New Major Release is out - LUCY V4.4 is available for download

Brand new: LUCY V4.4 and why you should upgrade to the new version!

The second release using Debian 9.5 brings significant improvements to users of the Phishing Incident button. Further the GDPR compliance is now on the highest level!

The Office 365 (c) Incident Button is now matured and the Mail and Web Filter Test feature has been polished. Further improvements and bug fixes see below.

What is the Mail and Web Filter Test?

This Email and Internet malware protection test gives you an insight at how your mail server and web proxy handles different variations of files and file types. You can thus see whether potential malicious code, such as Java files, backdoors, scripts, embedded Office Objects are detected and blocked by the filter infrastructure. Based on these results, you can then carry out targeted phishing campaign. And you know which files „go through“.

Why is the new Debian Linux version so important?

The Linux Version that we used until Lucy V4.2 stopped receiving security upgrades from the vendor, so by moving to the new version you will continue getting security updates for all software for the Operating System level until 2022. In addition, Lucy will run on more recent versions of software, and this may speed some things up.

New Major Features in Version 4.4

What improvements and new features are particularly worth mentioning? (Some with links to the LUCY Wiki)



VmWare / VirtualBox / AWS / Native Linux available


Other Improvements and Bug Fixes

Other Improvements / New Features

  • Improvement – Improve template menu (awareness + scenario templates)
  • Improvement – SE: Catch email replies
  • Improvement – SE: Embedded email client
  • Improvement – Recipient Statistic Improvements
  • Improvement – O365: implement features from MSI plugin (Plugin)
  • New Feature  – Campaigns and CampaignScenario tables refactoring
  • New Feature  – SE: Time tracking for landing page


