LUCY the only truly GDPR compliant security awareness and phishing simulation solution!

Our evaluation process has shown that LUCY Security Awereness software is the only solution that meets our data protection and GDPR needs. Moreover, the LUCY people have shown that they are always looking for a solution to our problems! – Statement of a new corporate customer 2018

Anonymous Data in the Phishing Simulation Dashboard

Masked Victim Data of a phishing simulation campaign using LUCY Software

Full GDPR compliance in the LUCY Security Awareness Suite – In Switzerland, the same data protection standards apply as in the European Union. For this reason, the LUCY Suite was already geared towards data protection, anonymization and pseudomization at the concept stage in 2014. This means that employees can receive targeted training, even if the system administrator is unable to view employee data. Depending on the reputation level, employees can be provided with special training courses adapted to their know-how, while privacy and anonymity are assured.


LUCY is the only anti-phishing and employee sensitization suite that complies with the GDPR, whether as a local installation or a cloud solution!

Learn more about Data Protection, GRPR and LUCY Phishing / Employee Sensitization here (LUCY Wiki).


DSGVO konforme Phishing Simulationen und Mitarbeitersensibilisierungen sind nur mit der LUCY Software möglich

Phishing Attacks Made Easy Webinar 2018

How do I do a file-based phishing email simulation and training? [Video Tutorial]

Phishing Attacks Made Easy – In 15 minutes to a savvy professional attack with file-based phishing email and IT security training. Prevent cybercrime, strengthen your employees!

The recording of the webinar moderated by Kevin Beaver shows how to provide an advanced phishing campaign. The video tutorial is rounded off with a search for existing data leaks in the darkweb.



During the screen presentation you will be shown the following steps in the creation of a file-based phishing simulation and the subsequent training lesson:

00:00 – Introduction “A wrong decision is all that it takes” by IT Security Expert Kevin Beaver

08:45: Creating a simulated phishing attack using the new LUCY Software V4.3. Security Evangelist Oliver Münchow shows how to create a sophisticated attack simulation and training campaign with the LUCY software in no time at all:

  • Selection of a Phishing Simulation
  • Create a landing page similar to the login page of an Office 365 © installation.
  • Configuration of a harmless Trojan in the ‘Installation file for Office Mail’.
  • Selection of the training module for the subsequent Awareness Training
  • Executing the awareness-raising campaign
  • Statistics / reporting of phishing simulation and the employee training
  • Reporting suspicious emails using the Phishing button and the Incident Console’s working method

23:00 Dark Web Research & Analysis: As a bonus the new LUCY Darkweb search for existing data leaks is presented (Preview)

26:50 Q+A: Questions from the audience moderated by Colin Bastable LUCY USA

About – The LUCY software serves to prevent cybercrime. The product can be installed locally or downloaded from the cloud. Hundreds of attack templates and training modules are available so that the solution can be used immediately. In the meantime, LUCY has been downloaded over 11000 times and installed over 6000 times. Customers like Robert Bosch, Pioneer or SEB-Bank are customers of the Swiss company with offices in Switzerland and Austin Texas.

LUCY is available in the Cloud or locally (download here)

Contents of the Webinar Video:

LUCY is available in the Cloud or locally (download here)


Ridicolous easy: Phishing Attacks and Awareness trainings set up and run within seconds. Also suitable for Experts!

Even for Experts: Phishing & Training Campaigns set up within seconds with LUCY Software 4.3 [Video]

It can’t be better! Cybercrime Prevention in Seconds! Also for Pros: A new Phishing and Training Wizard for Campaign Creation is available in LUCY V4.3. LUCY Software is the leading solution for cybercrime prevention.

Watch the 2-minute video and discover how to set up, start and send a complete simulated phishing attack and a security awareness training course to your employees in two minutes. We explain how this works:

  1. You need LUCY Server V4.3 as local installation or Cloud Appliance (Download).
  2. Log into LUCY and select ‘New’ and ‘Campaign Wizard’ options in the Campaign Dashboard.
  3. The wizard for creating the simulated phishing attack will start. Select the type of attack you want to use. Available are hyperlink-based, web-based, file-based, USB attack, Mail+Webfilter test, pure training without attack simulation or the Malware Simulation to test your infrastructure.
  4. Select the template on which the phishing attack should be based, define the attack language.
  5. Name your attack scenario and select the client under which the attack should run.
  6. If you want to add a training to the phishing attack, please select the corresponding checkbox.
  7. Now define the properties of the phishing attack: attack domain, sender name (of the simulated phishing email), sender email and subject of the message. You can already work with variables to address the victims individually here. The configuration of the attack part is now completed.
  8. Awareness Training part: Now select the appropriate sensitization training and the language to be used. There are hundreds of quizzes, videos, games, interactive courses, posters, etc. to choose from.
  9. Now also define the properties of the training lesson: source domain, sender name, sender e-mail and subject. This information is then used to send the user an invitation e-mail to complete the training.
  10. Select a predefined recipient group that is to receive the attack and the training or enter the recipients now.
  11. Done! Check your entries in the recapitulation of the phishing and training campaign and
  12. Press ‚Start’. Alternatively, professionals can go into the detailed settings of the attack and make further revisions! So even specialists benefit from the efficiency gain in campaign creation through the LUCY V4.3 Campaign Wizard.

