All notable LUCY features from the past four Releases

Did you miss all these features from the past 12 months? From LUCY 3.7 to 4.3

From 3.7 -> 4.3 : This is a considerable list! See a summary of the functionalities we have built or expanded in the last 12 months.  

We have found that new features are often not noticed by users and therefore not used. That’s why we have summarized the most important new features of the last four major versions in this article.

  • LUCY Version 3.7 was the current release during LUCY Connect in October 2017 , since then
  • Four major releases were deployed until today: 4.0 (3.8, 3.9, 4.0 merged), 4.1, 4.2, 4.3


1.     People Testing Features and Enhancements

  1. Default campaign template for even more efficient campaign creations (3.7)
  2. Sending messages: CC, BCC and fake TO fields in messages (3.7)
  3. Gender-specific addressing using variables (4.0)
  4. Digital signature in phishing emails (4.1)
  5. Add attachments to PDF. Filebased Attack using the pdf format including an executable attachment (4.3)
  6. 315+ Attack templates and new languages like simplified Arabic, Chinese & Japanese

2.    Awareness Training Features and Enhancents

  1. A new Enduser profile page,your personal learning and training (3.7)
  2. Authoring Toolkit(4.0)
  3. Option for awareness results overwriting (4.0)
  4. Reputation-Based eLearning / ‘Maturity Model’ (4.0)
  5. Scorm export for Learning/Awareness Content (4.0)
  6. Attendance Certificate for successful training / Training Diploma (4.1)
  7. Full-featured LMS Advanced education portal for end users (4.3)
  8. Training library support (4.3)
  9. 180+ Training Templates containing 40+ Videos
  10. Screen locker Template – send data to the server on execution (4.0)

3.    User Engagement Features

  1. New Windows Incident Plug-In (split versions x32 / x64) (3.6)
  2. New Gmail Incident Plug-In (4.2)
  3. Office 365 Outlook plugin (3.7)
  4. Outlook plugin improvements:
    • Custom subject, multiple recipients, additional headers (X-CI-Report) (3.7)
    • Additional headers checkbox (4.0)
    • Configuration interface (4.0)
    • Custom image (4.0)
    • Localization support (4.0)
  5. Option to remove incident notification for emails generated by LUCY (4.0)
  6. Optional additional headers support (4.0)
  7. MS-Outlook / Office365© Incident Plugin improvements: configurable ribbon label, inline email forwarding options (4.1)
  8. Email Risk Score / Incident Auto Feedback (4.0)
  9. Gmail phishing button! (4.2)
  10. Extended Threat analysis for end users: Now extended information is available for endusers including charts, etc. (4.3)
  11. Threat Mitigation (4.0)

4.    New Infrastructure Assessment Features and Enhancements

  1. Risk Assessment Campaigns (4.0)
  2. Mail and Web Filter Test (Which file and message types ‘go through’?) (4.1) including CSV, PDF export of Mail & Web Filter Test results (4.3)
  3. Mail spoofing test (4.2)

5.    GUI, Stats, report and miscellaneous

  1. Widgets on the Dashboard (4.0)
  2. Stop All Campaigns” button (makes patching easier) (3.7)
  3. Custom logos in the campaign report. (3.7)
  4. Add comparison/benchmark charts into the report (3.6)
  5. Extended reporting options (3.6)
  6. New dashboard & new dashboard actions: It makes the handling much more straightforward, especially when you have a lot of campaigns running (3.7) or if you are a heavy user with lot of campaigns (4.0)
  7. Statistics: New real-time statistics overview (4.0)
  8. Campaign Variables enhancements, including the use of variables in headers and subject line (4.0)
  9. New report template variables: You can put ‘everything’ into your Campaign reports! (3.7)
  10. API: Integrate your personal LUCY instance into your corporate infrastructure or enhance the functionality. It’s a bidirectional Interface. (3.7)
  11. Track & monitor e-learning via API, dashboard or reports (4.2)
  12. Disable campaign checks option (3.7)
  13. Ability to enable/disable recipients (4.0)
  14. Campaign export page (4.0)
  15. Download template dialogue: Search and sorting (4.0)
  16. Improve additional groups in import (4.0)
  17. IP whitelist message (4.0)
  18. LDAP filter improvement (4.0)
  19. Recipient groups selection in schedule rule (4.0)
  20. Scheduler randomization (4.0) and improvements (4.1)
  21. User reputation in Lucy (who is not the same as reputation based e-learning)
  22. User reputation report (4.3)
  23. Recommended email domains in templates (4.1)
  24. Export Recipient Groups (4.1)
  25. Reports: Image placeholder (4.1)
  26. More Whitelabeling: Change default name, copyright, logo, etc. (4.1)
  27. Labeling / Whitelisting You can edit nearly all Text Messages or Labels (4.1)

