Others require you to pay for new or individual attack and training templates. At LUCY, new Phishing tests, training courses or even videos are always included in the basic price! We show the highlights of the more than 165 new templates of the current content update I/2018. What is included in the Big Content Update?
New attack scenarios for Phishing Tests
We have delivered over 30 completely new new scenarios. It has been proven that many phishing tests that run simultaneously and are sent out at random have the greatest sensitizing benefit for employees. This is one of the reasons why the need for simpler’ hyperlink-based’ attack scenarios remains high. That’s why we added about a dozen new hyperlink scenarios. We also have responded to the various customer requests and now offer a’ hyperlink’ variant of some existing ‘web-based’ scenarios (these are the scenarios with landing page). In terms of content, customers report to us that phishing tests around the topics
- Security alerts
- Microsoft / Outlook 365 ©
- notifications for any registrations on web platforms and
- Smartphone / iPhone © Contests
Still achieve high victim rates (successful phishing simulations). This is why we have delivered further Best Practice templates in these areas.
New training templates
The need for more training modules is unbroken. Our new training modules range from interactive GDPR courses, new or revised videos to simple PDF onepagers.
Significantly more languages
All scenarios are now available in several language versions. The language bar usually looks like this:
Today we can safely claim that most of the content is available in Dutch, English, French, German, Italian, Portuguese, Spanish and Turkish! Very often Russian and Ukrainian are added.
How do I get to the new content?
If you have installed LUCY, the newly available content is automatically reported to you. Otherwise, you can check in the Settings menu in the Download Updates section whether other new templates can be downloaded.
Can I maintain and develop my own templates?
Major customers such as Robert Bosch make intensive use of this functionality. International consulting firms maintain their own phishing templates, which are adapted and maintained on an ongoing basis for each country. LUCY is a standard software that was created for this purpose. This ensures reusability and investment protection.
Examples of the LUCY Awareness Content Update I/2018
Below we show you excerpts from the more than 165 new or revised training and phishing test contents. Have fun testing and training!
Educational and Training Modules
General Data Protection Regulation (GDPR) – This interactive e-learning course for employees introduces the GDPR and the key compliance obligations for organizations. It also aims to provide a complete foundation on the principles, roles, responsibilities and processes under the regulation.
Lucy Phishing Video (with Tracking Option) – This is our most successful 3-minute educational video about phishing attacks, shown in English, Spanish, German, Italian and French. Each video scene can be customized (e.g. custom branding) and translated into additional languages. See: http://phishing-server.com/PS/doc/dokuwiki/doku.php?id=create_a_custom_e-learning_video . This video allows you to track if the user watched the content.
One Pager Phishing Awareness (responsive | 1.2) – This is a static one page long phishing awareness html template. It works with a min resolution of 360 pixels.
PDF Infoflyer – A one-page phishing awareness flyer (PDF) is embedded in this static web page. The editable word template is located within this scenarios template folder. After you make desired changes to the word file, please save it as a PDF with the name “info.pdf” and upload back to your LUCY instance using the file manager within this template. All content is 100 % customizable.
Phishing Security Exam (Version 1.2) – In this short interactive exam the user is asked a few multiple choice questions in order to test their knowledge regarding phishing. Duration: 10Minutes
Physical Security Course 1.2 – In this short security course, the user is presented a few facts about common threats and countermeasures regarding physical security (unattended devices, shoulder surfing, portable media devices, disposal of sensitive information, visitors, etc).
Secure internet usage video – In this security awareness video we talk about secure internet usage. The content (animation, language, script) is customizable. More info about customization can be found here: https://goo.gl/HXN9SG .
Workplace Security Course – This course takes approximately 30 Minutes to complete. Upon completion of Workplace Security Awareness, employees and managers will be able to: Identify potential risks to workplace violence, describe measures for improving workplace security & determine the actions to take in response to a security situation.It is a long course requiring a superior skill leve.
New and updated Attack Scenarios / Phishing Templates
Bizarre News – Some bizarre news article asking the user to click the link for more details
Confirmation Social Media Profile (hyperlink only) – A social media provider informs the recipient that a profile under his/her name has been created.
Contest (Link Only) -In this hyperlink scenario, people can participate in a contest to win a trip to Paris. This is one of the simplest templates but it is still effective. That’s why we reworked it and added some more languages.
Contest II – Win an IPHONE 8 v1.1 – As a part of a special promotion, the recipient can win an IPHONE 8 by registering with his/her company account.
Cutest Animals – These animals were voted top 10 cutest in the world. The user is asked to click on the link to see full list
Dating Site Confirmation (Ladies) – An email that confirms subscription for a dating site and presents a few matching profiles. This template is intended for the male audience.
