Webinar Invitation Phishing Campaigns Made Easy on Sep-26 2018 with Lucy

Webinar: Phishing Campaigns Made Easy on Sep-26

“LUCY: Phishing Campaigns Made Easy”

  •  Sep 26, 2018 11:00 AM CST – Webinar registration here
  • Hosted by Hacking for Dummies author Kevin Beaver
  • Execute a campaign in LUCY in 5 minutes
  • Q&A: LUCY founder Oliver Münchow answers your questions
  • Sneak preview of new Dark Web Defense tool
  • VPS Server migration offer for upgrade to LUCY V4.3

Introduced and moderated by security expert and author Kevin Beaver with a live demonstration by LUCY co-founder Oliver Münchow. Webinar participants will be entered in a draw for the latest edition of Kevin’s bestselling book “Hacking for Dummies”.

Join security guru Kevin Beaver, author of Hacking for Dummies, as he hosts LUCY Security co-founder and CEO Oliver Münchow in a fast paced web discussion of simulated phishing attacks. Oliver will showcase LUCY 4.3’s new Campaign Wizard to show you just how easily you can fire up a professional campaign in a few minutes. Attendees will be entered into a prize draw for the latest, 6th Edition of Kevin’s top-selling tome Hacking for Dummies.

  • When: Sep 26, 2018 11:00 AM to 11:40 AM Central Time (US and Canada) – Add to Calendar
  • Where:  Register for Zoom-Webinar here

 

 

We are looking forward to many registrations, see you soon! Your LUCY Team.

 

 

Superior employee awareness available thanks to the partnership between LUCY Security AG and HvS-Consulting AG

Zug, September 19, 2018 – Trough a partnership with HvS-Consulting, the leading German provider of awareness-raising videos, LUCY Server’s customers get the opportunity to use additional first-class training content. Through this supplementary content, it is easy to achieve an even better employee awareness in terms of cyber security.

The benefits at a glance:

  • First-class IS-FOX training videos now available on the LUCY Server
  • Integration of third-party content using the open LUCY software
  • Integrated third-party content for free or for a fee

“HvS-Consulting AG is a partner known far beyond the German borders for their multilingual IS-FOX training videos. This new business relationship will provide our LUCY customers all over the globe with an additional selection of excellent Awareness Training Content available in our standard product. We are very happy to have established this partnership,” says LUCY co-founder Oliver Münchow.

“Cyber security is our mission, and the huge demand in the market shows how important sensitization is. In LUCY Security, we have found a partner that positively complements our portfolio with its Phishing Platform and Awareness Software” says Frank v. Stetten, Managing Director of HvS-Consulting AG.

About HvS-Consulting AG – Competence in Cyber Security: The HvS-Consulting AG advises corporations and SMEs around the topic of cyber security since 2002. Their core competencies include ISO 27001 Information Security Management, industrial espionage prevention, Advanced Persistent Threat Detection, penetration testing, as well as employee awareness for information security and data protection. Under the brand IS-FOX they offer web-based training, video clips for employee awareness, and security software, among other things. HvS-Consulting is a member of the Alliance for Cyber Security and is in constant exchange with national security authorities on cyber security topics.

About LUCY Security: The LUCY Cybercrime Prevention Server is utilized for the simulation of social engineering attacks and can be used universally – from SMEs to large customers. The product can be installed directly on the customer’s premises, though a cloud version is also available. The Swiss solution provides hundreds of pre-configured phishing templates, training modules, and third-party training content, which can be used by the end customer independently. With the “Phishing Incident Plug-in” for Microsoft Outlook the user can raise the alarm in case they suspect an attack. LUCY’s “Threat Analyzer” will automatically evaluate and risk-score suspected phishing attack emails, saving valuable time for the security team. The product is currently installed on more than 6000 servers, in over 60 countries. Certified Eco-System partners in 12 countries complement the LUCY software with their value-added services.

The product is offered in the Freemium model: The free Community Edition is suitable for SMEs with up to 50 employees. The commercial Starter Edition costs USD 680 and – unusual for the industry – unlimited licenses are available from USD 3400. The price of the newly integrated Awareness Videos from IS-FOX would depend on the size of the targeted audience.

 

For more information please contact Palo Stacho ¦ palo  (a t) lucysecurity-do t-com ¦ +41 79 301 78 10

LUCY Security AG, Chamerstrasse 44, CH-6300 Zug, Switzerland, +41 44 557 19 37
LUCY Security Inc, 106 E. Sixth Street, Austin TX 78701, USA, 512-917-9180

 

 

LUCY is looking for investors. Want to become a shareholder?

Do you want to become a LUCY shareholder?

Unique investment opportunity in LUCY Security AG, the cyber crime prevention company! 

  • We are looking for investors.
  • Forward this mail with a recommendation to your investment department.
  • If you have direct contact with other investors, then recommend LUCY Security. Thank you.

