security awareness training update

Bam! Enjoy 163 new Attack and Training Templates – Unlimited Security Awareness Content

At LUCY we are constantly delivering new security awareness content. And that for free! Now 163 new templates have been added in one go: 20 training videos, 9 other awareness trainings and as many as 134 new attack templates. LUCY rocks! right?

Overview

New attack templates for Phishing Simulations

We have delivered 134 new or updated templates. Why are we adding so many? Because it has been proven that many phishing tests that run simultaneously and are sent out at random have the best sustainable training effect for employees. We also have responded to the various customer requests and now offer new group of attack templates who contain typos from known brand names. This is state of the art Security Awareness Training Content!

20 new training videos

The need for more training modules and especially for rich media security awareness content is unbroken. Our new training videos range from security awareness videos to social media usage. Check them out below!

Arabic and Danish as new (standard) languages

All scenarios of the Security Awareness Training Content are now available in several language versions. The language bar usually looks like this:

arabic as standard phishing template

Today we can safely claim that most of the content is available in Arabic, Danish, Dutch, English, French, German, Italian, Portuguese, Spanish and Turkish! Very often Russian and Ukrainian are added.

Beautiful Free and Editable Security Awareness Posters !

Editable and Free Security Awareness Posters Almost 70 posters are now available for publication. Place it in your office so that your employees always have the relevance of IT security in mind. The security awareness posters are equipped with either an illustration or an attractive photo. And best of all: The posters can be edited with Adobe Illustrator (c) because we provide the source files 🙂

How do I get to the new content?

If you have installed LUCY, you get a message that new content is available and you can download it. Otherwise, you can check in the Settings menu in the Download Updates section whether other new templates can be downloaded.

Can I maintain and develop my own templates?

Of course. LUCY is a standard software that was created for this purpose. This ensures reusability and investment protection. You can create your own attack or awarness training templates.

Details: The 2nd LUCY Security Awareness Content update of this year

Here are 163 new or revised training and phishing attack templates. Have fun testing and training!

 

Educational and Security Awareness Training Content Modules

29 updated or new courses: Enjoy our updated or new Security Awareness Training Content: Video / Quiz / Interactive , Course or Static.

01.) Social Engineering Course – This course helps employees understand the threats of social engineering.

 

 

02.) Email Only – This was a phishing simulation & Tips  This is a template that does not have a web page integrated. The employee is informed about the phishing simulation and receives a few tips on how to better detect such attacks in the future.

 

03.) Email Only – This was a simulation & Tips (Text)  This is a template that does not have a web page integrated. The employee is informed about the phishing simulation and receives a few tips on how to better detect such attacks in the future and where to report them.

 

04.) WIFI Security Course – This wireless security course (5-10 minutes) provides employees with an understanding of the risks associated with wireless networks and how best to protect themselves from them.

 

05.) Security Awareness video:7 Tips (close caption) – In this short 3-minute security awareness video we have put together 7 security tips, which involve best practices and policies that promote security. The video has english subtitles. The content (animation, language, script) is customizable. More info about customization can be found here: https://goo.gl/HXN9SG.

06.) Secure social media usage video (close caption) –In this security awareness video we talk about secure social media usage. The video has English subtitles. The content (animation, language, script) is customizable.

 

07.) Secure Internet usage video (close caption) – In this video we show you how to protect yourself when using the internet. The video has english subtitles. The content (animation, language, script) is customizable.

 

08.) Email Security Video 1.3 (close caption) – In this 9-minute security awareness video, we talk about email security risks. The video has subtitles.The content (animation, language, script) is customizable.

 

09.) Lucy Phishing Video 1.1 (close caption) – This is a 3-minute educational video about phishing attacks. The video has english subtitles. Each video scene can be customized (e.g. custom branding) and translated into additional languages.

 

10.) Mobile Security Awareness Video (close caption) – This short security video gives a few tips regarding the secure usage of mobile devices (mainly smartphones & laptops). The video has english subtitles.

 

11.) Password Security Video (close caption) – In this 5-minute security awareness video we talk about password security risks. We have put together a few security tips about best practices and policies. The video has english subtitles. The content (animation, language, script) is customizable.

 

12.) Physical Security Awareness Video (close caption) – In this 4:20-minute long security awareness video we talk about physical security risks. In addition, we have put together a few security tips, which involve best practices and policies. The video has english subtitles. The content (animation, language, script) is customizable.

 

13.) Social Engineering Video – This video is dedicated to the topic “social enginering”. The content (animation, language, script) is customizable. More info about customization can be found here: https://goo.gl/HXN9SG.

 

14.) Social Engineering Video (close caption) – This video is dedicated to the topic “social enginering”. The content (animation, language, script) is customizable. The video has subtitles.

