LUCY Server Overview Two Pager

The LUCY Two Pager

All you need to know about LUCY Server on one sheet of paper. The Two Pager Overview for LUCY V 4.2.


LUCY Server Overview Two Pager


The functionality of the Cyber Prevention and Training Server is displayed on a single page using a simple feature list. Explore the full functionality of LUCY Server in a compressed form.



Create certificates of attendance with LUCY Server

Print Certificates of Attendance after a successful CBT

The LUCY Cyber Prevention Server also print Certificates of Attendance! Graduates of a LUCY Training can print out or have their course diploma sent to them at the end.

If a user has completed an eLearning module of LUCY, the user receives a course certificate upon successful completion. This function can be configured when setting up the awareness training campaign, as well as the percentage of correct quiz questions required. An email will be sent to the user after the course. This then allows the course graduate to download the PDF certificate document. Alternatively, the certificates can be retrieved in the ‘End-User Learning Portal’ of the LUCY Server.

All CBT modules containing quiz questions can be enabled with the certificate of attendance function. We wish you a lot of fun with IT Security Awareness trainings and Phishing Simulations with LUCY Server!

— Print a Certificate of Attendance with LUCY —


Roll out a GDPR Training

Rollout a GDPR Training to your Employees in a Minute [Video]

Rolling out an interactive GDPR training with LUCY. Imagine that you want to distribute a training course to your employees quickly and easily. You would like to know who the people have completed the training and what results have been achieved.  LUCY Server is also an e-learning system with which you can roll out training content in your company.

The short video shows how to set up a GDPR training in LUCY and send it to the employees. The course content is available as a template in the product. The procedure in LUCY is very simple:

  1. Create a new campaign
  2. Create a new scenario in it, select “Awareness” as type
  3. Select the GDPR training (corresponds to the DSGVO) as a template
  4. Save the scenario. Now you have created your own GDPR course. The course includes small tests and a quiz
  5. Edit the invitation mail to your employees
  6. Add the recipients to complete the course
  7. Start the GDPR training!

That’s all it takes: -) Have fun with LUCY Server.

Would you like to see what the training content is? Then watch this video.

About the Awareness Training Content in LUCY: Within the product we offer dozens of training templates. This is not just about information security. There are also training modules on physical security or safe use of the mobile phone, to name just two examples. Static learning content, interactive training and many videos are available. Our best practice videos can be customized to your requirements at a standard price. So you can get a personalized training video at a reasonable price, if you wish!

Create your own training modules! Since LUCY 4.0, the’ Adapt Authoring Toolkit’ has been integrated into LUCY. Training professionals can create their own content and use LUCY to distribute the training. We are more than just a phishing simulator!

Interactive GDPR Course by LUCY

Watch the GDPR Data Privacy and the General Data Protection Regulation Course [Video]

LUCY Learning Content – Our interactive GDPR course

This course aims to provide a comprehensive guide about how and why the Data Protection regulations should be put into practice in your workplace. It also explains what will happen if you don’t follow the rules.

Where do you find this course? It’s located as an awareness training in LUCY Server, but you can export the GDPR-Training as a SCORM-File and use it in any other Learning Management Solution.

The GDPR Course has seven sections or lessons

  1. In the first lesson of the GDPR Course you will learn the background of data protection and why it’s important. Key terms and exceptions are explained. In addition, you will learn some practical tips.
  2. In the second lesson, you will learn what the General Data Protection Regulation actually is, where it’s applied and what its basic purpose is.
  3. The third lesson shows a little more in detail for whom GDPR applies. Who is particularly affected?
  4. Chapter four deals with key definitions, for example the difference between personal data and sensitive data, what a recipient – or – what a data subject is. At the end of lesson 4 you will complete a short quiz.
  5. In the fifth lesson, you learn about exemptions from GDPR: – The data processor must disclose information when it comes to prosecuting a criminal offence, to name just one example in the course. And at the end of the lesson you will complete a short exercise.
  6. In the sixth part of the training you will learn the 9 principles on which GDPR is based.
  7. In the last and the biggest course part you will learn the real basics: How and in what way can personal data be collected and processed? Who needs to be informed and how? What is NOT allowed to do with the data? Who needs to be informed in case of a data breach and other security incidents?

Have a look at our second GDPR webcast. There you can see how such training courses can be set up within minutes and rolled out throughout the whole company. And: The software currently has fifty other modules for security training!

Thank you and have fun using LUCY! – Do you like our tool? Let us know if yes please! Thanks!