LUCY Server has been installed over 6000 times. The Swiss company with its incomparable software product is on the way to global success. Become part of it!

In its fourth year of existence, LUCY is expected to generate seven digit sales figures. We have not had a financing round so far and the company is debt-free. Since its launch in 2015, we could manage a yearly organic growth of some 100%. The cyber prevention market is on the move. For us it is proven that the disruptive business model of LUCY Security will revolutionize the market. This market is currently close to USD 5 billion and is growing at over 13% per year.

We already have investment promises, especially we are looking for a lead investor with a stake of > 500k. Further details can be found in the enclosed teaser.

  1. Are you interested? Then please contact me! Mail: palo (at) lucysecurity.com
  2. If your company has an investment department, we would be very grateful for a recommendation ☺
  3. If you know someone who might be interested, please tell them about this unique opportunity!

Thank you for your support. Kind regards from sunny Switzerland,

Palo Stacho, Co-Founder

 

We make Cyber Prevention an Simulated Internet Attacks available and affordable to everybody!

LUCY Security Zug (CH) – Austin (TX)

 

 

LUCY Connect User Group Conference 2018

Reminder: Invitation to the LUCY User Group Conference on Oct-18, 2018

LUCY CONNECT Conference features industry expert speakers, including keynote by Enterprise Security Experts. Sessions focused on latest security trends and experience sharings between the attendees.

3.9 out of 4.0! Last year’s LUCY Connect User Conference was an awesome success with a rating of 3.9 out of four points. We are very pleased to be able to hold this event again and are very grateful that the congress will take place in Bosch’s IT campus.

What? The second LUCY User Group Congress and Cyberprevention Summit for LUCY customers, users and certified partners including Keynotes from criminologist Kevin Beaver and from Group CISO Robert Bosch GmbH.

Why? Learn from other users experiences. Place your feature and development requests and get an exclusive sneak preview of the future LUCY Relases. And mostly: Benefit from the unique LUCY network.

When? October 18, 2017, 9.30am – 5pm . You can book an optional pre-event for the day before including a plant tour and a get together dinner sponsored by LUCY.

Where? The all-day event will be held in Stuttgart on Robert Bosch’s brand new IT campus in Feuerbach.

  • Robert Bosch Global IT Campus, Borsigstrasse, Corner Siemensstrasse, 70469 Stuttgart, Germany

Agenda Oct, 18th 2018, 9.30am – 5pm:

  1. Welcome Note by the LUCY Founders
  2. Keynote by Britta Paczkowski Group CISO Robert Bosch
  3. Keynote by Kevin Beaver, Author  “Hacking for Dummies
  4. LUCY in the wild, a Partner Presentation & Discussion, hosted by BH-Consulting
  5. Future LUCY Server: Outlook 2018/19
  6. Get the most out of LUCY, improve usage and strenghten the Human Firewall
  7. Workshops: Customer improvement & development requests;  Best practices using LUCY; Best attacks and trainings
  8. Feature Breakout: Own training content with Adapt and Malware-Simulator V2
  9. Customer Story by Daniel Schatz, CISO Perform Group
  10. Campaign planning and execution in corporate environments by Patrick Zeller, Robert Bosch

The event is free of charge.

Get the most out of your cybercrime prevention program – Register for LUCY Connect & User Group Summit!

 

lucy phishing server at it-sa 2018

Meet LUCY and get one of the best gifts! it-sa Nuremberg from 09-11 October 2018

LUCY Security as an exhibitor,  forum speaker and startup finalist at the largest IT security exhibition in Europe! Meet us, get a demo and one of the top gifts from the show!

LUCY Seucrity an der it-sa 2018it-sa is the number 1 in Europe for IT security. With over 12,000 visitors and 630 exhibitors, it-sa is Europe’s largest expo for IT security. Also in 2018 the LUCY experts will be present and they are even finalists for the annual startup competiton [email protected] The high-profile supporting program completes the event in an wonderful way.

Get an awesome gift! We have a great gift for you, we promise. Stop by and discover what we have for you 🙂

Pre-Show: LUCY at [email protected]: We made it as only Swiss Company to the finals of the preliminary Cyber Security Startup match up event on Monday 08. October 2018. Support us there! If you wish a ticket, just contact us.

Hall 10.1-416: LUCY Security will exhibit in Hall 10.1-416:

 

 

MEET LUCY  on Europe’s biggest IT security stage! 09 – 11 October 2018 Nuremberg.

lucy security it-sa messe 2018 stand

Managed Services Company from Saudi Arabia is the new cybersecurity partner from LUCY

Meet LUCY’s new Partner in Saudi Arabia – Managed Services Company

We’re strengthening our presence in the Middle East in response to the rapidly growing Cyber Prevention market in this area.

Zug (August 20, 2018) – The Managed Services Company is the 14th international partner LUCY Security has been able to certify. Interest in LUCY Software in Saudi Arabia has increased significantly in the last six months. LUCY Security AG now takes this into account.