 

15.) Data Privacy & GDPR Video – This video is dedicated to the topic “data privacy & GDPR”. The content (animation, language, script) is customizable. More info about customization can be found here: https://goo.gl/HXN9SG.

 

16.) Data Privacy & GDPR Video (close caption) – This video is dedicated to the topic “data privacy & GDPR”. The content (animation, language, script) is customizable. The video has subtitles.

 

17.) Identity theft video – This video is dedicated to the topic “identity theft”. The content (animation, language, script) is customizable.

 

 

18.) Identity theft video (close caption)  This video is dedicated to the topic “identity theft”. The content (animation, language, script) is customizable. The video has subtitles.

 

 

19.) WI-FI security video – This video is dedicated to the topic “Secure Wi-Wi”. The content (animation, language, script) is customizable.

 

 

20.) WI-FI security video (close caption) – This video is dedicated to the topic “Secure Wi-Fi”.
The content (animation, language, script) is customizable. The video has subtitles.

 

21.) Workplace Security Awareness Video – This video is dedicated to the topic “workplace security”.
The content (animation, language, script) is customizable.

 

22.) Workplace Security Awareness Video (close caption) – This video is dedicated to the topic “workplace security”. The content (animation, language, script) is customizable. The video has subtitles.

 

23.) PCI Security Awareness Video – This video is dedicated to the topic “PCI Security Awareness”. The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards. The content (animation, language, script) is customizable.

 

24.) PCI Security Awareness Video (close caption) – This video is dedicated to the topic “PCI Security Awareness”. The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards. The content (animation, language, script) is customizable. This video has subtitles.

 

25.) Password Security Video -SHORT (close caption) – In this 1-minute security awareness video we talk about password security risks. We have put together a few security tips about best practices and policies. The video has english subtitles. The content (animation, language, script) is customizable.

 

26.) Email Security Video – SHORT (close caption)  In this 1-minute security awareness video, we talk about email security risks. The video has subtitles.The content (animation, language, script) is customizable.

 

27.) Physical Security Video – SHORT (close caption) – In this 1-minute long security awareness video we talk about physical security risks. In addition, we have put together a few security tips, which involve best practices and policies. The video has english subtitles.

 

28.) Comprehensive security course – Topics in this course include “SHOULDER SURFING”, “PORTABLE MEDIA ATTACKS”, “VISHING (COLD CALLING)”, “CLEAR DESK POLICY”, “PHYSICAL SECURITY”, “VISITORS AND IN-PERSON INTERACTION”, “SOCIAL ENGINEERING”, “PASSWORD SECURITY”, “SECURE BROWSING”, “SECURE SOCIAL NETWORKING”, “USING PUBLIC WI-FI’S”, “MOBILE SECURITY”. Please note the different configuration options in readme.html.

 

29.) Awareness Training Library – THIS IS A WHOLE VIDEO LIBRARY – This template offers the possibility to link all existing LUCY training modules in a directory. The end user can then put together his desired training modules himself on an overview page. This is our biggest collection of Security Awareness Training Content so far!

 

 or download our free Community Edition here.

 

134 new and updated Attack Scenarios / Phishing Templates

1.) Free Bitcoins – The user is offered free bitcoins.

 

 

 

2.) Message – The scenario represents a typical communication attempt by a messaging service.

 

3.) Open position (resume enclosed) – Blind applications are a common tool used by attackers to get HR staff to download dangerous content from the Internet.

 

 

4.) Reset your google password – The user is informed that during a random check in the Darknet, you have found his login data and an attacker can misuse it to gain access to his google account.

 

 

5.) Visit to your city – This is a real example of a Russian dating scam that took place a few years ago.

 

 

6.) DHL Shipping confirmation (image only) – This is an example of a real attack that was carried out in the past on behalf of DHL. To get past possible SPAM filters, there is no text in the email, only an image which is linked.

 

7.) Message is only partially downloaded (image only) – This email specifies that the content cannot be displayed. The user is asked to click on a link to download the message. To get past a possible spam filter, only an image is used instead of text.

 

8.) LinkedIn Invitation – Because LinkedIn has become one of the most popular professional online networks, it has become a victim of occasional online scams. Scammers send LinkedIn users emails that appear to be from LinkedIn but are not. This is a typical real life example of such a scam. The logo and name are not modified in this template.

 

9.) Zoom Meeting Invitation – The employee is invited by a colleague from the HR department to a spontaneous zoom meeting to clarify suspicious surfing activities on his PC. The template uses the same formatting and wording as the original.

 

10.) Airbnb illegal activity reported – In this email, the user will be informed that an illegal activity has been detected on Airbnb’s behalf and will be reported to the authorities if necessary. These types of messages play on the user’s curiosity and fear.

 

11.) Instagram Password Reset – This scenario is a typical example of a fraud attempt, in which the user is led to believe that his password has been changed by a third party.