Fixed Bugs

  1. Server – Awareness Delay bug
  2. Server – End User Portal: incorrect redirection
  3. Server – Downloaded Files: incorrect calculation
  4. Server – Test Run: Awareness email isn’t sent if delay>0
  5. Server – Pinned Campaign checkbox: UI changes
  6. Server – Resend Button (Errors): MessageJob does not start
  7. Server – Risk Assessment: highlight recommended scenarios
  8. Server – Invert-Train: trained_at isn’t updated
  9. Server – Campaign name should be unique
  10. Server – Campaign Restore: User Id cannot be blank
  11. Server – Statistic charts are displayed as “in progress” in stopped campaigns
  12. Server – Quiz stops counting answers when get 10th question
  13. Server – Campaigns: backup is displayed when apply search
  14. Server – Campaign Recipients: Distribute users over selected scenarios
  15. Server – Mail & web filter test – 500
  16. Server – Users: Admin account is changed to end user
  17. Server – Update bug 4.3 => 4.4
  18. Server – No default reputation level is displayed after successful submission
  19. Server – Users: Certificate-based login
  20. Server – PHP error
  21. Server – 500 error during import recipients
  22. Server – Invalid awareness_id when restoring awareness only company
  23. Server – 2FA: second password is sent
  24. Server – Missed column names for recipient
  25. Server – Remove `Reports`,`Campaigns` from New Client
  26. Server – X-headers are not set in forwarded emails in O365
  27. Server – Scenario Templates: download instead of release date
  28. Server – Awareness website click stats is not anonimized
  29. Server – Landing Page Editor: Close Handler nor working
  30. Server – Advanced data not anonimized
  31. Server – Incorrect training score
  32. Server – Benchmark Sector settings: top-border overlapping
  33. Server – Text after quotes will disappear after apply search
  34. Server – Quiz Scores Distribution
  35. Server – Recepients: User see `null` text in alert during deletion recipients
  36. Server – Correct text placement in ‘Awareness website’ graph
  37. Server – Incidents: the Email domain is parsed incorrectly
  38. Server – Reports: remove extra tags
  39. Server – End Users: correct succeeded users count
  40. Server – Recipients import: custom fields aren’t imported
  41. Server – Users info is not anonymized
  42. Server – Hide anonimized user data on server side
  43. Server – Campaign Wizard: error creating campaign wizard with ‘Mail & Web Filter Test’, ‘Technical Malware Test’ types
  44. Server – New scenario cannot be added
  45. Server – Portable Media Attack: Failed AJAX requests
  46. Server – LHFC: Tool is not attached
  47. Server – Data in report template is not anonymized
  48. Server – Collected data is not Anonymized
  49. Server – Hide statistic info for company with anonymous scenario
  50. Server – CampaignGroupRecipientEditJob: recipient_count isn’t updated
  51. Server – PHP notice
  52. Server – awareness website – fake anonymity statistic
  53. Server – Adapt template: Website is disabled after saving basic settings
  54. Server – Can not close BenchmarkSettingsForm
  55. Server – 404 on “opened” item
  56. Server – Attaching renamed image
  57. Server – Unable to restore from backup
  58. Server – Campaign recipient link bug
  59. Server – End users not created for the phishing campaign
  60. Server – Data in export drop down is duplicated
  61. Server – PHP notice on time/top worst
  62. Server – Reputations Level bug
  63. Server – Campaigns: Unable to delete all campaigns
  64. Server – Error creating recipient without email
  65. Server – Error saving in “Base Settings” section
  66. Server – Campaign Wizard: 500 error on create campaign ‘Training’ type
  67. Server – LDAP: users from another domain are not imported
  68. Server – Campaigns: Runtime exception of save campaign name with <>
  69. Server – Awareness: 404 on preview website for specific template
  70. Server – Campaign Wizard: the 404 page on preview template
  71. Server – SMS issue
  72. Server – “Test Run” bug in portable campaign
  73. Server – Reputation Levels buttons bug
  74. Server – Recipients import: “records of page” dropdown bug
  75. Server – Recipients import dropdown bug
  76. Server – Dynamic Domain Save Bug
  77. Server – Search field is not cleared after clearing field and click Update button
  78. Server – Migration Tool: “Campaign templates” section is not copied
  79. Server – Campaign export : table appearance issue
  80. Server – Negative rating
  81. Server – API: scenarios bug
  82. Server – Time landing Page varaibale is not shown in help
  83. Server – Individual scenarios not running
  84. Server – Bad code performance in CampaignController.actionClearSimilarErrors
  85. Server – Error uploading logs to server (error 400)
  86. Server – View Only User Bug
  87. Server – Scheduler: Run Days data validation
  88. Server – End User Line Break Issue
  89. Server – Awareness Certificate: non-english scenarios
  90. Server – Broken link in the campaign breadcrumbs
  91. Server – Recipient group creation bug
  92. Server – Mail settings bug
  93. Server – Enduser login bug
  94. Server – Add language to template
  95. Server – Report Variable: limited interval
  96. Server – Report Variable: screenshot by scenario ID
  97. Server – Reminders page: numeric UpDown fields display only one digit in Firefox
  98. Server – Forward Email bug
  99. Server – Test Run: Resend bug
  100. Server – Recipient Import from CSV: Gender column is missing
  101. Server – End User portal: password.txt
  102. Server – Copy button display bug
  103. Server – CSS bug: too long campaign name
  104. Server – Enduser when creating users
  105. Server – Permission issues
  106. Server – Advanced settings form adjustment
  107. Server – View filters bug
  108. Server – Adding recipients from search results
  109. Server – Campaigns.recipient_count bug
  110. Server – Test run affects campaign running time
  111. Server – Campaign summary design issue
  112. Server – System creates endusers for portable attacks
  113. Server – Awareness page is still accessible after campaign is stopped
  114. Server – Wrong user info in campaign stats
  115. Server – Import from CSV: Link field verification
  116. Server – Collision of victim’s links in copied campaign
  117. Server – Performance test campaign is not deleted after stop
  118. Server – Campaign overview not showing success
  119. Server – Reports: file type settings are not displayed
  120. Server – Webpage upload bug
  121. Server – Object restore id bug
  122. Server – Wrong paginator url on recipient page
  123. Server – bug
  124. Server – LDAP: users who have name with brackets are not imported
  125. Outlook MSI Plugin – Outlook phish button error message when reporting mail which is in “draft”
  126. Outlook MSI Plugin – Big attachment bug
  127. Outlook 365 Plugin – Error parsing headers in O365 reports
  128. Outlook 365 Plugin – Useless function-file referenced from XML (with a wrong URL)
  129. Outlook 365 Plugin – Error for awareness reports
  130. Outlook 365 Plugin – Outlook 365 restored item bug


VmWare / VirtualBox / AWS / native Linux available
500 Free Recipient Credits included!


All notable LUCY features from the past four Releases

Did you miss all these features from the past 12 months? From LUCY 3.7 to 4.3

From 3.7 -> 4.3 : This is a considerable list! See a summary of the functionalities we have built or expanded in the last 12 months.  