Managed Services Company is a startup specialized in providing bespoke services in the field of Cyber Security. These services range from identifying threats and vulnerabilities to planning, designing and implementing the relevant technological, organizational and risk-based countermeasures. They supply vendor-independent security services through our consultants and a wide network of partnerships. It can therefore provide in-depth expertise in the most widely used security technologies on the market and select the most suitable solution for any given case.

In addition, Managed Services company is a managed service provider specializing in cyber threat intelligence, brand protection solutions, and security-management for complex systems. The company’s portfolio includes security assessment, real-time management and monitoring of security systems. Managed security also has expertise in advanced technologies like Blockchain, Internet of Things, and Smart Cities. “We help our customer to secure those technologies by developing the right strategies and manage their security”, says Thamer Aldhafiri, co-founder of Managed Services Company. 

„Finally we have found the right partner in the important Saudi market. The demand for cybersecurity software is high in the country and the fact that LUCYs software is not developed and distributed by a US company is a big advantage in the region“, says Palo Stacho, co-founder of LUCY.

About LUCY Security: The LUCY Phishing Awareness Training Server is used for the simulation of social engineering attacks and can be used universally – from SMEs to large customers. The product can be installed directly on the customer’s premises, a cloud version is also available. The Swiss solution provides hundreds of pre-configured phishing templates and training modules[1], which can be used by the end customer independently. With the “Phishing Incident Plugin” for Microsoft Outlook the user can raise the alarm in case they suspect an attack. LUCY’s “Threat Analyzer” will automatically evaluate and risk-score suspected phishing attack emails, saving valuable time for the security team. The product is installed on more than 6000 servers, in over 60 countries. Certified Eco-System partners in 12 countries complement the LUCY software with their value-added services.

The software is offered in the Freemium model: The free Community Edition is suitable for SMEs with up to 50 employees. The commercial Starter Edition costs USD 680 and – unusual for the industry – unlimited licenses are available from 3400 USD.

For more information please contact palo (a t) lucysecurity-do t-com and ask for Palo Stacho. LUCY Phishing GmbH, Seestrasse 13 | CH-8800 Thalwil, Switzerland | +41 793 01 7810

  • LUCY Phishing GmbH, Seestrasse 13, CH-8800 Thalwil, Schweiz, +41 44 557 19 37
  • LUCY Security LLC, 801 W 5th St, Suite 809, Austin TX 78703, USA, 512-917-9180

[1] http://www.lucysecurity.com/product/server-plug-ins/campaign-scenarios/

why is a cyversecurity company sponsoring a sustainabiltiy congress?

Why is a Cybersecurity Company Sponsoring a Green Convention?

LUCY Security sponsors the Swiss Green Economy Symposium. Why that? Why is cybersecurity so important for sustainability and successful business in the 21st century?

The answer is actually quite simple: On the one hand, we care about the future of the earth. We want to make tomorrow’s world an even more beautiful place than it is today. For us and for our children. On the other hand, our corporate vision fully supports this goal!

Effective sustainability is not possible without digitization. Smart cities, autonomous driving, sharing economy and so on are all digital technologies and ‘smart’ concepts. And cybersecurity is a must there. Without information security, there is no smart city. That’s why: Sustainability would be inconceivable without information security! Sustainable = Smart + Safe. Quite simple, no? 🙂

there is no sustainability without cybersecurity!

 

Long story short: This year’s Innovation Forum IF.01 at sges2018 deals with ‘sustainable digitisation’. The topic fits perfectly to LUCY Security. IT security is a central element of a sustainable digital economy. Our tool LUCY Server helps companies to test their IT security – through simulated attacks on their infrastructure and social engineering attacks on employees. Co-founder Palo Stacho tells more about IT and network security and sustainable digitization at IF.01 on September 4, 2018 in Winterthur (Switzerland).

The Forum is powered by:

  • Jan Bieser Informatics and Sustainability Research, University of Zürich
  • Adolf J. Dörig Founder & managing Partner, Doerig + Partner AG; Chairman Advisory Board Advanced cyber Security – satw
  • Dr. sc. techn. eth Rolf Hügli Managing Director, Swiss Academy of Engineering Sciences
  • Max Klaus Stv. Leiter, Melde- und Analysestelle Informationssicherung Melani
  • Prof. Dr. Patrick Krauskopf Chairman, agon Partners; Professor, zhaw
  • Lars Müller ceo, libracore
  • Palo Stacho Co-Founder, LUCY Security
  • Tobias Seitz Leiter underwriting Region Ost, technische versicherungen, Helvetia Versicherungen
  • Martin Zust Citizenship & Sustainabiltiy Manager, Samsung Schweiz

Our Mission: We make cyber prevention and simulated internet attacks affordable and available to everybody!

