LUCY Content Update 2018 with more than 165 new scenarios

165+ new and revised Phishing Test and Attack Training Templates – Large Awareness Content Update I/2018

Others require you to pay for new or individual attack and training templates. At LUCY, new Phishing tests, training courses or even videos are always included in the basic price! We show the highlights of the more than 165 new templates of the current content update I/2018. What is included in the Big Content Update?

New attack scenarios for Phishing Tests

We have delivered over 30 completely new new scenarios. It has been proven that many phishing tests that run simultaneously and are sent out at random have the greatest sensitizing benefit for employees. This is one of the reasons why the need for simpler’ hyperlink-based’ attack scenarios remains high. That’s why we added about a dozen new hyperlink scenarios. We also have responded to the various customer requests and now offer a’ hyperlink’ variant of some existing ‘web-based’ scenarios (these are the scenarios with landing page). In terms of content, customers report to us that phishing tests around the topics

  • Security alerts
  • Microsoft / Outlook 365 ©
  • notifications for any registrations on web platforms and
  • Smartphone / iPhone © Contests

Still achieve high victim rates (successful phishing simulations). This is why we have delivered further Best Practice templates in these areas.

New training templates

The need for more training modules is unbroken. Our new training modules range from interactive GDPR courses, new or revised videos to simple PDF onepagers.

Significantly more languages

All scenarios are now available in several language versions. The language bar usually looks like this:

Available Standard Languages Phishing Test and Awareness Modules

Languages supported out of the box

Today we can safely claim that most of the content is available in Dutch, English, French, German, Italian, Portuguese, Spanish and Turkish! Very often Russian and Ukrainian are added.

How do I get to the new content?

If you have installed LUCY, the newly available content is automatically reported to you. Otherwise, you can check in the Settings menu in the Download Updates section whether other new templates can be downloaded.

Can I maintain and develop my own templates?

Major customers such as Robert Bosch make intensive use of this functionality. International consulting firms maintain their own phishing templates, which are adapted and maintained on an ongoing basis for each country. LUCY is a standard software that was created for this purpose. This ensures reusability and investment protection.

Examples of the LUCY Awareness Content Update I/2018

Below we show you excerpts from the more than 165 new or revised training and phishing test contents. Have fun testing and training!

or download our free Community Edition here.

Educational and Training Modules

GDPR Course or TrainingGeneral Data Protection Regulation (GDPR) – This interactive e-learning course for employees introduces the GDPR and the key compliance obligations for organizations. It also aims to provide a complete foundation on the principles, roles, responsibilities and processes under the regulation.

 

LUCY Phishing VideoLucy Phishing Video (with Tracking Option) – This is our most successful 3-minute educational video about phishing attacks, shown in English, Spanish, German, Italian and French. Each video scene can be customized (e.g. custom branding) and translated into additional languages. See: http://phishing-server.com/PS/doc/dokuwiki/doku.php?id=create_a_custom_e-learning_video . This video allows you to track if the user watched the content.

Ohne Pager Training Phishing Awareness One Pager Phishing Awareness (responsive | 1.2) – This is a static one page long phishing awareness html template. It works with a min resolution of 360 pixels.

 

 

PDF Infoflyer for educational it-awareness purposesPDF Infoflyer – A one-page phishing awareness flyer (PDF) is embedded in this static web page. The editable word template is located within this scenarios template folder. After you make desired changes to the word file, please save it as a PDF with the name “info.pdf” and upload back to your LUCY instance using the file manager within this template. All content is 100 % customizable.

 

Phishing Security Exam V1.3 Phishing Security Exam (Version 1.2) – In this short interactive exam the user is asked a few multiple choice questions in order to test their knowledge regarding phishing. Duration: 10Minutes

 

 

Phisical Security CoursePhysical Security Course 1.2 – In this short security course, the user is presented a few facts about common threats and countermeasures regarding physical security (unattended devices, shoulder surfing, portable media devices, disposal of sensitive information, visitors, etc).

 

Secure Internet Usage Video Secure internet usage video – In this security awareness video we talk about secure internet usage. The content (animation, language, script) is customizable. More info about customization can be found here: https://goo.gl/HXN9SG .

 

Workplace Security CourseWorkplace Security Course – This course takes approximately 30 Minutes to complete. Upon completion of Workplace Security Awareness, employees and managers will be able to: Identify potential risks to workplace violence, describe measures for improving workplace security & determine the actions to take in response to a security situation.It is a long course requiring a superior skill leve.

 

New and updated Attack Scenarios / Phishing Templates

 

Bizarre News Phishing TestBizarre News – Some bizarre news article asking the user to click the link for more details

 

 

Confirmatin Social Media Profile as Phishing TestConfirmation Social Media Profile (hyperlink only) – A social media provider informs the recipient that a profile under his/her name has been created.

 

 

Contest as a phishing test

Contest (Link Only) -In this hyperlink scenario, people can participate in a contest to win a trip to Paris. This is one of the simplest templates but it is still effective. That’s why we reworked it and added some more languages.

 

 

 

Win an Iphone as a Phishing TestContest II – Win an IPHONE 8 v1.1 – As a part of a special promotion, the recipient can win an IPHONE 8 by registering with his/her company account.

 

 

Cutest Animals as Phishing TestCutest Animals – These animals were voted top 10 cutest in the world. The user is asked to click on the link to see full list

 

 

Dating Site Confirmation as Phishing TestDating Site Confirmation (Ladies) – An email that confirms subscription for a dating site and presents a few matching profiles. This template is intended for the male audience.

 

 

Tinder Confirmation as Phishing TestDating Site Confirmation (Gentlemen) – An email message that confirms subscription for a dating site and presents a few matching profiles. This template is intended for the female audience.