We have found that new features are often not noticed by users and therefore not used. That’s why we have summarized the most important new features of the last four major versions in this article.

  • LUCY Version 3.7 was the current release during LUCY Connect in October 2017 , since then
  • Four major releases were deployed until today: 4.0 (3.8, 3.9, 4.0 merged), 4.1, 4.2, 4.3


1.     People Testing Features and Enhancements

  1. Default campaign template for even more efficient campaign creations (3.7)
  2. Sending messages: CC, BCC and fake TO fields in messages (3.7)
  3. Gender-specific addressing using variables (4.0)
  4. Digital signature in phishing emails (4.1)
  5. Add attachments to PDF. Filebased Attack using the pdf format including an executable attachment (4.3)
  6. 315+ Attack templates and new languages like simplified Arabic, Chinese & Japanese

2.    Awareness Training Features and Enhancents

  1. A new Enduser profile page,your personal learning and training (3.7)
  2. Authoring Toolkit(4.0)
  3. Option for awareness results overwriting (4.0)
  4. Reputation-Based eLearning / ‘Maturity Model’ (4.0)
  5. Scorm export for Learning/Awareness Content (4.0)
  6. Attendance Certificate for successful training / Training Diploma (4.1)
  7. Full-featured LMS Advanced education portal for end users (4.3)
  8. Training library support (4.3)
  9. 180+ Training Templates containing 40+ Videos
  10. Screen locker Template – send data to the server on execution (4.0)

3.    User Engagement Features

  1. New Windows Incident Plug-In (split versions x32 / x64) (3.6)
  2. New Gmail Incident Plug-In (4.2)
  3. Office 365 Outlook plugin (3.7)
  4. Outlook plugin improvements:
    • Custom subject, multiple recipients, additional headers (X-CI-Report) (3.7)
    • Additional headers checkbox (4.0)
    • Configuration interface (4.0)
    • Custom image (4.0)
    • Localization support (4.0)
  5. Option to remove incident notification for emails generated by LUCY (4.0)
  6. Optional additional headers support (4.0)
  7. MS-Outlook / Office365© Incident Plugin improvements: configurable ribbon label, inline email forwarding options (4.1)
  8. Email Risk Score / Incident Auto Feedback (4.0)
  9. Gmail phishing button! (4.2)
  10. Extended Threat analysis for end users: Now extended information is available for endusers including charts, etc. (4.3)
  11. Threat Mitigation (4.0)

4.    New Infrastructure Assessment Features and Enhancements

  1. Risk Assessment Campaigns (4.0)
  2. Mail and Web Filter Test (Which file and message types ‘go through’?) (4.1) including CSV, PDF export of Mail & Web Filter Test results (4.3)
  3. Mail spoofing test (4.2)

5.    GUI, Stats, report and miscellaneous

  1. Widgets on the Dashboard (4.0)
  2. Stop All Campaigns” button (makes patching easier) (3.7)
  3. Custom logos in the campaign report. (3.7)
  4. Add comparison/benchmark charts into the report (3.6)
  5. Extended reporting options (3.6)
  6. New dashboard & new dashboard actions: It makes the handling much more straightforward, especially when you have a lot of campaigns running (3.7) or if you are a heavy user with lot of campaigns (4.0)
  7. Statistics: New real-time statistics overview (4.0)
  8. Campaign Variables enhancements, including the use of variables in headers and subject line (4.0)
  9. New report template variables: You can put ‘everything’ into your Campaign reports! (3.7)
  10. API: Integrate your personal LUCY instance into your corporate infrastructure or enhance the functionality. It’s a bidirectional Interface. (3.7)
  11. Track & monitor e-learning via API, dashboard or reports (4.2)
  12. Disable campaign checks option (3.7)
  13. Ability to enable/disable recipients (4.0)
  14. Campaign export page (4.0)
  15. Download template dialogue: Search and sorting (4.0)
  16. Improve additional groups in import (4.0)
  17. IP whitelist message (4.0)
  18. LDAP filter improvement (4.0)
  19. Recipient groups selection in schedule rule (4.0)
  20. Scheduler randomization (4.0) and improvements (4.1)
  21. User reputation in Lucy (who is not the same as reputation based e-learning)
  22. User reputation report (4.3)
  23. Recommended email domains in templates (4.1)
  24. Export Recipient Groups (4.1)
  25. Reports: Image placeholder (4.1)
  26. More Whitelabeling: Change default name, copyright, logo, etc. (4.1)
  27. Labeling / Whitelisting You can edit nearly all Text Messages or Labels (4.1)