 

LUCY Connect User Group Conference 2018

Register for 2nd LUCY Connect 2018

LUCY User Group Conference is held on October 18, 2018 in Stuttgart

3.9 out of 4.0! Last year’s LUCY Connect User Conference was an awesome success with a rating of 3.9 out of four points. We are very pleased to be able to hold this event again and are very grateful that the congress will take place in Bosch’s IT campus.

  • What? The second LUCY User Group Congress and Cyberprevention Summit for LUCY customers, users and partners.
  • Why? Learn from other users experiences. Place your feature and development requests and get an exclusive sneak preview of the future LUCY relases. And mostly: Benefit from the unique LUCY network.
  • When? Oct-18th-2018
  • Where? Robert Bosch Global IT Campus, Borsigstrasse 14, Stuttgart Feuerbach

Optional Pre-Event

Wednesday, Oct, 17th 2018 at the Wichtel Hausbrauerei Feuerbach : 1900 Meet & Greet incl Drinks and Dinner. A table will be available from 1930 (ask Laura)

Agenda

LUCY CONNECT 2018: Thursday, Oct, 18th 2018 (still subject to change)

(Version Oct-12th) Location: Robert Bosch IT-Campus | Borsigstraße 14, Stuttgart,  +49 711 8110 | Room information will be visible in the lobby and is close to the entrance.

  • 0830 – 0930 Coffee Time at Global IT Campus Feuerbach
  • 0930 – 0935 Welcome Note LUCY: Welcome/Agenda, Oliver Münchow, LUCY & Patrick Zeller, Robert Bosch
  • 0935 – 1005 Welcome Keynote: ‘ONE Security bei Bosch – Der Faktor Mensch in der IT-Sicherheit’ by Britta Paczkowski, Group CISO Robert Bosch
  • 1005 – 1035 Keynote: ‘Prevention versus Reaction – Change your approach to security or be doomed to repeat history’, by Kevin Beaver, Author Hacking for Dummies
  • 1035 – 1105 Presentation: ‘LUCY in the wild’, by Stephen Rouine, BH Consulting Ireland
  • 1105 – 1115 ==Break==
  • 1115 – 1145 ‘LUCY Outlook 2019’, by Oliver Münchow, Co-Founder LUCY
  • 1145 – 1215 ‘Feature Review’ – What happened with your requests and new features since LUCY 3.6, by Palo Stacho, Co-Founder LUCY

===

  • 1300 – 1330 Workshop: ‘Improvement & Feature Requests by Attendees’ feedback by Oliver, moderated by Patrick
  • 1330 – 1400 Presentation: ‘Corporate Security as a Service – CERT Insights’ provided by ETAS Group, Speaker tba
  • 1400 – 1430 ‘Campaign Planning and Execution in Corporate Environments’, Patrick Zeller / Joe Puissant, Robert Bosch
  • 1430 – 1515 Two Customer Brainstormings by Palo
    • Tech: Experience Sharing Best Practices using LUCY
    • Content: Experience Sharing Best Attacks and Trainings
  •  1515 – 1530 ==Break==
  • 1530 – 1600 Breakout: Technical Analysis with LUCY Server / How to build awareness with LUCY, by Oliver
  • 1600 – 1615 Housekeeping & next LUCY Connect(s), Closing Note, All

Adresses:

-Robert Bosch IT-Campus | Borsigstraße 14 | 70469 Stuttgart | Germany | +49 711 8110, detailed room information will be displayed in the lobby.

-Brewery on Wed: Wichtel Hausbrauerei Feuerbach Stuttgarter Str. 21 | 70469 Stuttgart | Germany | https://www.wichtel.de/ | +49 711 82051690

 

Call for Papers: Ended.

Registration for the LUCY Connect Cyberprevention Summit and User Conference is open until October 15.

The event is free of charge.

Become a part of the movement – Register for LUCY Connect & Cyber Prevention Summit!

 

Darkweb Research with LUCY

Darkweb Research from LUCY

Did you want to know if there is a data outflow of your company? With our Darkweb Research we bring employee or company data to the surface. Our new  Deep Web analysis service examines what information about a company can be found in public and closed networks. Information from various sources is screened automatically and manually:

  • Pages in the Darknet (e.g. Tor Pages),
  • Forums,
  • Chats (IRC etc.),
  • Dump bots,
  • Cloud Storage
  • others

This makes it possible to ascertain whether and which business-relevant information exists outside the company’s boundaries. The effort required for this depends on the desired scope of examination.

Automated Darknet Research in LUCY Server

In the near future the LUCY software will be equipped with automated analysis mechanisms. The LUCY Deep Web analysis framework enables search queries by the end user. The new functionality will greatly automate Darkweb Research. End users and LUCY administrators will be able to quickly and efficiently determine whether critical data has left the company boundaries. It is obvious that the LUCY server functionality cannot completely replace manual Darknet research. In such actions, the human mind is still very important. AI (Artificial Intelligence) will also not be able to completely replace humans in Darknet Research.