Strengthen your staff against Internet attacks with LUCY Software! There is no better product for cybercrime prevention.

Schedule a Demo

Ask for a Testsystem


trademark infringement phishing: Phishing Simulations with well-known Brands do NOT infringe Trademark Rights

Phishing Simulations with well known Brands do NOT infringe Trademark Rights

You want to use well-known brand logos for a phishing simulation? Go ahead, because phishing for training purposes does not infringe any trademark rights!

The key point of a trademark infringement and/or trademark infringement suit is whether there is a misleading consumer as to the origin of a particular product or service. If you use another company’s logo for training purposes for a simulated phishing email, that logo will not be used in a way that deceives customers. The sender of the phishing email is not concerned that the branded goods or services originate from and are associated with the ‘logo donating company’ or are sponsored by the company owning the trademark and/or the brand.

As a sender of phishing simulations, you do not ‘brand’ goods or services with someone else’s logo, but rather train your employees’ security awareness! Possible deception is clearly prevented/corrected by a corrective landing page and/or the training module included in the campaign. That’s why LUCY Server sends training content to users at the end of a simulated phishing attack. Its basic content teaches the user to beware of phishing fraud.

Thus, the logo of a third party is only used for illustrative or didactic purposes and there is no connection or relationship between the trademark owner and the customer (i.e. the recipient of the phishing mail)[1].

From a copyright perspective, the integration of a third-party logo in a simulated phishing e-mail serves a completely new, didactic purpose and thus represents fair use. The new purpose is to “increase security awareness” and to inform the public / the users about the prevention of phishing fraud. This new use does not undermine either the copyright owner or a market that the author would reasonably work.

Please note, we are not lawyers, please use this information with caution. This is LUCY Security AG’s view on things. The information is without guarantee and is subject to change.

Happy Phishing!

Palo Stacho, Head of Operations LUCY Security AG


[1] Tip for LUCY Campaign Admins: If you want to communicate something like this explicitly to the end user, then you can provide this information as a text field on the ‘Account Page’ when configuring the attack scenario in LUCY Server.

Topic: Trademark infringement phishing.

LUCY gets a Score of 4.8 on Gartner Peer Insights – That is a great rating!

Great toolbox, goes further than some big players” – Such statements and an overall rating of 4.8 out of 5 points are an excellent rating for our software and our company’s support services.


In the Gartner Peer Insights and Reviews  professionals will share their experiences, which they had with their suppliers and the suppliers’ services / products. The experience reports (the review), is validated by Gartner for probity and reliability, and therefore has a high relevance on the quality of the supplier, in the market. Some excerpts from the reviews:

  • “LUCY is the perfect tool for encompassing all aspects of phishing testing and training”
  • “Great toolbox, goes further then some big players”
  • “Great value package, easy to use”
  • Service & Support: “Very supportive and dedicated”
  • Service & Support: “Good training by service provider and good handbook available”
  • Quality and availability of administrator training: “Half a day of training was sufficient to handle the product and set up first campaign”

We are happy for the ratings and are committed to maintaining LUCY’s  good results on Gartner Peer Insights!

We look forward to any further review

LUCY: We make cyber-prevention affordable and available to everybody!


LUCY Server Overview Two Pager

The LUCY Two Pager

All you need to know about LUCY Server on one sheet of paper. The Two Pager Overview for LUCY V 4.2.


LUCY Server Overview Two Pager


The functionality of the Cyber Prevention and Training Server is displayed on a single page using a simple feature list. Explore the full functionality of LUCY Server in a compressed form.



Net Promoter Score (NPS)

LUCY reaches an incredible Net Promoter Score of 85.3 in 2018

LUCY Security’s World Class Cybersecurity Solution massively Outpaces Technology Industry with an dreamlike Net Promoter Score (NPS) of 85.3!

We only did a short customer survey this year. The only thing we asked our customers was: “On a scale of 1 – 10(best), how likely is it that you would recommend the LUCY software?” The result was amazing! The NPS of 85.3 is a great result. For comparison: Fireeye has an NPS 54 and Palo Alto Networks NPS is 14.

In the press release, our founder Oliver Münchow said: “Our NPS of 85.3 underscores LUCY’s unique differentiation to provide an unparalleled customer experience and service. This excellent rating reflects our innovative strength in phishing testing, awareness training, infrastructure health checks and human firewall engagement. The unique product-oriented approach in the development of an easy-to-use standard solution maximizes the benefits for our customers in an unprecedented way.”