6.    New or changed system specific components and functionality

  1. A new version of the active vulnerability detection feature based on own code, BeEF replaced (3.6)
  2. Fake deletion (you won’t accidentally delete anything) (3.6)
  3. Backups speedup (3.6)
  4. Backup of DB data (3.6)
  5. AV/Firewall protection improvement (3.7)
  6. Recipient upload improvement (3.7)
  7. Scheduler improvements (3.7)
  8. Advanced Export Features (4.0)
  9. Anonymous Mode: Stronger settings, no more reverts (4.0)
  10. Domain registration: New TLDs (4.0)
  11. Log Improvement (login, logout, create/delete campaign/scenario (4.0)
  12. Predefined Campaign Templates (4.0)
  13. Multiple default campaign templates (4.0)
  14. New Campaign Wizard (4.3)
  15. Domain renewal option (4.1)
  16. XML export support (4.1)
  17. New SPF CHECK & MX Check (4.2)
  18. Postfix: support TLS for outgoing messages (4.2)
  19. Automatic invoices when buying credits (4.2)
  20. 2-Factor Authentication for Lucy Users (4.3)
  21. Disk usage tracking (4.3)
  22. Block search engine networks from accessing Lucy (4.3)
  23. Incident center with Filter, Search and Sort (4.3)
  24. New Docker configuration (4.2)
  25. The Software runs on Debian Linux 9.5 (4.3)

These all the notable Features and Enhancments from the past four LUCY Releases – Enjoy using LUCY!

We make Cybercrime Prevention and Simulated Internet Attacks available and affordable to everybody!

LUCY Software is an Security Awareness System with an integrated Learning Management System LMS and with Debian 9.5

New LUCY 4.3 brings a full blown LMS and Debian 9.5

LUCY V4.3 brings 
  1. The Learning Management System (LMS) has reached full capacity. It includes now the advanced education portal functionality for end users: This feature allows users/victims to log into Lucy on their own and track their progress over multiple campaigns/trainings
  2. A brand new Campaign Wizard
  3. 2-Factor Authentication for Lucy Users and Admins
  4. A new Training Type named Training Library: This feature introduces the ability to offer recipients a library of training materials, compiled of various awareness templates in LUCY Server
  5. The Software runs now on Debian Linux 9.5

Already at the end of September 2018 we have started the rollout of LUCY 4.3. The image is available on


The latest version of LUCY Server offers many interesting functional enhancements and improvements: A new wizard is available to make your first campaigns even easier. A two-factor authentication is now available for end users. Our LMS is now fully functional and has now the desired scope so that you don’t need an additional learning management system anymore. For the trainings there is now a real training portal, in which the user can manage his trainings and follow his learning progress. Especially we would like to point our new “Awareness Training Library”, where the end user can individually select his own training from a whole library of training modules. And there are even more new features worth to mention:

  • Threat analysis for endusers
  • Add attachments to PDF
  • User reputation report
  • Disk usage tracking
  • Block search engine networks from accessing Lucy
  • Incident center with Filter, Search and Sort
  • CSV, PDF export of Mail & Web Filter Test results
  • Campaign message log: search and filter


Linux Upgrade

The most far-reaching change is the upgrade of the operating system to Debian Linux 9.5 Stretch. This measure was necessary to ensure maintainability and to maintain system security, as this guarantees security updates for the OS until 2022.

All customers using a system hosted by LUCY have already been contacted or will be contacted directly by our support. Customers who use LUCY as VMware, VirtualBox or AWS appliance have an automated upgrade routine available for the update.

Customers who have installed LUCY natively on Debian, using a Docker container, will get an automated upgrade as well. Customers with native installations without Docker please contact our support as well. An appointment must be made to perform the manual upgrade.

Contact support in case of problems – We hope to have served with this information. If you have any problems with the upgrade, please do not hesitate to open a ticket directly at support (at) lucysecurity (dot) com. Note that no campaigns can run at the upgrade time and that the server is restarted during the upgrade.