BRAND MONITORING IN THE DARKWEB

Monitor your company and your brand with our new service. Successful companies do well to constantly monitor cyberspace. The automated and recurring scans of LUCY allow the regular control of

  • Darknet,
  • Deep Web,
  • Social media,
  • App Stores
  • and other sources.

The service offer is individually configurable.

 

security awareness training update

Bam! Enjoy 163 new Attack and Training Templates – Unlimited Security Awareness Content

At LUCY we are constantly delivering new security awareness content. And that for free! Now 163 new templates have been added in one go: 20 training videos, 9 other awareness trainings and as many as 134 new attack templates. LUCY rocks! right?

Overview

New attack templates for Phishing Simulations

We have delivered 134 new or updated templates. Why are we adding so many? Because it has been proven that many phishing tests that run simultaneously and are sent out at random have the best sustainable training effect for employees. We also have responded to the various customer requests and now offer new group of attack templates who contain typos from known brand names. This is state of the art Security Awareness Training Content!

20 new training videos

The need for more training modules and especially for rich media security awareness content is unbroken. Our new training videos range from security awareness videos to social media usage. Check them out below!

Arabic and Danish as new (standard) languages

All scenarios of the Security Awareness Training Content are now available in several language versions. The language bar usually looks like this:

arabic as standard phishing template

Today we can safely claim that most of the content is available in Arabic, Danish, Dutch, English, French, German, Italian, Portuguese, Spanish and Turkish! Very often Russian and Ukrainian are added.

Beautiful Free and Editable Security Awareness Posters !

Editable and Free Security Awareness Posters Almost 70 posters are now available for publication. Place it in your office so that your employees always have the relevance of IT security in mind. The security awareness posters are equipped with either an illustration or an attractive photo. And best of all: The posters can be edited with Adobe Illustrator (c) because we provide the source files 🙂

How do I get to the new content?

If you have installed LUCY, you get a message that new content is available and you can download it. Otherwise, you can check in the Settings menu in the Download Updates section whether other new templates can be downloaded.

Can I maintain and develop my own templates?

Of course. LUCY is a standard software that was created for this purpose. This ensures reusability and investment protection. You can create your own attack or awarness training templates.

Details: The 2nd LUCY Security Awareness Content update of this year

Here are 163 new or revised training and phishing attack templates. Have fun testing and training!

 

Educational and Security Awareness Training Content Modules

29 updated or new courses: Enjoy our updated or new Security Awareness Training Content: Video / Quiz / Interactive , Course or Static.

01.) Social Engineering Course – This course helps employees understand the threats of social engineering.

 

 

02.) Email Only – This was a phishing simulation & Tips  This is a template that does not have a web page integrated. The employee is informed about the phishing simulation and receives a few tips on how to better detect such attacks in the future.

 

03.) Email Only – This was a simulation & Tips (Text)  This is a template that does not have a web page integrated. The employee is informed about the phishing simulation and receives a few tips on how to better detect such attacks in the future and where to report them.

 

04.) WIFI Security Course – This wireless security course (5-10 minutes) provides employees with an understanding of the risks associated with wireless networks and how best to protect themselves from them.

 

05.) Security Awareness video:7 Tips (close caption) – In this short 3-minute security awareness video we have put together 7 security tips, which involve best practices and policies that promote security. The video has english subtitles. The content (animation, language, script) is customizable. More info about customization can be found here: https://goo.gl/HXN9SG.

06.) Secure social media usage video (close caption) –In this security awareness video we talk about secure social media usage. The video has English subtitles. The content (animation, language, script) is customizable.

 

07.) Secure Internet usage video (close caption) – In this video we show you how to protect yourself when using the internet. The video has english subtitles. The content (animation, language, script) is customizable.

 

08.) Email Security Video 1.3 (close caption) – In this 9-minute security awareness video, we talk about email security risks. The video has subtitles.The content (animation, language, script) is customizable.

 

09.) Lucy Phishing Video 1.1 (close caption) – This is a 3-minute educational video about phishing attacks. The video has english subtitles. Each video scene can be customized (e.g. custom branding) and translated into additional languages.

 

10.) Mobile Security Awareness Video (close caption) – This short security video gives a few tips regarding the secure usage of mobile devices (mainly smartphones & laptops). The video has english subtitles.

 

11.) Password Security Video (close caption) – In this 5-minute security awareness video we talk about password security risks. We have put together a few security tips about best practices and policies. The video has english subtitles. The content (animation, language, script) is customizable.

 

12.) Physical Security Awareness Video (close caption) – In this 4:20-minute long security awareness video we talk about physical security risks. In addition, we have put together a few security tips, which involve best practices and policies. The video has english subtitles. The content (animation, language, script) is customizable.

 

13.) Social Engineering Video – This video is dedicated to the topic “social enginering”. The content (animation, language, script) is customizable. More info about customization can be found here: https://goo.gl/HXN9SG.

