2018

This information contained herein has been obtained from sources believed to be reliable. LUCY Security disclaims all warranties as to the accuracy, completenesss or adequacy of such information. LUCY Security shall have no liablility for errors, omissions or inadequacies in the information contained herein or for the interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results.

Short Summary Flyer – Everything you need to know about LUCY!

LUCY, the cyber awareness product, makes Simulated Internet Attacks available and a ordable for all!

We love to simplify it, so we have created a brochure that summarizes all the necessary information on the best awareness and training product on just two pages. If you want an overview about LUCY Server, take a look! No subscription needed. Just download our short summary!

The LUCY Phishing Awareness Training Server is used to simulate social engineering attacks and it is universally applicable from SMEs right up to very large customers. Available on-premise or as a cloud solution, LUCY is easy to learn & intuitive to use. This Swiss solution provides dozens of precon gured, easily customizable phishing templates and training modules, which can be independently used by the end user.

With LUCY’s “Phishing Incident Plugin for MS-Outlook ©” users rapidly send and receive security alerts, whenever a phishing attack is detected. This speeds up security team responses whilst reducing workload and costs. Lucy is already installed and used in more than 3900 licenses in over 50 countries. LUCY has an international channel of certified “Eco System Partners” in 12 countries, to complete the LUCY offering with their additional value-added services.

LUCY at a glance:

  • Phishing Simulations for Data Input
  • Phishing Attack Simulations with Attachments
  • Phishing Simulations with harmless malware
  • Smishing Simulations (SMS)
  • Ransomware Simulations and Malware Testing
  • Rich Media Training with many customizable templates
  • Compliant with European Data Privacy Laws
  • Phish Button, Threat Console (Alerting),
  • Threat Analysis and Threat Mitigation
  • Powerful Community Edition with 500 free recipient credits!
  • Swiss Efficency & Effectiveness
  • Cloud or On-Premise Edition

 

Simulated Cyber Attacks

Simulated Cyber Attacks [Infographic] – 2/3 of Customers willing to Testify and more than 8 out 10 are Recommending LUCY!

In Spring 2017 customers of LUCY Security were asked to reply to a survey. We have summarized the results of the detailed report (here) in an infographic.

Simulated Cyber Attacks -LUCY Customer Survey 2017

 

  • The LUCY Customer Survey 2017 got a response rate of 28.4%
  • More than 8 out of 10 customers would recommend LUCY to a third party
  • 2/3 of the respondents are willing to act as reference customers
  • 70% of the respondends were interested in a LUCY User Group

eFax Phishing rocks: The most popular Phishing Attack Template was the

  • eFax-Scenario
  • Other popular scenarios:
    • Encrypted Mail
    • WebEx(e)
    • Virus Scanner
    • Password Assessment
  • 50+ Suggestions for Improvment were submitted
  • Close to half of the suggestions for improvement were already available as feature in LUCY!

The high response rate and the great willingness to stand as a reference customer are amazing, because the IT security industry is known for its secrecy. The high popularity rates for a public user group suggest a rethinking in the market that cyber crime can only be fight and confined together. Secrecy is detrimental to the security of the company on the Internet!

LUCY Server enables companies to be able to implement realistic simulated cyber attacks for educational purposes. At the same time, customized security awareness programs and early warning systems for security incidents can be used to increase cyber security for employees. The LUCY Server also provides the first-time cyber prevention in the form of a product (instead of services) that is affordable for everyone. In addition customers are given the opportunity to test and improve their IT security, even without special know-how using wizards and templates.

 

 

 

There’s no better Solution for Simulated Cyber Attacks!

 

LUCY Server Overview Two Pager

LUCY Two Pager 2017

All you need to know about LUCY Server on one sheet of paper. The Two Pager Overview for LUCY V 3.7.

 

LUCY Server Overview Two Pager

 

The functionality of the Cyber Prevention and Training Server is displayed on a single page using a simple feature list. Explore the full functionality of LUCY Server in a compressed form.

 

 

Results from the Customer Survey 2017

Key findings: 84% of the participants recommend LUCY Security and two-thirds of the respondents are willing to call themselves publicly as a reference customer! And more than 70% of the participants are interested in a user group.

For us, it is also interesting that almost half of the submitted suggestions for improvement are already available as LUCY features.

would-you-recommend-lucy-2017

 

In Feb / Mar 2017, clients of LUCY Security were asked to conduct a customer survey. The return rate was relatively high at 28.4%. The survey was conducted by the company itself on the basis of a short email questionnaire.

LUCY Security was not founded until 2015. The fact that such a young and still small cyber security product manufacturer gets so good grades after such a short time is evidence of the quality of the product and suggests that Swissness is also a not to be underestimated competitive factor.

Furthermore, the results are amazing, because the IT security industry is known for its secrecy. The high popularity rates for a public user group suggest a rethinking in the market that cyber crime can only be fight and confined together. Secrecy is detrimental to the security of the company on the Internet!