Fixed Bugs in LUCY Software V 4.3

And we fixed a lot:

  • 4.3 Awareness Delay Bug
  • 4.3 Hyperlink Template show landing page
  • 4.3 mail and webfilter display issue
  • Admin port configuration bug
  • Annymous not working for downloads
  • Anonymisation bug fix
  • Apache: Syntax error in apache2.conf while doing graceful restart
  • API recipient-group mapping to campaign fails
  • Awareness certificate generation page
  • AwarenessCertificateJob: runs after stopping any campaign
  • Campaign comparison: recipients bug
  • Campaign Restart & Reset Stats button
  • Campaign Restart not working
  • Campaign Test Run feature: tracking clicks isn’t working in ‘Awareness only’
  • Campaign.recipient_count out of sync
  • CampaignManager.getRunning / getRunningCount bugs
  • Console Post shows empty GUI
  • Constantly running getIpJob
  • Correctly mark simulation reports for stopped campaigns
  • Divided by zero bug
  • DocX report Bug
  • Download Template: Hide Installed is ignored when Check All available is ticked
  • Download templates error
  • Download Templates: Lucy is unable to get ‘updated’ (new) templates
  • Empty report arrives if the option After I stop the campaign send me a report to.. is enabled
  • End User Profile page: available training / History gives a 404
  • Error 500 when downloading campaign template
  • Error downloading user certificate
  • Error in UI when using 2FA
  • Exception on saving Scenario settings
  • Fix awareness cert
  • Fix bug in edit scenario template
  • Fix LDAP bug
  • Fix remaining errors from QA
  • Forgot password
  • Generate Report bug: showDateTime method is missing
  • In the download links files the wrong choice of ip / domain is used
  • Incident Management: download message received by SMTP
  • LDAP cannot be deactivated
  • Lucy is unable to change timezone
  • Lucy Outlook Button: Server Address could not be resolved
  • Mail & Web test – file names bug
  • Mail and webfiltertest: not possible to rename the campaign name
  • Mail Settings resets after insatalling 4.3
  • Migration tool: bugs
  • Migration Tool: empty campaign bug
  • Modifying scheduler rule issue
  • MWF: remove options from scenario and template
  • MX check error
  • Not possible to bind recipients to a campaign
  • O365: No ‘Access-Control-Allow-Origin’ header
  • Outlook plugin download fix
  • Password recovery does not work for any user
  • PDF attachment fixes
  • Portable media attack fixes
  • Property VictimCustomFieldForm.value is not defined
  • Recipients: Copy&Delete buttons unavailable in Internet Explorer
  • Recipients: Select All > Delete leads to system failure
  • Reflective Master/Slave
  • Reminders: FATAL (Exited too quickly)
  • Remove stat fields from Campaign and CampaignScenario
  • Report: Error generating image (custom admin port)
  • Reputation levels: default icon
  • Request failed try again when saving Message Tempalate
  • Scenario Stats : Show All button
  • Scheduler: when start\end have the same time then the plan is not created
  • SCORM Export bug
  • SCORM export: language selection
  • Spoofing Test: could not resolve
  • SSL for Lucy console when custom port is used
  • Stats calculation error
  • Temporary folder bugs
  • Test Run: Email tracking breaks the campaign
  • Translation Bug fix
  • Undefined variable: ip

Have fun using LUCY! Let us know if you like something or if you are still missing some functionality.

We’ll document everything in our LUCY – WIKI  as soon we can! Download the LUCY Anti Phishing and Cyber Crime Prevention Software below!


LUCY V 4.2 brings the Gmail Phish Button!

Brand new Gmail Phish Button and full functional Mail & Web Filter Test: LUCY 4.2 is available now!

New LUCY Version 4.2: The popular Phishing Incident Plugin (Phish button) is now also available for Gmail. This means that Google Mail users now also benefit from automated threat analysis. Furthermore, the web and mail filter test has reached the full configuration status. Thus the search for loopholes in web communication is done in minutes instead of days!

LUCY V 4.2 is available for download now. Besides dozens of bugfixes the following new features are available:

  • Massively improved MWF test (Mail & Web Filter Test: Which file and message types ‘go through’?)
  • New SPF CHECK & MX Check (see below)
  • New Docker configuration (behind the scenes)
  • Add a few reporting variables in awareness mail /website
  • Postfix: support TLS for outgoing messages
  • Gmail phishing button!
  • New Campaign Overview Dashboard with new filters
  • Custom image support for Outlook phishing incident plugin
  • Template editor improvement
  • Automatic invoices (details see below)
  • Outlook Phishing Button Plugin: custom image
  • Mail spoofing test (details see below)
  • New Top Navigation


New SPF CHECK & MX Check

1) SPF check. Half our clients spoof their own company domain as a mail sender. As many use SPF records, those mails do not arrive and client thinks LUCY does not work. Thats why we created an SPF check:

  • First: The user saves the message template in a campaign.
  • Second: Verify, if there is a mismatch of the record and LUCY’s IP.
  • If yes, tell this to the user in a popup he need to acknowledge.

