Phishing Attacks Made Easy Webinar 2018

How do I do a file-based phishing email simulation and training? [Video Tutorial]

Phishing Attacks Made Easy – In 15 minutes to a savvy professional attack with file-based phishing email and IT security training. Prevent cybercrime, strengthen your employees!

The recording of the webinar moderated by Kevin Beaver shows how to provide an advanced phishing campaign. The video tutorial is rounded off with a search for existing data leaks in the darkweb.



During the screen presentation you will be shown the following steps in the creation of a file-based phishing simulation and the subsequent training lesson:

00:00 – Introduction “A wrong decision is all that it takes” by IT Security Expert Kevin Beaver

08:45: Creating a simulated phishing attack using the new LUCY Software V4.3. Security Evangelist Oliver Münchow shows how to create a sophisticated attack simulation and training campaign with the LUCY software in no time at all:

  • Selection of a Phishing Simulation
  • Create a landing page similar to the login page of an Office 365 © installation.
  • Configuration of a harmless Trojan in the ‘Installation file for Office Mail’.
  • Selection of the training module for the subsequent Awareness Training
  • Executing the awareness-raising campaign
  • Statistics / reporting of phishing simulation and the employee training
  • Reporting suspicious emails using the Phishing button and the Incident Console’s working method

23:00 Dark Web Research & Analysis: As a bonus the new LUCY Darkweb search for existing data leaks is presented (Preview)

26:50 Q+A: Questions from the audience moderated by Colin Bastable LUCY USA

About – The LUCY software serves to prevent cybercrime. The product can be installed locally or downloaded from the cloud. Hundreds of attack templates and training modules are available so that the solution can be used immediately. In the meantime, LUCY has been downloaded over 11000 times and installed over 6000 times. Customers like Robert Bosch, Pioneer or SEB-Bank are customers of the Swiss company with offices in Switzerland and Austin Texas.

LUCY is available in the Cloud or locally (download here)

Contents of the Webinar Video:

LUCY is available in the Cloud or locally (download here)


Ridicolous easy: Phishing Attacks and Awareness trainings set up and run within seconds. Also suitable for Experts!

Even for Experts: Phishing & Training Campaigns set up within seconds with LUCY Software 4.3 [Video]

It can’t be better! Cybercrime Prevention in Seconds! Also for Pros: A new Phishing and Training Wizard for Campaign Creation is available in LUCY V4.3. LUCY Software is the leading solution for cybercrime prevention.

Watch the 2-minute video and discover how to set up, start and send a complete simulated phishing attack and a security awareness training course to your employees in two minutes. We explain how this works:

  1. You need LUCY Server V4.3 as local installation or Cloud Appliance (Download).
  2. Log into LUCY and select ‘New’ and ‘Campaign Wizard’ options in the Campaign Dashboard.
  3. The wizard for creating the simulated phishing attack will start. Select the type of attack you want to use. Available are hyperlink-based, web-based, file-based, USB attack, Mail+Webfilter test, pure training without attack simulation or the Malware Simulation to test your infrastructure.
  4. Select the template on which the phishing attack should be based, define the attack language.
  5. Name your attack scenario and select the client under which the attack should run.
  6. If you want to add a training to the phishing attack, please select the corresponding checkbox.
  7. Now define the properties of the phishing attack: attack domain, sender name (of the simulated phishing email), sender email and subject of the message. You can already work with variables to address the victims individually here. The configuration of the attack part is now completed.
  8. Awareness Training part: Now select the appropriate sensitization training and the language to be used. There are hundreds of quizzes, videos, games, interactive courses, posters, etc. to choose from.
  9. Now also define the properties of the training lesson: source domain, sender name, sender e-mail and subject. This information is then used to send the user an invitation e-mail to complete the training.
  10. Select a predefined recipient group that is to receive the attack and the training or enter the recipients now.
  11. Done! Check your entries in the recapitulation of the phishing and training campaign and
  12. Press ‚Start’. Alternatively, professionals can go into the detailed settings of the attack and make further revisions! So even specialists benefit from the efficiency gain in campaign creation through the LUCY V4.3 Campaign Wizard.