What is New in LUCY Version 4.0?

The 14 best new phishing and databreach prevention features in LUCY V4.0 [Video]

With 4.0, we’ve rolled out a pretty long list of new features and improvements. Our cyberprevention server has become even better than it already is. In this article, we would like to show you our 14 favorite new features that are worthy of special mention.

01. Dashboard improvements One

Starting with LUCY 4.0 we re-designed the dashboard. Filter by type or by execution status, use the search field and select between multiple dashboard modes.

02. Dashboard improvements Two

Widgets! Can be moved on the screen

03. Incident Auto Feedback

Including Risk Score Autoresponder. LUCY allows the admin to define an auto responder for submitted emails through the phish button. The risk score uses the IP’s and domains in your email and compares them with databases that contain information about malicious activities

04. Threat mitigation

The threat mitigation is a new feature that allows the LUCY admin to report reported phishing mails to according abuse contact of the provider’s originating IP address taken from the message header. You can click on the mail symbol within the incident center to initiate the sending of the report

05. Risk Assessment mode for campaigns

Instead of showing only raw data about how many users have been successfully phished, we can additionally provide a risk assessment methodology in LUCY, that shows the exposure to certain threats. We can classify different types of threats/Likelihoods such as Technical threats (e.g. unsecured windows PC, unsecure browser etc.), internal threat (e.g. uneducated user who clicks on certain content) and externals threats through hackers (latest trends in attacks, e.g. exploiting a specific browser vulnerability). In LUCY 4.0 we implemented the 1st analysis step and in the coming releases, this feature will be improved.

06. Create a new campaign based on a previous campaign template

LUCY now allows an administrator to create a template based on a previous campaign. The template consists of all settings including all associated scenario and awareness templates. You can then start a new campaign, using this campaign template

07. User reputation

The user reputation level is a score that gives every user a specific profile based on the number of tests performed against this user and the amount of successful phishing simulations.

08. New message template variables

Lucy allows you to use multiple variables within the message template. The variables pull the information from the recipient in the associated group. We added a few new variables (e.g. Gender specific variable) and you can now also use the dropdown in the message template to insert the variables at the right place. New is also the option to use these variables in the message header.

09Authoring Toolkit 

Create e-learning content with the integrated ADAPT Authoring tool: LUCY comes with an integrated e-learning tool called ADAPT. Adapt allows you to build a Multi-Modal content. You can watch videos, listen to audios with transcripts, and complete quizzes. Adapt also has Multi language and localization support Adapt is designed to solve a problem in eLearning. When you’re faced with delivery to multiple devices, such as desktop, tablet, mobile, you have a choice: you can create multiple versions, each optimized for specific devices, or you can use a responsive design approach. If you create and optimize multiple versions for each device, you might build in Flash for desktop, a native app for iPhone, a different version for iPad, and Android, and so on. As you can see, this method is complex and expensive. Then when you start getting into translation and maintenance, it gets out of control pretty quickly – not to mention the tracking issues if you’re trying to track data from multiple sources. Adapt gives you a different, and much simpler option. Adapt creates just one version of your eLearning in HTML5, which responds intelligently to the device it is viewed on.

10. Reputation Based Learning 

Assign custom e-learning content based on a user’s reputation level: Based on the amount of successful attack simulations for an individual user, you can assign a specific e-learning template in LUCY. If a user didn’t fall for a phishing simulation yet, you might want to assign a different e-learning content than for a user who continuously submitted sensitive data in previous phishing simulations. Please visit this chapter for details.

 11. SCORM export of awareness content

All e-learning templates can now be exported using the SCORM format, allowing you to use the LUCY content in another  LMS (Learning Management System).

12. Advanced export features

Starting with LUCY 4.0 we added a navigation item called export within the campaign overview page. The menu that opens allows you to export any campaign related data

13. Randomization feature for the scheduler

We added a randomization feature, that allows you to split up your recipients over different scenario’s using the scheduler.

14. New real time statistics overview

The real time statistics were improved and they include various data sources and ‘views’ that allow you to see the overall campaign statistics (attack & e-learning) on one page.

Wiki Resources

  1. Dashboard improvements (Dashboard)
  2. Dashboard improvements (Widgets)
  3. Incident Auto Feedback
  4. Threat mitigation
  5. Multiple Default Campaigns
  6. Risk Assessment mode for campaigns
  7. User reputation
  8. New real time statistics overview
  9. New message template variables
  10. Authoring Toolkit
  11. Reputation Based Learning
  12. SCORM export of eLearning content: 
  13. Randomization feature for the scheduler 
  14. Advanced export features


Do you like our tool? Let us know if yes please! Thanks!