This check is also added to the general checks for campaign checks.

2) MX check: When saving an attack scenario, the system checks if the MX record points to LUCY for the sender domain. This is logically wrong. The sender mail server can be different from the MX. Thats’s why we developed a new check, where LUCY verifes if any MX record exists for the domain. If not: most mail server do not accept mail domains, where no MX record exist. Thats why there’s a new popup where LUCY tells the user, that the mail wont arrive unless the used sender domain OR the LUCY-Server IP number gets whitelisted,

Mail Spoofing Test

This tool will help the company to determine, if an external attacker can spoof mails (from company mail domain TO company mail domain; example: sender is [email protected] and receiver is [email protected]).

Automatic invoices

If the user buys more credits or buys lucy, the system creates an invoice (pdf) for the user automatically. The invoices then will be archived and remain accessible to the user.


Have fun using LUCY! Let us know if you like something or if you are still missing some functionality. Because we want to remain the best product on the market 😉

Fixed Bugs in LUCY V 4.2

  • “Benchmark Based” campaigns are incorrectly distributed on benchmarks
  • “Client” field in “Incidents” not filled bug (Outlook MSI)
  • “Reset Stats” button marks campaign as Not Running
  • “Service Logs” dont display logs when selecting files in the “File” field
  • “Trying to get property of non-object” when deleting recipient group(s)
  • 404 error after updating to 4.2 when trying to use system with domain
  • Advanced Settings: Date Time & Export issues
  • After update 4.1 – 4.2: Adding a group refresh bug, After start campaign check not working, Copy webpage refresh bug
  • After update on 4.2 – endless reboot
  • Awareness certificate – checkbox “Create Awareness Certificate” bug
  • Awareness certificate file is downloaded without the use of customized styles
  • Awareness Certificate: enduser bug
  • Awareness only report summary chart bug
  • Awareness page link
  • Backup\Restore of campaign (between two different Lucy instances)
  • Campaign comparison bugs
  • Campaign recipient management bug
  • Campaign report doesnt include the content of variable %charts.analyse%
  • Campaign Restart (Reset Stats)
  • Copy Webpage: SSL Error
  • Critical reports bug (from 4.0)
  • Data for plugin cleared
  • Delete duplicate creates unspecified db error
  • Deletion all recipients bug
  • Digital Signature (error: The message contents may have been altered)
  • DKIM selector always is “mail”
  • Download Templates: Install & Replace
  • Editor 500 Bug when accessing system folder via file explorer
  • Error “Empty recipient list.” when adding selected recipients to campaign
  • Error “SMTP server not found” when using “Default Mail Settings”
  • Error 500 if Awareness Only scenario is missing
  • Error 500 when saving Whitelabel
  • Errors in the Whitelabel section
  • Fix Invoice page
  • From LDAP server only some users imported to “Users”
  • Gmail Addon: plugin page causes Error 500
  • Impossible to add recipients in a portable scenario through the campaign
  • In the download links files, the wrong choice of ip / domain is used
  • Incident stats issues
  • Info “Download files” and graphics style bug
  • Label fix
  • LDAPS connection doesn’t work
  • LetsEncrypt: replace expired certificate
  • Letter about changing status of the domain comes in German
  • Login using personal certificate issue
  • Lucy is not updated from 4.1 to 4.2
  • Messages in application log
  • No references to recipients in groups in the “Recipients” section
  • Outlook Plugin: Custom icon causes Outlook to crash
  • Recipients copy bug
  • Recipients search causes error 404
  • Remove/reinstall MSI addon bug
  • Resend Email fails with Database error
  • Scenario landing page proxy bug
  • Skipped questions bug (quiz)
  • SmtpErrorsCommand bug
  • SSL generation bug
  • Template “Health Promotion 1.1” issue
  • Templates: filenames (without spaces)
  • Time variable is not working in landing
  • Training Library: awareness links in preview mode
  • Unselected scenarios included in delayed campaign report

We’ll document everything in our LUCY – WIKI  as soon we can! Download LUCY Anti Phishing and Cyber Prevention Server below!