Strengthen your staff against Internet attacks with LUCY Software! There is no better product for cybercrime prevention.

Schedule a Demo

Ask for a Testsystem


Roll out a GDPR Training

Rollout a GDPR Training to your Employees in a Minute [Video]

Rolling out an interactive GDPR training with LUCY. Imagine that you want to distribute a training course to your employees quickly and easily. You would like to know who the people have completed the training and what results have been achieved.  LUCY Server is also an e-learning system with which you can roll out training content in your company.

The short video shows how to set up a GDPR training in LUCY and send it to the employees. The course content is available as a template in the product. The procedure in LUCY is very simple:

  1. Create a new campaign
  2. Create a new scenario in it, select “Awareness” as type
  3. Select the GDPR training (corresponds to the DSGVO) as a template
  4. Save the scenario. Now you have created your own GDPR course. The course includes small tests and a quiz
  5. Edit the invitation mail to your employees
  6. Add the recipients to complete the course
  7. Start the GDPR training!

That’s all it takes: -) Have fun with LUCY Server.

Would you like to see what the training content is? Then watch this video.

About the Awareness Training Content in LUCY: Within the product we offer dozens of training templates. This is not just about information security. There are also training modules on physical security or safe use of the mobile phone, to name just two examples. Static learning content, interactive training and many videos are available. Our best practice videos can be customized to your requirements at a standard price. So you can get a personalized training video at a reasonable price, if you wish!

Create your own training modules! Since LUCY 4.0, the’ Adapt Authoring Toolkit’ has been integrated into LUCY. Training professionals can create their own content and use LUCY to distribute the training. We are more than just a phishing simulator!

Interactive GDPR Course by LUCY

Watch the GDPR Data Privacy and the General Data Protection Regulation Course [Video]

LUCY Learning Content – Our interactive GDPR course

This course aims to provide a comprehensive guide about how and why the Data Protection regulations should be put into practice in your workplace. It also explains what will happen if you don’t follow the rules.

Where do you find this course? It’s located as an awareness training in LUCY Server, but you can export the GDPR-Training as a SCORM-File and use it in any other Learning Management Solution.

The GDPR Course has seven sections or lessons

  1. In the first lesson of the GDPR Course you will learn the background of data protection and why it’s important. Key terms and exceptions are explained. In addition, you will learn some practical tips.
  2. In the second lesson, you will learn what the General Data Protection Regulation actually is, where it’s applied and what its basic purpose is.
  3. The third lesson shows a little more in detail for whom GDPR applies. Who is particularly affected?
  4. Chapter four deals with key definitions, for example the difference between personal data and sensitive data, what a recipient – or – what a data subject is. At the end of lesson 4 you will complete a short quiz.
  5. In the fifth lesson, you learn about exemptions from GDPR: – The data processor must disclose information when it comes to prosecuting a criminal offence, to name just one example in the course. And at the end of the lesson you will complete a short exercise.
  6. In the sixth part of the training you will learn the 9 principles on which GDPR is based.
  7. In the last and the biggest course part you will learn the real basics: How and in what way can personal data be collected and processed? Who needs to be informed and how? What is NOT allowed to do with the data? Who needs to be informed in case of a data breach and other security incidents?

Have a look at our second GDPR webcast. There you can see how such training courses can be set up within minutes and rolled out throughout the whole company. And: The software currently has fifty other modules for security training!

Thank you and have fun using LUCY! – Do you like our tool? Let us know if yes please! Thanks!

An e-Fax Phishing Scam with a trackable PDF File [Video]

Check whether and how many users download a supposed E-fax in PDF format and open it if necessary.

At the turn of the millennium, many companies banned the physical fax machine from the offices and instead introduced fax servers with mail functions. Since then, the number of fax messages sent has fallen almost to zero. Such seldom-used business functions are a popular attack vector for cybercriminals. The eFax attack template with integrated, traceable PDF file is one of the most popular scenarios of the LUCY Cyber Prevention Server. We show in a short video how to configure a phishing campaign and how to track the file download.