An e-Fax Phishing Scam with a trackable PDF File [Video]

Check whether and how many users download a supposed E-fax in PDF format and open it if necessary.

At the turn of the millennium, many companies banned the physical fax machine from the offices and instead introduced fax servers with mail functions. Since then, the number of fax messages sent has fallen almost to zero. Such seldom-used business functions are a popular attack vector for cybercriminals. The eFax attack template with integrated, traceable PDF file is one of the most popular scenarios of the LUCY Cyber Prevention Server. We show in a short video how to configure a phishing campaign and how to track the file download.

This campaign can be carried out with any version of LUCY, including the free Community Edition. The process is completely harmless and no confidential data will be sent to third parties.

Why does the scenario use a landing page for the ‘fax’? This is due to the fact that a PDF does not have a function that allows tracking as long as the end customer does not use a vulnerable PDF reader. The only way to track whether a PDF has been downloaded is to embed the file in a web page.

Further highlights of the LUCY software

  • In addition to phishing tests, the solution also allows comprehensive training of employees with many templates.
  • Local and cloud installation possible
  • LUCY’s Phishing Alarm Button allows easy notification in case of suspicion.
  • The Incident Console in LUCY automatically calculates an Email Risk Score and informs the end user about the risk potential of the reported message.
  • Prefabricated malware simulations show you to what extent an attack on your network would be successfulThe malware simulation also provides tips on how to fix any weak points.
  • You always remain in control of your data, no information is transmitted to third parties!
  • Complies with GDPR


or download LUCY here.


Phishing Campaigns done in one minute

In One Minute to your own Phishing Simulation – Predefined Campaign Template Feature [Video]

It’s the easiest and fastest way to a phishing simulation. Free for everyone! There is no more efficient way to set up a phishing test than with LUCY Server. Even in its simplest form, the easily created campaign meets GDPR’s data protection requirements.

In one minute to your own phishing simulation. This is how “Educational Social Engineering” is fun. Professionals also use the “Predefined Campaign Template” functionality to create a phishing scenario. Within less than a minute an attack can be launched, sent and monitored! See yourself how easy it is to work with the LUCY cyber prevention software!

In addition to phishing tests, the solution also allows comprehensive training of employees with many templates.

What the Antiphishing Software can do

More highlights:

  • LUCY’s Phishing Alarm Button allows easy notification in case of suspicion.
  • The Incident Console in LUCY automatically calculates an Email Risk Score and informs the end user about the damage potential of the reported message.
  • Prefabricated malware simulations show you to what extent an attack on your network would be successful
  • The malware simulation also provides tips on how to fix any weak points.
  • You always remain in control of your data, no information is transmitted to third parties!



It is a GDPR compliant IT Security Awareness solution

GDPR is met: LUCY is the most secure IT security awareness system!

GDPR is no problem for LUCY and its customers. The LUCY server is secure and the customer data is protected, the personal data can also be kept anonymous.

GDPR places high demands on the providers of anti-phishing solutions. Security has always been a top priority at LUCY Phishing Server. The design decision to offer a locally installable standard product despite the cloud hype was clearly due to the security needs of many customers.

Also secure cloud solution – Since LUCY server is heavily automized, it is not an issue to run thousands of separated cloud instances. Each LUCY Cloud instance is a private server to which only the customer has access and where the data is as secure as if you were in a protected corporate network. Because

->Data storage is encrypted
->LUCY supports the complete anonymization of personal data
->Each installation is a closed system and belongs to the customer.

Extended security mechanisms – For the individual protection of a LUCY server, extended security mechanisms can be set up and used for system protection:

  • Restricted network-based access to LUCY
  • Secure and restricted user access
  • Safe setup of LUCY in a DMZ or SSZ
  • Secure (and anonymous) storage of data
  • Secure communication channels
  • Transparent network communication
  • Secure Remote Support
  • Regular updates of the application and operating system
  • Custom Admin URL for Administrator GUIs
  • Ability to monitor all system activities
  • And the ability to monitor the system in real time

and LUCY’s cloud servers are located in ISO27001 certified data centers. More information about security can be found in our wiki:

LUCY has no problems with GDPR and data security – it is the safest cybersecurity awareness solution!