 

14.) Social Engineering Video (close caption) – This video is dedicated to the topic “social enginering”. The content (animation, language, script) is customizable. The video has subtitles.

 

15.) Data Privacy & GDPR Video – This video is dedicated to the topic “data privacy & GDPR”. The content (animation, language, script) is customizable. More info about customization can be found here: https://goo.gl/HXN9SG.

 

16.) Data Privacy & GDPR Video (close caption) – This video is dedicated to the topic “data privacy & GDPR”. The content (animation, language, script) is customizable. The video has subtitles.

 

17.) Identity theft video – This video is dedicated to the topic “identity theft”. The content (animation, language, script) is customizable.

 

 

18.) Identity theft video (close caption)  This video is dedicated to the topic “identity theft”. The content (animation, language, script) is customizable. The video has subtitles.

 

 

19.) WI-FI security video – This video is dedicated to the topic “Secure Wi-Wi”. The content (animation, language, script) is customizable.

 

 

20.) WI-FI security video (close caption) – This video is dedicated to the topic “Secure Wi-Fi”.
The content (animation, language, script) is customizable. The video has subtitles.

 

21.) Workplace Security Awareness Video – This video is dedicated to the topic “workplace security”.
The content (animation, language, script) is customizable.

 

22.) Workplace Security Awareness Video (close caption) – This video is dedicated to the topic “workplace security”. The content (animation, language, script) is customizable. The video has subtitles.

 

23.) PCI Security Awareness Video – This video is dedicated to the topic “PCI Security Awareness”. The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards. The content (animation, language, script) is customizable.

 

24.) PCI Security Awareness Video (close caption) – This video is dedicated to the topic “PCI Security Awareness”. The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards. The content (animation, language, script) is customizable. This video has subtitles.

 

25.) Password Security Video -SHORT (close caption) – In this 1-minute security awareness video we talk about password security risks. We have put together a few security tips about best practices and policies. The video has english subtitles. The content (animation, language, script) is customizable.

 

26.) Email Security Video – SHORT (close caption)  In this 1-minute security awareness video, we talk about email security risks. The video has subtitles.The content (animation, language, script) is customizable.

 

27.) Physical Security Video – SHORT (close caption) – In this 1-minute long security awareness video we talk about physical security risks. In addition, we have put together a few security tips, which involve best practices and policies. The video has english subtitles.

 

28.) Comprehensive security course – Topics in this course include “SHOULDER SURFING”, “PORTABLE MEDIA ATTACKS”, “VISHING (COLD CALLING)”, “CLEAR DESK POLICY”, “PHYSICAL SECURITY”, “VISITORS AND IN-PERSON INTERACTION”, “SOCIAL ENGINEERING”, “PASSWORD SECURITY”, “SECURE BROWSING”, “SECURE SOCIAL NETWORKING”, “USING PUBLIC WI-FI’S”, “MOBILE SECURITY”. Please note the different configuration options in readme.html.

 

29.) Awareness Training Library – THIS IS A WHOLE VIDEO LIBRARY – This template offers the possibility to link all existing LUCY training modules in a directory. The end user can then put together his desired training modules himself on an overview page. This is our biggest collection of Security Awareness Training Content so far!

 

 or download our free Community Edition here.

 

134 new and updated Attack Scenarios / Phishing Templates

1.) Free Bitcoins – The user is offered free bitcoins.

 

 

 

2.) Message – The scenario represents a typical communication attempt by a messaging service.

 

3.) Open position (resume enclosed) – Blind applications are a common tool used by attackers to get HR staff to download dangerous content from the Internet.

 

 

4.) Reset your google password – The user is informed that during a random check in the Darknet, you have found his login data and an attacker can misuse it to gain access to his google account.

 

 

5.) Visit to your city – This is a real example of a Russian dating scam that took place a few years ago.

 

 

6.) DHL Shipping confirmation (image only) – This is an example of a real attack that was carried out in the past on behalf of DHL. To get past possible SPAM filters, there is no text in the email, only an image which is linked.

 

7.) Message is only partially downloaded (image only) – This email specifies that the content cannot be displayed. The user is asked to click on a link to download the message. To get past a possible spam filter, only an image is used instead of text.

 

8.) LinkedIn Invitation – Because LinkedIn has become one of the most popular professional online networks, it has become a victim of occasional online scams. Scammers send LinkedIn users emails that appear to be from LinkedIn but are not. This is a typical real life example of such a scam. The logo and name are not modified in this template.

 

9.) Zoom Meeting Invitation – The employee is invited by a colleague from the HR department to a spontaneous zoom meeting to clarify suspicious surfing activities on his PC. The template uses the same formatting and wording as the original.

 

10.) Airbnb illegal activity reported – In this email, the user will be informed that an illegal activity has been detected on Airbnb’s behalf and will be reported to the authorities if necessary. These types of messages play on the user’s curiosity and fear.