LUCY Version 4.1 is available for download

LUCY Version 4.1 available for download

Users get certificates of attendance when they successfully complete an Awareness Training. Send signed phishing emails, extend your purchased domains and much more! Download the new Release, try the powerful Community Edition!

LUCY V 4.1 is available for download since the end of March 2018. Besides dozens of bugfixes the following new features are available:

  • Mail and Web Filter Test (Which file and message types ‘go through’?)
  • Attendance Certificate for successful trainings / Traning Diploma
  • Recommended email domains in templates
  • Digital signature in phishing emails
  • Domain renewal option
  • Scheduler randomization improvement
  • Date view options
  • Website Cloner improvements
  • XML export support
  • Export Recipient Groups
  • Reports: Table of contents improvements
  • Enduser Profile Improvements
  • Reports: Image placeholder
  • MS-Outlook / Office365© Incident Plugin improvements: configurable ribbon label, inline email forwarding options
  • Dashboard changes
  • Report: Hourly Stats default Value
  • More Whitelabeling: Change default name, copyright, logo, etc.
  • Now you can edit nearly all Text Messages or Labels!

Have fun using LUCY! Let us know if you like something or if you are still missing some functionality. Because we want to remain the best product on the market 😉

Fixed Bugs in LUCY V 4.1

  • Anonymous mode bug
  • Change language scenario bug
  • Click rate and success rate wrong formula
  • Display imported recipients in End Users bug
  • Fix postfix memory limit
  • LDAP import bug
  • LDAP: display list of users
  • Mail Settings Bug
  • Mixed Scenario Template doesn’t collect User Data
  • O365 – email format error
  • Plug-in for Office 365 (bugs & improvements)
  • Redis memory issue
  • Reminders bug
  • Rescheduler bug
  • Resend Awareness Email issue
  • Scheduler plan bug
  • Scheduler: Awareness Only
  • Settings Check error: Scenario Awareness Only has no recipients
  • Several recipients were not added to the schedule plan
  • URL Shortener bug
  • Use quotes in file download names everywhere

We’ll document everything in our LUCY – WIKI  as soon we can! Download LUCY Anti Phishing and Cyber Prevention Server below!


What is New in LUCY Version 4.0?

The 14 best new phishing and databreach prevention features in LUCY V4.0 [Video]

With 4.0, we’ve rolled out a pretty long list of new features and improvements. Our cyberprevention server has become even better than it already is. In this article, we would like to show you our 14 favorite new features that are worthy of special mention.

01. Dashboard improvements One

Starting with LUCY 4.0 we re-designed the dashboard. Filter by type or by execution status, use the search field and select between multiple dashboard modes.

02. Dashboard improvements Two

Widgets! Can be moved on the screen

03. Incident Auto Feedback

Including Risk Score Autoresponder. LUCY allows the admin to define an auto responder for submitted emails through the phish button. The risk score uses the IP’s and domains in your email and compares them with databases that contain information about malicious activities

04. Threat mitigation

The threat mitigation is a new feature that allows the LUCY admin to report reported phishing mails to according abuse contact of the provider’s originating IP address taken from the message header. You can click on the mail symbol within the incident center to initiate the sending of the report

05. Risk Assessment mode for campaigns

Instead of showing only raw data about how many users have been successfully phished, we can additionally provide a risk assessment methodology in LUCY, that shows the exposure to certain threats. We can classify different types of threats/Likelihoods such as Technical threats (e.g. unsecured windows PC, unsecure browser etc.), internal threat (e.g. uneducated user who clicks on certain content) and externals threats through hackers (latest trends in attacks, e.g. exploiting a specific browser vulnerability). In LUCY 4.0 we implemented the 1st analysis step and in the coming releases, this feature will be improved.

06. Create a new campaign based on a previous campaign template

LUCY now allows an administrator to create a template based on a previous campaign. The template consists of all settings including all associated scenario and awareness templates. You can then start a new campaign, using this campaign template

07. User reputation

The user reputation level is a score that gives every user a specific profile based on the number of tests performed against this user and the amount of successful phishing simulations.