6.    New or changed system specific components and functionality

  1. A new version of the active vulnerability detection feature based on own code, BeEF replaced (3.6)
  2. Fake deletion (you won’t accidentally delete anything) (3.6)
  3. Backups speedup (3.6)
  4. Backup of DB data (3.6)
  5. AV/Firewall protection improvement (3.7)
  6. Recipient upload improvement (3.7)
  7. Scheduler improvements (3.7)
  8. Advanced Export Features (4.0)
  9. Anonymous Mode: Stronger settings, no more reverts (4.0)
  10. Domain registration: New TLDs (4.0)
  11. Log Improvement (login, logout, create/delete campaign/scenario (4.0)
  12. Predefined Campaign Templates (4.0)
  13. Multiple default campaign templates (4.0)
  14. New Campaign Wizard (4.3)
  15. Domain renewal option (4.1)
  16. XML export support (4.1)
  17. New SPF CHECK & MX Check (4.2)
  18. Postfix: support TLS for outgoing messages (4.2)
  19. Automatic invoices when buying credits (4.2)
  20. 2-Factor Authentication for Lucy Users (4.3)
  21. Disk usage tracking (4.3)
  22. Block search engine networks from accessing Lucy (4.3)
  23. Incident center with Filter, Search and Sort (4.3)
  24. New Docker configuration (4.2)
  25. The Software runs on Debian Linux 9.5 (4.3)

These all the notable Features and Enhancments from the past four LUCY Releases – Enjoy using LUCY!

We make Cybercrime Prevention and Simulated Internet Attacks available and affordable to everybody!

LUCY Software is an Security Awareness System with an integrated Learning Management System LMS and with Debian 9.5

New LUCY 4.3 brings a full blown LMS and Debian 9.5

LUCY V4.3 brings 
  1. The Learning Management System (LMS) has reached full capacity. It includes now the advanced education portal functionality for end users: This feature allows users/victims to log into Lucy on their own and track their progress over multiple campaigns/trainings
  2. A brand new Campaign Wizard
  3. 2-Factor Authentication for Lucy Users and Admins
  4. A new Training Type named Training Library: This feature introduces the ability to offer recipients a library of training materials, compiled of various awareness templates in LUCY Server
  5. The Software runs now on Debian Linux 9.5

Already at the end of September 2018 we have started the rollout of LUCY 4.3. The image is available on


The latest version of LUCY Server offers many interesting functional enhancements and improvements: A new wizard is available to make your first campaigns even easier. A two-factor authentication is now available for end users. Our LMS is now fully functional and has now the desired scope so that you don’t need an additional learning management system anymore. For the trainings there is now a real training portal, in which the user can manage his trainings and follow his learning progress. Especially we would like to point our new “Awareness Training Library”, where the end user can individually select his own training from a whole library of training modules. And there are even more new features worth to mention:

  • Threat analysis for endusers
  • Add attachments to PDF
  • User reputation report
  • Disk usage tracking
  • Block search engine networks from accessing Lucy
  • Incident center with Filter, Search and Sort
  • CSV, PDF export of Mail & Web Filter Test results
  • Campaign message log: search and filter


Linux Upgrade

The most far-reaching change is the upgrade of the operating system to Debian Linux 9.5 Stretch. This measure was necessary to ensure maintainability and to maintain system security, as this guarantees security updates for the OS until 2022.