 

11.) Instagram Password Reset – This scenario is a typical example of a fraud attempt, in which the user is led to believe that his password has been changed by a third party.

 

 

12.) Facebook notification missed from friends – This is a typical example of an attack in which the user is notified about missed activities of his friends. The logo and name were not adapted in this scenario to make detection more difficult.

 

13.) Facebook: See who liked your page – Most users of social media are by nature curious. They are interested in learning what is going on with their friends, their communities and the world at large. Unfortunately, scammers understand this curiosity and exploit it in an attempt to lure users into clicking on fake messages like this one.

 

14.) Cisco’s Webex – Meeting in progress! This attack scenario gives the user the impression that a WebEx Online Meeting is taking place on their behalf. This scenario adopts the typical features of such an invitation without deliberate errors in the logo or name.

 

15.) Xing Contact Request – Unlike an email address, the business plattform Xing reveals considerable information to scammers because your profile is the digital version of you. This is often used by scammers in the context of contact inquiries, which aim at the curiosity of the user.

 

16.) PayPal suspicious activity on the account – PayPal customers are constantly being targeted in phishing attack. In one of the most pouplar, criminals are distributing fraudulent emails claiming that PayPal has noticed suspicious activity on your account. The emails claim that PayPal has detected a successful sign in from an unrecognised device and you must therefore secure your account before it can be used again.

17.) LinkedIn: Account blocked due to inactivity –This scam first occurred in 2012, when Russian hackers collected and leaked millions of LinkedIn users’ passwords. These scammers send you a fake email, pretending to be the LinkedIn administrative team. The email pretends your LinkedIn account has been blocked due to inactivity. This is security awareness training based on real world examples!

18.) iTunes account confirmation – This attack variant against apple user was first observed in 2016. There have been reports of emails that appear to be from the Apple Store, asking the user to confirm his email to avoid the account from being blocked.

 

19.) LinkedIn – Policy Violation  The user is informed that his profile has been reported by another user due to violations of the general conditions. This example corresponds to a real phishing attack as observed a few years ago.

 

20.) Amazon – your account has been updated  In the past, Amazon users have been persuaded to click on a link using this type of phishing attack. In this scenario it is pretended that another user has changed the email address of the legitimate account owner.

 

21.) Dropbox – Account will be suspended  If there’s no activity on a users Dropbox account for an extended period of time, Dropbox will notify the account owner in an email. In the past, this pattern has often been used by attackers to gain access to user logins.

 

22.) Happy Easter Greeting Card as a phishing attack
A simple but effective security awareness training: Happy Easter Greeting Card as phishing simulation.

 

23.) SAP – The user is invited via mail to access the SAP account just created. This is a great software specific Security Awareness Training Content Template.

 

 

24.) Sharepoint Invitation
Websites in Sharepoint may be shared with external or internal users using this type of invitation.

 

25.) Sharepoint Login –Websites in Sharepoint may be shared with external or internal users using this type of invitation. The recipient will be able to login to a Sharepoint Website which is undergoing some technical maintenance.

 

26.) Netflix Account on hold – This is a replica of a real Netflix phishing attack from 2018, which uses character spacing to trick spam filters. This is a typical example of a mediocre attack email that contains some visual errors.

 

27.) Twitter
Your company is mentioned in WikiLeaks! A twitter message pretending that your company is mentioned in an article at wikileaks.

 

28.) SAP Login
 The user is invited via mail to access the SAP account just created. The fake SAP portal allows the user to login with his windows username and password.

 

29.) Amazon Prime Bonus Scam – In 2017, criminals were sending mass emails that appear to have come from Amazon and thank recipients for making purchases on Amazon’s “Prime Day”. The emails then invite recipients to go to the Amazon website to “write a review” and receive a special $50 “bonus” credit for doing so.

30.) Happy Valentine’s Greeting Card, attack template for phishing simulations 
A simple Happy Valentine’s Greeting Card as phish test template.

 

 

31.) Happy Mother’s Day Greeting Card – Nothing to add here, dear Mum 😉

 

 

32.) Happy Halloween Greeting Card – Happy Halloween Greeting Card.

 

 

33.) Happy Christmas Greeting Card – And last but not least a Happy Christmas Greeting Card as phishing simulation template.

 

 

34.) Microsoft Office 365 Online Login
The message asks the user to login to his/her “Microsoft Office 365” account. The login will generate an error.

 

35.) Citrix Login
In this template the user has the ability to log in and access his/her company’s work environment via Citrix

 

36.) Private Message – enter code to open it   In this template, which corresponds to a real message service with email encryption, the user is asked to enter his email address and a code (this is included in the message) on a web page.

 

37.) Join Skype – Business Meeting Invitation to a Skype Business Meeting.

 

 

38.) Join Skype Business Meeting (Web Login)
Invitation to a Skype Business Meeting. Login with Windows Credentials.