 

 

12.) Facebook notification missed from friends – This is a typical example of an attack in which the user is notified about missed activities of his friends. The logo and name were not adapted in this scenario to make detection more difficult.

 

13.) Facebook: See who liked your page – Most users of social media are by nature curious. They are interested in learning what is going on with their friends, their communities and the world at large. Unfortunately, scammers understand this curiosity and exploit it in an attempt to lure users into clicking on fake messages like this one.

 

14.) Cisco’s Webex – Meeting in progress! This attack scenario gives the user the impression that a WebEx Online Meeting is taking place on their behalf. This scenario adopts the typical features of such an invitation without deliberate errors in the logo or name.

 

15.) Xing Contact Request – Unlike an email address, the business plattform Xing reveals considerable information to scammers because your profile is the digital version of you. This is often used by scammers in the context of contact inquiries, which aim at the curiosity of the user.

 

16.) PayPal suspicious activity on the account – PayPal customers are constantly being targeted in phishing attack. In one of the most pouplar, criminals are distributing fraudulent emails claiming that PayPal has noticed suspicious activity on your account. The emails claim that PayPal has detected a successful sign in from an unrecognised device and you must therefore secure your account before it can be used again.

17.) LinkedIn: Account blocked due to inactivity –This scam first occurred in 2012, when Russian hackers collected and leaked millions of LinkedIn users’ passwords. These scammers send you a fake email, pretending to be the LinkedIn administrative team. The email pretends your LinkedIn account has been blocked due to inactivity. This is security awareness training based on real world examples!

18.) iTunes account confirmation – This attack variant against apple user was first observed in 2016. There have been reports of emails that appear to be from the Apple Store, asking the user to confirm his email to avoid the account from being blocked.

 

19.) LinkedIn – Policy Violation  The user is informed that his profile has been reported by another user due to violations of the general conditions. This example corresponds to a real phishing attack as observed a few years ago.

 

20.) Amazon – your account has been updated  In the past, Amazon users have been persuaded to click on a link using this type of phishing attack. In this scenario it is pretended that another user has changed the email address of the legitimate account owner.

 

21.) Dropbox – Account will be suspended  If there’s no activity on a users Dropbox account for an extended period of time, Dropbox will notify the account owner in an email. In the past, this pattern has often been used by attackers to gain access to user logins.

 

22.) Happy Easter Greeting Card as a phishing attack
A simple but effective security awareness training: Happy Easter Greeting Card as phishing simulation.

 

23.) SAP – The user is invited via mail to access the SAP account just created. This is a great software specific Security Awareness Training Content Template.

 

 

24.) Sharepoint Invitation
Websites in Sharepoint may be shared with external or internal users using this type of invitation.

 

25.) Sharepoint Login –Websites in Sharepoint may be shared with external or internal users using this type of invitation. The recipient will be able to login to a Sharepoint Website which is undergoing some technical maintenance.

 

26.) Netflix Account on hold – This is a replica of a real Netflix phishing attack from 2018, which uses character spacing to trick spam filters. This is a typical example of a mediocre attack email that contains some visual errors.

 

27.) Twitter
Your company is mentioned in WikiLeaks! A twitter message pretending that your company is mentioned in an article at wikileaks.

 

28.) SAP Login
 The user is invited via mail to access the SAP account just created. The fake SAP portal allows the user to login with his windows username and password.

 

29.) Amazon Prime Bonus Scam – In 2017, criminals were sending mass emails that appear to have come from Amazon and thank recipients for making purchases on Amazon’s “Prime Day”. The emails then invite recipients to go to the Amazon website to “write a review” and receive a special $50 “bonus” credit for doing so.

30.) Happy Valentine’s Greeting Card, attack template for phishing simulations 
A simple Happy Valentine’s Greeting Card as phish test template.

 

 

31.) Happy Mother’s Day Greeting Card – Nothing to add here, dear Mum 😉

 

 

32.) Happy Halloween Greeting Card – Happy Halloween Greeting Card.

 

 

33.) Happy Christmas Greeting Card – And last but not least a Happy Christmas Greeting Card as phishing simulation template.

 

 

34.) Microsoft Office 365 Online Login
The message asks the user to login to his/her “Microsoft Office 365” account. The login will generate an error.

 

35.) Citrix Login
In this template the user has the ability to log in and access his/her company’s work environment via Citrix

 

36.) Private Message – enter code to open it   In this template, which corresponds to a real message service with email encryption, the user is asked to enter his email address and a code (this is included in the message) on a web page.

 

37.) Join Skype – Business Meeting Invitation to a Skype Business Meeting.

 

 

38.) Join Skype Business Meeting (Web Login)
Invitation to a Skype Business Meeting. Login with Windows Credentials.

 

 

39.) Cisco’s Webex – meeting in progress (web login) – This attack scenario gives the user the impression that a WebEx Online Meeting is taking place on their behalf. The user can participate the meeting using his email adress and birth date as an authentication
mechanism.