Dating Site Confirmation (Gentlemen) – An email message that confirms subscription for a dating site and presents a few matching profiles. This template is intended for the female audience.
Dropbox (Hyperlink Only) – In this hyperlink scenario the user is informed that a document on “DropoBox” is ready for download.
Your action is required: email in quarantine 1.1 – This template is made to look like an innocuous spam quarantine message – something most people are used to seeing, but don’t pay a lot of attention to and wouldn’t necessarily question. It’s also preying on the user’s sense of curiosity, by saying you have quarantined messages, but not showing what they are. Once the user is logged in, he/she can download a PDF error report. The download can be tracked by the LUCY admin.
Email Internet Access Restrictions -Using a new email security filter, the user is informed that his internet access will be fully or partially restricted.
Encrypted Mail (Download Only) – Encrypted e-mail access. The user is asked to download an encrypted e-mail message in an MS-Office © document.
Final notice: unpaid services – You get afinal notice. A payment has not been received, and thus the account remains past due.
Funny IQ Test (Hyperlink only) – A hyperlink based scenario with a common IQ test question.
Funny IQ Test Webpage – A web based scenario with a few common IQ test question.
Funny Pics – Click on a link to explore funny pics on the web. It is a simple scenario but it is still working.
iCloud (Hyperlink Only) – This template simulates the iCloud tracking feature of lost/stolen devices.
Increase your internal mail storage – The user is asked to click a link to increase the mail storage quota in order to have access to the mailbox.
IRS Tax Refund – This is a real world tax refund scam example 😉
Lunch Discount (Mixed with Macro) – Lunch discount voucher with a Macro available, after the user logs into the the authenticated area. This is a file based scenario including one of our own and safe droppers.
Microsoft 365 © Online Login All new Version 1.2 – The message asks the user to login to his/her “Mircosoft Office 365” account. The login will generate an error, and the user will be able to download the software.
Microsoft Receipt (eMail attachment only) – This is a file-based only scenario without a landing page. It contains a Word file with macros. When the macro gets executed, the script will simply connect back to LUCY using the built-in browser. No data is transmitted. You will have the ability to track who executed the macro.
Microsoft Warning (Hyperlink Only) – The user receives a window style warning “Internet Browser is infected with a worm SVCHOST.Stealth.Keylogger.” and is asked to click on a link to resolve this.
Redeem points for Airline ticket – Some phishing scams do not ask for logins. Instead, they try to get some general information about the user by offering interesting giveaways. In this scenario, we ask the user to provide information about past flights. Many people participate in these bogus giveaways thinking some of them might be genuine. However, providing information about past flights is valuable for any attacker as it helps prepare more sophisticated attacks.
Secure Message Waiting – In this hyperlink scenario the user will get a notification about a secure e-mail waiting in his inbox. This message template has different languages within the actual message body. The recipient can select the language at the top
Termination of your email account (Hyperlink Only) – Email messages which claim the recipient’s email account is in the process of being deactivated and hence he/she must click the link within the same email message to cancel the deactivation process.
Termination of your email account – It is the same scenario as above. But after the ‘login’, the recipient will also be able to download a PDF error report. The download of this report can be tracked by the LUCY admin.
New Web Surfing Statistics (Login & Macro) – Employees get asked to enter their MS-Windows credentials to access personalized web surfing statistics from a site, where they can download a detailed report that contains a Macro. This is still one of our most successful scenarios that’s why we reworked it.
Workplace Security Notification – “Workdaysystem”: a security notification from the workplace information system requires immediate attention. The notification details can be downloaded within the authenticated area as a traceable PDF
Workplace Security Notification (Download Only) – “Workdaysystem”: a security notification from the workplace information system requires immediate attention. The notification details can be downloaded as a traceable Microsoft Office © file with a Macro, that pings back to LUCY upon opening.
You have been tagged – Your picture has been tagged on “SocialHub”. Provide your e-mail and birth date to confirm that this is you!
Your account was leaked! (hyperlink only) – The FBI Cybercrime Division informs the recipient that his/her email account was flagged in their database as potentially being used for fraudulent activity.
Your account was leaked! (with Word Macro) – The FBI Cybercrime Division informs the recipient that his/her email account was flagged in their database as potentially being used for fraudulent activity. After filling the fields on the Landing Page, a MS-Word Document with a Macro will be available for downloading the database report. This is a new file based attack template.
Your membership account has been created – The user gets a notification that a membership account has been created and he has 24 hours to deactivate the account before his credit card gets charged
Your train ticket is ready for download – The user gets a copy of his train tickets, which can be edited/viewed using a link
So that’s it so far. Keep on enjoying LUCY Server!