All customers using a system hosted by LUCY have already been contacted or will be contacted directly by our support. Customers who use LUCY as VMware, VirtualBox or AWS appliance have an automated upgrade routine available for the update.

Customers who have installed LUCY natively on Debian, using a Docker container, will get an automated upgrade as well. Customers with native installations without Docker please contact our support as well. An appointment must be made to perform the manual upgrade.

Contact support in case of problems – We hope to have served with this information. If you have any problems with the upgrade, please do not hesitate to open a ticket directly at support (at) lucysecurity (dot) com. Note that no campaigns can run at the upgrade time and that the server is restarted during the upgrade.

Fixed Bugs in LUCY Software V 4.3

And we fixed a lot:

  • 4.3 Awareness Delay Bug
  • 4.3 Hyperlink Template show landing page
  • 4.3 mail and webfilter display issue
  • Admin port configuration bug
  • Annymous not working for downloads
  • Anonymisation bug fix
  • Apache: Syntax error in apache2.conf while doing graceful restart
  • API recipient-group mapping to campaign fails
  • Awareness certificate generation page
  • AwarenessCertificateJob: runs after stopping any campaign
  • Campaign comparison: recipients bug
  • Campaign Restart & Reset Stats button
  • Campaign Restart not working
  • Campaign Test Run feature: tracking clicks isn’t working in ‘Awareness only’
  • Campaign.recipient_count out of sync
  • CampaignManager.getRunning / getRunningCount bugs
  • Console Post shows empty GUI
  • Constantly running getIpJob
  • Correctly mark simulation reports for stopped campaigns
  • Divided by zero bug
  • DocX report Bug
  • Download Template: Hide Installed is ignored when Check All available is ticked
  • Download templates error
  • Download Templates: Lucy is unable to get ‘updated’ (new) templates
  • Empty report arrives if the option After I stop the campaign send me a report to.. is enabled
  • End User Profile page: available training / History gives a 404
  • Error 500 when downloading campaign template
  • Error downloading user certificate
  • Error in UI when using 2FA
  • Exception on saving Scenario settings
  • Fix awareness cert
  • Fix bug in edit scenario template
  • Fix LDAP bug
  • Fix remaining errors from QA
  • Forgot password
  • Generate Report bug: showDateTime method is missing
  • In the download links files the wrong choice of ip / domain is used
  • Incident Management: download message received by SMTP
  • LDAP cannot be deactivated
  • Lucy is unable to change timezone
  • Lucy Outlook Button: Server Address could not be resolved
  • Mail & Web test – file names bug
  • Mail and webfiltertest: not possible to rename the campaign name
  • Mail Settings resets after insatalling 4.3
  • Migration tool: bugs
  • Migration Tool: empty campaign bug
  • Modifying scheduler rule issue
  • MWF: remove options from scenario and template
  • MX check error
  • Not possible to bind recipients to a campaign
  • O365: No ‘Access-Control-Allow-Origin’ header
  • Outlook plugin download fix
  • Password recovery does not work for any user
  • PDF attachment fixes
  • Portable media attack fixes
  • Property VictimCustomFieldForm.value is not defined
  • Recipients: Copy&Delete buttons unavailable in Internet Explorer
  • Recipients: Select All > Delete leads to system failure
  • Reflective Master/Slave
  • Reminders: FATAL (Exited too quickly)
  • Remove stat fields from Campaign and CampaignScenario
  • Report: Error generating image (custom admin port)
  • Reputation levels: default icon
  • Request failed try again when saving Message Tempalate
  • Scenario Stats : Show All button
  • Scheduler: when start\end have the same time then the plan is not created
  • SCORM Export bug
  • SCORM export: language selection
  • Spoofing Test: could not resolve
  • SSL for Lucy console when custom port is used
  • Stats calculation error
  • Temporary folder bugs
  • Test Run: Email tracking breaks the campaign
  • Translation Bug fix
  • Undefined variable: ip

Have fun using LUCY! Let us know if you like something or if you are still missing some functionality.

We’ll document everything in our LUCY – WIKI  as soon we can! Download the LUCY Anti Phishing and Cyber Crime Prevention Software below!