 

 

Dropbox as Phishing TestDropbox (Hyperlink Only) – In this hyperlink scenario the user is informed that a document on “DropoBox” is ready for download.

 

 

Email in Quarantine as Phishing TestYour action is required: email in quarantine 1.1 – This template is made to look like an innocuous spam quarantine message – something most people are used to seeing, but don’t pay a lot of attention to and wouldn’t necessarily question. It’s also preying on the user’s sense of curiosity, by saying you have quarantined messages, but not showing what they are. Once the user is logged in, he/she can download a PDF error report. The download can be tracked by the LUCY admin.

 

Email Access Restrictions as Phishing TestEmail Internet Access Restrictions -Using a new email security filter, the user is informed that his internet access will be fully or partially restricted.

 

 

Encrypted Email as Phishing TestEncrypted Mail (Download Only) – Encrypted e-mail access. The user is asked to download an encrypted e-mail message in an MS-Office © document.

 

 

Final notice as Phising TestFinal notice: unpaid services – You get afinal notice. A payment has not been received, and thus the account remains past due.

 

 

Funny IQ test as mock phish scenarioFunny IQ Test (Hyperlink only) – A hyperlink based scenario with a common IQ test question.

 

 

 

Funny IQ Test as Phishing SimulationFunny IQ Test Webpage – A web based scenario with a few common IQ test question.

 

 

Funny Pics as Phishing TestFunny Pics – Click on a link to explore funny pics on the web. It is a simple scenario but it is still working.

 

 

iCloud login as Phishing TestiCloud (Hyperlink Only) – This template simulates the iCloud tracking feature of lost/stolen devices.

 

 

 

Increase your mail storage as phishing testIncrease your internal mail storage – The user is asked to click a link to increase the mail storage quota in order to have access to the mailbox.

 

 

IRS Tax Refund as Phishing TestIRS Tax Refund – This is a real world tax refund scam example 😉

 

 

Lunch discount with macro as Phishing TestLunch Discount (Mixed with Macro) – Lunch discount voucher with a Macro available, after the user logs into the the authenticated area. This is a file based scenario including one of our own and safe droppers.

 

 

microsoft office 365 login as phishing testMicrosoft 365 © Online Login All new Version 1.2 – The message asks the user to login to his/her “Mircosoft Office 365” account. The login will generate an error, and the user will be able to download the software.

 

 

Microsoft Receipt as Phishing TestMicrosoft Receipt (eMail attachment only) – This is a file-based only scenario without a landing page. It contains a Word file with macros. When the macro gets executed, the script will simply connect back to LUCY using the built-in browser. No data is transmitted. You will have the ability to track who executed the macro.

 

Microsoft Virus as a phishing testMicrosoft Warning (Hyperlink Only) – The user receives a window style warning “Internet Browser is infected with a worm SVCHOST.Stealth.Keylogger.” and is asked to click on a link to resolve this.

 

 

Reedeem points from airline as phishing testRedeem points for Airline ticket – Some phishing scams do not ask for logins. Instead, they try to get some general information about the user by offering interesting giveaways. In this scenario, we ask the user to provide  information about past flights. Many people participate in these bogus giveaways thinking some of them might be genuine.  However, providing information about past flights is valuable for any attacker as it helps prepare more sophisticated attacks.

secure message waiting as mock phish templateSecure Message Waiting – In this hyperlink scenario the user will get a notification about a secure e-mail waiting in his inbox. This message template has different languages within the actual message body. The recipient can select the language at the top

 

termination of your email account as simulated phising attackTermination of your email account (Hyperlink Only) – Email messages which claim the recipient’s email account is in the process of being deactivated and hence he/she must click the link within the same email message to cancel the deactivation process.

 

termination of your email account as phishing testTermination of your email account – It is the same scenario as above. But after the ‘login’, the recipient will also be able to download a PDF error report. The download of this report can be tracked by the LUCY admin.

 

 

web surfing statistics as phishing simulation scenarioNew Web Surfing Statistics (Login & Macro) – Employees get asked to enter their MS-Windows credentials to access personalized web surfing statistics from a site, where they can download a detailed report that contains a Macro. This is still one of our most successful scenarios that’s why we reworked it.

 

simulation template: Workplace security notificationWorkplace Security Notification – “Workdaysystem”: a security notification from the workplace information system requires immediate attention. The notification details can be downloaded within the authenticated area as a traceable PDF

 

workplace security notification with word macro as phishing simulation (template)Workplace Security Notification (Download Only) – “Workdaysystem”: a security notification from the workplace information system requires immediate attention. The notification details can be downloaded as a traceable Microsoft Office © file with a Macro, that pings back to LUCY upon opening.

 

you have been tagged as phishing testYou have been tagged – Your picture has been tagged on “SocialHub”. Provide your e-mail and birth date to confirm that this is you!

 

 

your account was leaked as phishing testYour account was leaked! (hyperlink only) – The FBI Cybercrime Division informs the recipient that his/her email account was flagged in their database as potentially being used for fraudulent activity.

 

 

your account was leaked as phishing simulation including word macroYour account was leaked! (with Word Macro) – The FBI Cybercrime Division informs the recipient that his/her email account was flagged in their database as potentially being used for fraudulent activity. After filling the fields on the Landing Page, a MS-Word Document with a Macro will be available for downloading the database report. This is a new file based attack template.

 

premium membership account details as a phishing testYour membership account has been created – The user gets a notification that a membership account has been created and he has 24 hours to deactivate the account before his credit card gets charged

 

 

Train ticket purchase as phishing testYour train ticket is ready for download – The user gets a copy of his train tickets, which can be edited/viewed using a link

 

 

So that’s it so far. Keep on enjoying LUCY Server!

 

 or download our free Community Edition here.

 

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.