This campaign can be carried out with any version of LUCY, including the free Community Edition. The process is completely harmless and no confidential data will be sent to third parties.

Why does the scenario use a landing page for the ‘fax’? This is due to the fact that a PDF does not have a function that allows tracking as long as the end customer does not use a vulnerable PDF reader. The only way to track whether a PDF has been downloaded is to embed the file in a web page.

Further highlights of the LUCY software

  • In addition to phishing tests, the solution also allows comprehensive training of employees with many templates.
  • Local and cloud installation possible
  • LUCY’s Phishing Alarm Button allows easy notification in case of suspicion.
  • The Incident Console in LUCY automatically calculates an Email Risk Score and informs the end user about the risk potential of the reported message.
  • Prefabricated malware simulations show you to what extent an attack on your network would be successfulThe malware simulation also provides tips on how to fix any weak points.
  • You always remain in control of your data, no information is transmitted to third parties!
  • Complies with GDPR


or download LUCY here.


Phishing Campaigns done in one minute

In One Minute to your own Phishing Simulation – Predefined Campaign Template Feature [Video]

It’s the easiest and fastest way to a phishing simulation. Free for everyone! There is no more efficient way to set up a phishing test than with LUCY Server. Even in its simplest form, the easily created campaign meets GDPR’s data protection requirements.

In one minute to your own phishing simulation. This is how “Educational Social Engineering” is fun. Professionals also use the “Predefined Campaign Template” functionality to create a phishing scenario. Within less than a minute an attack can be launched, sent and monitored! See yourself how easy it is to work with the LUCY cyber prevention software!

In addition to phishing tests, the solution also allows comprehensive training of employees with many templates.

What the Antiphishing Software can do

More highlights:

  • LUCY’s Phishing Alarm Button allows easy notification in case of suspicion.
  • The Incident Console in LUCY automatically calculates an Email Risk Score and informs the end user about the damage potential of the reported message.
  • Prefabricated malware simulations show you to what extent an attack on your network would be successful
  • The malware simulation also provides tips on how to fix any weak points.
  • You always remain in control of your data, no information is transmitted to third parties!



Configuration and Usage of the LUCY Phishing Button for Outlook [Video]

Simply and reliably report phishing attempts during operation. And all at a great price!

The LUCY webcast “How to install, configure and use the LUCY Phishing Incident Plugin” for MS-Outlook briefly shows the following steps:

  1. Configuration of the’ Phishing Button’.
  2. Download and installation of the feature in Outlook (c)
  3. Usage: A phishing simulation mail is reported using the plugin
  4. Short insight into the LUCY Threat Console and the calculation of the LUCY Risk Score.

The Phish button works under MS-Windows / Microsoft-Outlook (32 and 64 BIT). The add-in also runs under MS-Outlook for Apple Mac and Office 365 (c) is also supported. Availability and Costs: The basic functionality of the alarm button is already available with the cheapest commercial version UNLIMITED. You can install the button as often as you want with STARTER Edition.

Availability and costs: The basic functionality of the alarm button is available with the basic commercial edition. You can install the button as often as you want with the’ Starter Edition’ (unlimited!).

1) Configuration of the’ Phishing Button’.

Log in to LUCY and go to the menu item “Incidents” and then click the button Settings –> Plugin Settings.

  • There you can maintain the “e-mail recipient” (where the e-mails are to be sent when the end user clicks on the button).
  • The “Thank You Message” contains the text that is returned after the user has clicked the button.
  • The “Thank You Message for LUCY Emails” is the message that comes up when the user submits an email using the Phish-Alarm button, in the case he’s submitting a LUCY Phishing Simulation Email Message.
  • With “Button Message” you enter the text that is shown on the button itself.
  • And Subject: It’s the subject line with which the messages are received by the administrator.