Lucy 3.5 is out

Meet new Lucy 3.5! This version covers mainly internal updates not really visible to the user. Nevertheless we strongly recommend to update immediately to Version 3.5 because of the improved security. You can download VMware ESXi, VMware Workstation, VirtualBox images and Linux installer script on Lucy website, or use a pre-configured AMI on Amazon EC2 instance (search for “lucy” in Community AMIs when creating an instance). If you are using a commercial license, you can update the system through the “Update” section in Lucy. Please make sure you have no active campaigns running before updating Lucy!

Update notes:

  • New report variables
  • Paid sources for recipient search
  • Global benchmark stats
  • White labeling options
  • Security enhancements (AES256 encryption instead of the old AES128, password salt improvements)
  • Notification of expiring domains & VPS
  • LDAP improvements (multiple DC and SSL support)

Please Update to LUCY 3.2.5 (Patch)

LUCY Relase 3.2 is available in November 2016

Bam! LUCY V3.2 is out with awesome corporate features

Dear LUCY Users,

Phishing Incident Plugin for Outlook and LDAP Integration – Only six weeks after Version 3.1 we’re shipping already LUCY Release V3.2! Why? Because we wanted it so! Big customers and large corporate prospects asked us to provide more corporate features. And we put them in this release!

Important things to consider when upgrading to LUCY V 3.1

New release: LUCY V 3.1 is a big leap forward

Lucy 2.9.1

Lucy 2.9.1 patch contains a fix for sending Awareness Website links automatically after an attack is successfully performed. If you downloaded or upgraded Lucy 2.9 on Mar 21, 2016 or later, then your version already contains all necessary fixes.

Lucy 2.9

Lucy 2.9 has been released! You can download VMware ESXi, VMware Workstation, VirtualBox images and Debian/Ubuntu installer script on the Lucy website, or use a pre-configured AMI on Amazon EC2 instance (search for “lucy” in Community AMIs when creating an instance). If you are using a commercial license, you can update the system through the “Update” section in Lucy.

Update notes:

  • Question titles support for quiz-based awareness websites
  • Licensing reports – see what spends your licensing points
  • New version of Malware Toolkit
  • Support 3rd-level domains
  • Additional checks for valid language settings
  • Link press statistics – show number of link clicks for individual recipients
  • Anti-virus/firewall check is optional now
  • Take default language as source when adding translations
  • Ability to insert link to awareness website from scenario landing page
  • Test run – ability to select scenarios to test and display data in statistics
  • Campaign backup with all data (recipients, visits, collected data, etc)
  • Improve graphics quality in reports
  • Check Lucy accessibility in Performance Test
  • Language selector for landing/message preview
  • Campaign checks help – get additional info when some of campaign checks fails
  • Template list speedup
  • Lots of extra features & bug fixes

Lucy 2.8

Lucy 2.8 has been released! You can download VMware ESXi, VMware Workstation, VirtualBox images and Linux installer script on Lucy website, or use a pre-configured AMI on Amazon EC2 instance (search for “lucy” in Community AMIs when creating an instance). If you are using a commercial license, you can update the system through the “Update” section in Lucy.

Update notes:

  • Beginning with this version, shell installer supports the following platforms:
    • Debian 7 (wheezy) – 32 bit and 64 bit
    • Debian 8 (jessie) – 32 bit and 64 bit
    • any other 64-bit Linux with kernel version 3.10 or more
  • Uploading data to interactive console – use Console Interactive file template to upload custom executables to targets and check their output in Lucy’s Interactive Session
  • Lucy speaks your language! Dutch, German, French, Italian, Portuguese, Russian, Spanish, Turkish and Ukrainian interface languages are now available.
  • Lucy hardening – now Lucy stores your data more securely
  • Admin SSL improvement – generate CSR and SSL certificates for Lucy admin part easily
  • “Check Update Now” button – Lucy checks for updates periodically and this button may be useful if you want to check if an update is available immediately, without your needing to wait
  • Custom archive name support
  • New archiving formats support – rar, 7z, cab, jar
  • UI improvements
  • Show current license counter values on license page
  • Reboot button
  • Multiple bugs fixed