Net Promoter® is a loyalty metric and a discipline for using customer feedback to measure and fuel sustainable growth. It is used as simple but effective approach to monitor customer experience. LUCY’s NPS of 85.3 validates the company’s exemplary efforts to serve the needs of their customers. This has resulted in extremely high customer retention rates. The average NPS in B2B Tech Vendors is 21 (Tech Vendor NPS Benchmark B2B 2017) .

Do you want to know more? Please contact palo (a t) lucysecurity-do t-com and ask for Colin (US) or Palo (everywhere else).

  • LUCY Security AG, Chamerstrasse 44, 6300 Zug, Schweiz, +41 44 557 19 37
  • LUCY Security LLC, 801 W 5th St, Suite 809, Austin TX 78703, USA, 512-917-9180



FireEye NPS:
Palo Alto NPS:


We make Cyberprevention available and affordable to everybody!




Create certificates of attendance with LUCY Server

Print Certificates of Attendance after a successful CBT

The LUCY Cyber Prevention Server also print Certificates of Attendance! Graduates of a LUCY Training can print out or have their course diploma sent to them at the end.

If a user has completed an eLearning module of LUCY, the user receives a course certificate upon successful completion. This function can be configured when setting up the awareness training campaign, as well as the percentage of correct quiz questions required. An email will be sent to the user after the course. This then allows the course graduate to download the PDF certificate document. Alternatively, the certificates can be retrieved in the ‘End-User Learning Portal’ of the LUCY Server.

All CBT modules containing quiz questions can be enabled with the certificate of attendance function. We wish you a lot of fun with IT Security Awareness trainings and Phishing Simulations with LUCY Server!

— Print a Certificate of Attendance with LUCY —


Roll out a GDPR Training

Rollout a GDPR Training to your Employees in a Minute [Video]

Rolling out an interactive GDPR training with LUCY. Imagine that you want to distribute a training course to your employees quickly and easily. You would like to know who the people have completed the training and what results have been achieved.  LUCY Server is also an e-learning system with which you can roll out training content in your company.

The short video shows how to set up a GDPR training in LUCY and send it to the employees. The course content is available as a template in the product. The procedure in LUCY is very simple:

  1. Create a new campaign
  2. Create a new scenario in it, select “Awareness” as type
  3. Select the GDPR training (corresponds to the DSGVO) as a template
  4. Save the scenario. Now you have created your own GDPR course. The course includes small tests and a quiz
  5. Edit the invitation mail to your employees
  6. Add the recipients to complete the course
  7. Start the GDPR training!

That’s all it takes: -) Have fun with LUCY Server.

Would you like to see what the training content is? Then watch this video.

About the Awareness Training Content in LUCY: Within the product we offer dozens of training templates. This is not just about information security. There are also training modules on physical security or safe use of the mobile phone, to name just two examples. Static learning content, interactive training and many videos are available. Our best practice videos can be customized to your requirements at a standard price. So you can get a personalized training video at a reasonable price, if you wish!

Create your own training modules! Since LUCY 4.0, the’ Adapt Authoring Toolkit’ has been integrated into LUCY. Training professionals can create their own content and use LUCY to distribute the training. We are more than just a phishing simulator!

Interactive GDPR Course by LUCY

Watch the GDPR Data Privacy and the General Data Protection Regulation Course [Video]

LUCY Learning Content – Our interactive GDPR course

This course aims to provide a comprehensive guide about how and why the Data Protection regulations should be put into practice in your workplace. It also explains what will happen if you don’t follow the rules.

Where do you find this course? It’s located as an awareness training in LUCY Server, but you can export the GDPR-Training as a SCORM-File and use it in any other Learning Management Solution.

The GDPR Course has seven sections or lessons

  1. In the first lesson of the GDPR Course you will learn the background of data protection and why it’s important. Key terms and exceptions are explained. In addition, you will learn some practical tips.
  2. In the second lesson, you will learn what the General Data Protection Regulation actually is, where it’s applied and what its basic purpose is.
  3. The third lesson shows a little more in detail for whom GDPR applies. Who is particularly affected?
  4. Chapter four deals with key definitions, for example the difference between personal data and sensitive data, what a recipient – or – what a data subject is. At the end of lesson 4 you will complete a short quiz.
  5. In the fifth lesson, you learn about exemptions from GDPR: – The data processor must disclose information when it comes to prosecuting a criminal offence, to name just one example in the course. And at the end of the lesson you will complete a short exercise.
  6. In the sixth part of the training you will learn the 9 principles on which GDPR is based.
  7. In the last and the biggest course part you will learn the real basics: How and in what way can personal data be collected and processed? Who needs to be informed and how? What is NOT allowed to do with the data? Who needs to be informed in case of a data breach and other security incidents?

Have a look at our second GDPR webcast. There you can see how such training courses can be set up within minutes and rolled out throughout the whole company. And: The software currently has fifty other modules for security training!

Thank you and have fun using LUCY! – Do you like our tool? Let us know if yes please! Thanks!