 

40. – 106.) – Editable Security Awareness Posters – Informative and decorative educational posters increase security awareness. Editable and Free Security Awareness PostersThere are now 67(!) such posters available. They can all be edited and customized using Adobe Illustrator.
Usually two different types are available: As an illustration or photo poster.

 

107.) Windows Update
A new Windows Update is available and tries to trick the user for downloading it.

 

 

108.) Corporate WhatsApp Group
The user will be asked to register on a WhatsApp page of the company to join the new group.

 

 

109.) Outlook to Office365 Migration – As part of a transition from Outlook 2010 to the cloud-based Office365 environment, this scenario asks all employees to register on a new environment located at “login.microsoftonline.com”.

 

110.) Employee of the Month
A new offer enables employees to vote for a candidate who deserves recognition for his or her outstanding achievements.

 

111.) Google Leaks – The company informs the employees that their corporate network credentials have been breached and they should make a Google Search to find out whether their credentials are stolen or not.

 

112.) LinkedIn Company Profiles
The recipient is informed that the HR department has migrated all employee profiles to a newly created company page on LinkedIn in the last few months.

 

113.) BYOD, Open VPN Access
In this scenario, employees can use a new web based SSL VPN login portal to get access with their personal devices to all internal business applications.

 

114.) SSL VPN Compability Check (Netscaler)
In this scenario, the user is prompted to connect his remote workstation to the company network. A compatibility check of the computer with an executable file is also performed. The design is based on a Citrix Netscaler access.

 

115.) UPS Exception Notification – This is a copy of a real UPS attack example gathered from LUCY’s phishing monitoring service.

 

 

116.) Twitter “Corporate” – The user receives a notification that his company has set up a Twitter channel exclusively for all employees. He can keep up to date and receive the latest news about new entries, contests, company events, etc. in real time.

 

117.) NetScaler Unified Gateway SSL VPN
By using a new web-based SSL VPN login portal, employees have access to all internal business applications that allow them to work from a remote location.

 

118.) Facebook Company Page
The employee gets invited to join his company’s facebook page.

 

 

119.) PayPal Open Invoice

The recipient receives an invoice from a seller for a three-digit amount. To view the invoice, the user must login with PayPal. This attack is based on similar attacks observed by our research team in the past.

120.) Email in quarantine – This is an original copy of a phishing attack observed in 2018 by our research team, in which the user is tricked into picking up his quarantined email.

 

 

 

121.) Email in quarantine with Login Page – This is an original copy of a phishing attack observed in 2018 by our research team, in which the user is tricked into picking up his quarantined email.

 

122.) Employee Survey HR Portal – The employee is asked to log on to an HR portal to take part in an internal survey. One of the oldest and most efficient Security Awareness Training Content Templates has been revamped here.

 

 

123.) Netflix – Payment was rejected – This real phishing attack was registered by our reserach team in May 2018. In this attack, the user is informed that his payment method was rejected. This is an example of a better formulated attack with correct grammar and visual elements.

 

124.) F5 VPN Access – In this web-based scenario a VPN access of the company F5 is simulated. The user is asked to enter his user name, password and also his token code.

 

 

125.) Password Check for MS Windows – This extended password check shows the user how secure his password is during input. It is intended to test Windows(c) passwords. As soon as the user enters a password with more than 6 characters, it is transmitted to LUCY.

 

126.) Job Offer
The employee is contacted personally and made aware of a position that would fit his or her profile. This is still an efficient Security Awareness Training Content!

 

127.) Illegal license detected on your PC
 The user is informed that there is an illegal copy of software on his PC and that he must log in to check it.

 

128.) Bitcoin – Trade with a 500 USD starting balance  The user receives a starting credit of USD 500, which he can invest in Bitcoin in a predetermined period of time free of charge on a trading platform.

 

129.) Bad Employer Rating – A negative assessment of the employer has been published. This is a simple but efficient Security Awareness Training Content Template.

 

 

130.) Affordable car leasing for employees – Employees can lease a company car for a fraction of the original cost.

 

 

131.) Leak Alert: Verify your phone number – In this database of stolen records, the user can check if his phone number is being misused in any way.

 

 

132.) DocHub – Please Review Invoice  “Carl Mc Gregor” sends the recipients an invoice to review and complete.

 

 

133.) Melani – Swiss Reporting and Analysis Centre  Reporting and Analysis Centre for Information Assurance (MELANI) has been commissioned by the Federal Council to protect critical infrastructure in Switzerland. In this template the user receives an email about a possible data leak.

 

134.) Your expenses have been denied (SAP) – The user is informed that his submitted expenses have not been accepted.

 

 

So that’s it  🙂  Keep on enjoying LUCY Server and our Security Awareness Training Content

 or download our free Community Edition here.