When selecting the transmission methods, the following options are available for selection (multiple answers possible)

  • Submission via HTTP (transmission via email)
  • Submission via SMTP (transmission via email)
  • “Use SMTP for receiving incident reports on Lucy “: Check this option if you want the Outlook Plugin to send a copy of the reported phishing mail to LUCY (into the Incident Console). The mails from phishing simulations are filtered out.
  • “Use smtp for receiving incident reports on LUCY” – If this option is enabled, LUCY Server assumes that the server needs to intercept the emails sent by the plug-in (add-in) via SMTP. The local LUCY Postfix server is configured accordingly. All received emails are added to the Incident Console. If you do not enable this, even if the email points to Lucy, nothing happens – the server does not wait for messages via SMTP.

2) Download and installation of the feature in Outlook

The plugin can be downloaded directly from the Incident console. To do this, a *. msi installation file is created when you click on it. If changes are made in the configuration of the button, the *. msi file has to be downloaded and installed again!

3) Use: A phishing simulation mail is reported using the plugin

When the user submits a LUCY phishing email, he is immediately informed in Outlook that the user has reported a phishing simulation email. This frees the administrator from the triage between’ simulated phishing mails’ and’ real external mails’.

4)  LUCY Threat Console &  the calculation of the LUCY Risk Score.

From the LUCY “Business Edition” onwards, the’ LUCY Email Risk Factor/Score’ is available. Here, risk scores for the mails submitted are calculated with the help of 4 different rule sets:

  1. Rules for header analysis
  2. Rules for Sender Domain Analysis
  3. Rules for the analysis of message content (body)
  4. Own, individual rules

This results in a score of 1-10. That’s it 🙂 We wish you a lot of fun with LUCY Server!


Longer and shorter videos for employee awareness education (and trackable)

Trackable educational IT security awareness videos with various durations from LUCY Security are included in all commercial editions of its Software.

Longer Videos for initial trainings and short videos for skilled workers! LUCY Security is aware that customers have individual needs. That’s why LUCY Best Practice Training Videos for employee education are rolled out in a long and in a short version. Today we present two recently added videos:

  • Secure Internet Usage Video (Long / Short)
  • Secure Social Media Usage Video (Long / Short)

Secure Social Media Usage Video: The content (animation, language, script) is customizable. The long video takes 5.4 Minutes and the short version is only one minute long.

In the second featured rich media training we talk about secure internet usage. Also here the content (animation, language, script) is customizable. The long version is 4.3 Minutes and the short one is one Minute long.

Video Statistics available

Who watched how long? These awareness training templates provide statisticial insights. They are reported in the dashboards as well in the campaign reporting.

Create and run a smishing attack in two minutes - LUCY screencast

Setup and Run a Smishing Attack in 2 Minutes – Educational Social Engineering with LUCY

A smishing attack is done easily with LUCY Server. Set up your educational social engineering campaigns and train your people.

Create and Run a Smishing Attack Simulations with LUCY Server. A Smishing Campaign is like a Phishing Campaign, but the distribution is done over SMS messages instead using email. With LUCY you can set up such a campaign as easy as a phishing simulation. This Video shows how it’s done. You need to have the mobile numbers from the recipients. Please take note that Smishing is unlawful in some countries! LUCY Security from Switzerland makes cyber prevention and IT-Security awareness affordable and available to everbody!


Ransomware Explainer Video by LUCY

Did you know that you can customize our Ransomware Explainer Video?

Adapt LUCY’s Ransomware Explainer Video to your own needs. Owners of a commercial edition can customize every educational video delivered by LUCY for a reasonable price.

Our Ransomware video explains in less than two minutes how to protect against Ransomware attacks. This is about the behaviour of each individual: do not open links from unknown, think twice before you click.

Many customers use the video without customization to train your organization. But there is also a considerable amount that want to individualize the video or they want to add customer-specific information into the video. With the help of our storybooks, which we deliver to the customer as needed, this is done quickly. This allows the desired changes or extensions to be clearly and easily documented and specified.

Thus, a rapid and low-cost individualisation of the learning content is made possible.

Contact us if necessary or if you have more questions here: Request a semi-custom video.