 

 

39.) Cisco’s Webex – meeting in progress (web login) – This attack scenario gives the user the impression that a WebEx Online Meeting is taking place on their behalf. The user can participate the meeting using his email adress and birth date as an authentication
mechanism.

 

40. – 106.) – Editable Security Awareness Posters – Informative and decorative educational posters increase security awareness. Editable and Free Security Awareness PostersThere are now 67(!) such posters available. They can all be edited and customized using Adobe Illustrator.
Usually two different types are available: As an illustration or photo poster.

 

107.) Windows Update
A new Windows Update is available and tries to trick the user for downloading it.

 

 

108.) Corporate WhatsApp Group
The user will be asked to register on a WhatsApp page of the company to join the new group.

 

 

109.) Outlook to Office365 Migration – As part of a transition from Outlook 2010 to the cloud-based Office365 environment, this scenario asks all employees to register on a new environment located at “login.microsoftonline.com”.

 

110.) Employee of the Month
A new offer enables employees to vote for a candidate who deserves recognition for his or her outstanding achievements.

 

111.) Google Leaks – The company informs the employees that their corporate network credentials have been breached and they should make a Google Search to find out whether their credentials are stolen or not.

 

112.) LinkedIn Company Profiles
The recipient is informed that the HR department has migrated all employee profiles to a newly created company page on LinkedIn in the last few months.

 

113.) BYOD, Open VPN Access
In this scenario, employees can use a new web based SSL VPN login portal to get access with their personal devices to all internal business applications.

 

114.) SSL VPN Compability Check (Netscaler)
In this scenario, the user is prompted to connect his remote workstation to the company network. A compatibility check of the computer with an executable file is also performed. The design is based on a Citrix Netscaler access.

 

115.) UPS Exception Notification – This is a copy of a real UPS attack example gathered from LUCY’s phishing monitoring service.

 

 

116.) Twitter “Corporate” – The user receives a notification that his company has set up a Twitter channel exclusively for all employees. He can keep up to date and receive the latest news about new entries, contests, company events, etc. in real time.

 

117.) NetScaler Unified Gateway SSL VPN
By using a new web-based SSL VPN login portal, employees have access to all internal business applications that allow them to work from a remote location.

 

118.) Facebook Company Page
The employee gets invited to join his company’s facebook page.

 

 

119.) PayPal Open Invoice

The recipient receives an invoice from a seller for a three-digit amount. To view the invoice, the user must login with PayPal. This attack is based on similar attacks observed by our research team in the past.

120.) Email in quarantine – This is an original copy of a phishing attack observed in 2018 by our research team, in which the user is tricked into picking up his quarantined email.

 

 

 

121.) Email in quarantine with Login Page – This is an original copy of a phishing attack observed in 2018 by our research team, in which the user is tricked into picking up his quarantined email.

 

122.) Employee Survey HR Portal – The employee is asked to log on to an HR portal to take part in an internal survey. One of the oldest and most efficient Security Awareness Training Content Templates has been revamped here.

 

 

123.) Netflix – Payment was rejected – This real phishing attack was registered by our reserach team in May 2018. In this attack, the user is informed that his payment method was rejected. This is an example of a better formulated attack with correct grammar and visual elements.

 

124.) F5 VPN Access – In this web-based scenario a VPN access of the company F5 is simulated. The user is asked to enter his user name, password and also his token code.

 

 

125.) Password Check for MS Windows – This extended password check shows the user how secure his password is during input. It is intended to test Windows(c) passwords. As soon as the user enters a password with more than 6 characters, it is transmitted to LUCY.

 

126.) Job Offer
The employee is contacted personally and made aware of a position that would fit his or her profile. This is still an efficient Security Awareness Training Content!

 

127.) Illegal license detected on your PC
 The user is informed that there is an illegal copy of software on his PC and that he must log in to check it.

 

128.) Bitcoin – Trade with a 500 USD starting balance  The user receives a starting credit of USD 500, which he can invest in Bitcoin in a predetermined period of time free of charge on a trading platform.

 

129.) Bad Employer Rating – A negative assessment of the employer has been published. This is a simple but efficient Security Awareness Training Content Template.

 

 

130.) Affordable car leasing for employees – Employees can lease a company car for a fraction of the original cost.

 

 

131.) Leak Alert: Verify your phone number – In this database of stolen records, the user can check if his phone number is being misused in any way.

 

 

132.) DocHub – Please Review Invoice  “Carl Mc Gregor” sends the recipients an invoice to review and complete.

 

 

133.) Melani – Swiss Reporting and Analysis Centre  Reporting and Analysis Centre for Information Assurance (MELANI) has been commissioned by the Federal Council to protect critical infrastructure in Switzerland. In this template the user receives an email about a possible data leak.

 

134.) Your expenses have been denied (SAP) – The user is informed that his submitted expenses have not been accepted.

 

 

So that’s it  🙂  Keep on enjoying LUCY Server and our Security Awareness Training Content

 or download our free Community Edition here.