Secure employee awareness training with LUCY Server: employee training, phishing simulations, self-executable infrastructure asessements and efficient alerting with the phishing alarm button. Dozens of templates and many training videos are included! The software is compliant to GDPR data privacy laws.

Configuration and Usage of the LUCY Phishing Button for Outlook [Video]

Simply and reliably report phishing attempts during operation. And all at a great price!

The LUCY webcast “How to install, configure and use the LUCY Phishing Incident Plugin” for MS-Outlook briefly shows the following steps:

  1. Configuration of the’ Phishing Button’.
  2. Download and installation of the feature in Outlook (c)
  3. Usage: A phishing simulation mail is reported using the plugin
  4. Short insight into the LUCY Threat Console and the calculation of the LUCY Risk Score.

The Phish button works under MS-Windows / Microsoft-Outlook (32 and 64 BIT). The add-in also runs under MS-Outlook for Apple Mac and Office 365 (c) is also supported. Availability and Costs: The basic functionality of the alarm button is already available with the cheapest commercial version UNLIMITED. You can install the button as often as you want with STARTER Edition.

Availability and costs: The basic functionality of the alarm button is available with the basic commercial edition. You can install the button as often as you want with the’ Starter Edition’ (unlimited!).

1) Configuration of the’ Phishing Button’.

Log in to LUCY and go to the menu item “Incidents” and then click the button Settings –> Plugin Settings.

  • There you can maintain the “e-mail recipient” (where the e-mails are to be sent when the end user clicks on the button).
  • The “Thank You Message” contains the text that is returned after the user has clicked the button.
  • The “Thank You Message for LUCY Emails” is the message that comes up when the user submits an email using the Phish-Alarm button, in the case he’s submitting a LUCY Phishing Simulation Email Message.
  • With “Button Message” you enter the text that is shown on the button itself.
  • And Subject: It’s the subject line with which the messages are received by the administrator.

When selecting the transmission methods, the following options are available for selection (multiple answers possible)

  • Submission via HTTP (transmission via email)
  • Submission via SMTP (transmission via email)
  • “Use SMTP for receiving incident reports on Lucy “: Check this option if you want the Outlook Plugin to send a copy of the reported phishing mail to LUCY (into the Incident Console). The mails from phishing simulations are filtered out.
  • “Use smtp for receiving incident reports on LUCY” – If this option is enabled, LUCY Server assumes that the server needs to intercept the emails sent by the plug-in (add-in) via SMTP. The local LUCY Postfix server is configured accordingly. All received emails are added to the Incident Console. If you do not enable this, even if the email points to Lucy, nothing happens – the server does not wait for messages via SMTP.

2) Download and installation of the feature in Outlook

The plugin can be downloaded directly from the Incident console. To do this, a *. msi installation file is created when you click on it. If changes are made in the configuration of the button, the *. msi file has to be downloaded and installed again!

3) Use: A phishing simulation mail is reported using the plugin

When the user submits a LUCY phishing email, he is immediately informed in Outlook that the user has reported a phishing simulation email. This frees the administrator from the triage between’ simulated phishing mails’ and’ real external mails’.

4)  LUCY Threat Console &  the calculation of the LUCY Risk Score.

From the LUCY “Business Edition” onwards, the’ LUCY Email Risk Factor/Score’ is available. Here, risk scores for the mails submitted are calculated with the help of 4 different rule sets:

  1. Rules for header analysis
  2. Rules for Sender Domain Analysis
  3. Rules for the analysis of message content (body)
  4. Own, individual rules

This results in a score of 1-10. That’s it 🙂 We wish you a lot of fun with LUCY Server!


Longer and shorter videos for employee awareness education (and trackable)

Trackable educational IT security awareness videos with various durations from LUCY Security are included in all commercial editions of its Software.

Longer Videos for initial trainings and short videos for skilled workers! LUCY Security is aware that customers have individual needs. That’s why LUCY Best Practice Training Videos for employee education are rolled out in a long and in a short version. Today we present two recently added videos:

  • Secure Internet Usage Video (Long / Short)
  • Secure Social Media Usage Video (Long / Short)

Secure Social Media Usage Video: The content (animation, language, script) is customizable. The long video takes 5.4 Minutes and the short version is only one minute long.

In the second featured rich media training we talk about secure internet usage. Also here the content (animation, language, script) is customizable. The long version is 4.3 Minutes and the short one is one Minute long.

Video Statistics available

Who watched how long? These awareness training templates provide statisticial insights. They are reported in the dashboards as well in the campaign reporting.