08. New message template variables

Lucy allows you to use multiple variables within the message template. The variables pull the information from the recipient in the associated group. We added a few new variables (e.g. Gender specific variable) and you can now also use the dropdown in the message template to insert the variables at the right place. New is also the option to use these variables in the message header.

09Authoring Toolkit 

Create e-learning content with the integrated ADAPT Authoring tool: LUCY comes with an integrated e-learning tool called ADAPT. Adapt allows you to build a Multi-Modal content. You can watch videos, listen to audios with transcripts, and complete quizzes. Adapt also has Multi language and localization support Adapt is designed to solve a problem in eLearning. When you’re faced with delivery to multiple devices, such as desktop, tablet, mobile, you have a choice: you can create multiple versions, each optimized for specific devices, or you can use a responsive design approach. If you create and optimize multiple versions for each device, you might build in Flash for desktop, a native app for iPhone, a different version for iPad, and Android, and so on. As you can see, this method is complex and expensive. Then when you start getting into translation and maintenance, it gets out of control pretty quickly – not to mention the tracking issues if you’re trying to track data from multiple sources. Adapt gives you a different, and much simpler option. Adapt creates just one version of your eLearning in HTML5, which responds intelligently to the device it is viewed on.

10. Reputation Based Learning 

Assign custom e-learning content based on a user’s reputation level: Based on the amount of successful attack simulations for an individual user, you can assign a specific e-learning template in LUCY. If a user didn’t fall for a phishing simulation yet, you might want to assign a different e-learning content than for a user who continuously submitted sensitive data in previous phishing simulations. Please visit this chapter for details.

 11. SCORM export of awareness content

All e-learning templates can now be exported using the SCORM format, allowing you to use the LUCY content in another  LMS (Learning Management System).

12. Advanced export features

Starting with LUCY 4.0 we added a navigation item called export within the campaign overview page. The menu that opens allows you to export any campaign related data

13. Randomization feature for the scheduler

We added a randomization feature, that allows you to split up your recipients over different scenario’s using the scheduler.

14. New real time statistics overview

The real time statistics were improved and they include various data sources and ‘views’ that allow you to see the overall campaign statistics (attack & e-learning) on one page.

Wiki Resources

  1. Dashboard improvements (Dashboard)
  2. Dashboard improvements (Widgets)
  3. Incident Auto Feedback
  4. Threat mitigation
  5. Multiple Default Campaigns
  6. Risk Assessment mode for campaigns
  7. User reputation
  8. New real time statistics overview
  9. New message template variables
  10. Authoring Toolkit
  11. Reputation Based Learning
  12. SCORM export of eLearning content: 
  13. Randomization feature for the scheduler 
  14. Advanced export features


Do you like our tool? Let us know if yes please! Thanks!

Lucy Version 2018 available

BAM! Introducing LUCY V4.0 with Great New Tools

Thalwil (Switzerland), Jan-25-2018 – A new Version of the best Cyberprevention and Awareness Server is available now. Download LUCY 4.0.2 (or higher) with impressive functional enhancements.

2 Highlights – First: The authoring toolkit allows the creation of individual and custom interactive training courses. Only for professional users. And second: Now you can setup individual tranings in an awareness campaign with different courses who are offered depending on the knowledge of the user (Reputation based Learning). And much more. We bundled the work streams for 3.8, 3.9 and 4.0 together because it made sense to provide a bit new major release. Our ramp-up customers already tested the release in late 2017 and the testing period was longer than usual. We just can recommend our best software ever! Download LUCY V4 or update/patch automatically to 4.0.2 or higher.

Release Notes – New Features in V 4.0

Please check our Wiki for more info on some new features:

  • Ability to enable/disable recipients
  • Advanced Export Features
  • Anonymous Mode: Stronger settings, no more reverts
  • Authoring Toolkit (Only for skilled eLearning authors)
  • Awareness report improvement
  • Benchmark and comparison report improvements
  • Campaign export page
  • Campaign summary page improvement
  • Dashboard redesign for heavy campaign users
  • Dashboard Widgets
  • Dashboard: add as much as possible space for names
  • Domain registration: New TLDs
  • Download template dialogue: Search and sorting
  • Enduser Training Portal as an individual Learning Management System
  • Extended incident reporting back to Lucy
  • Gender specific addressing
  • Improve additional groups in import
  • Incident Auto Feedback (including Email Riskscore Autoresponder)
  • Incident view improvements
  • IP whitelist
  • LDAP filter improvement
  • Log Improvements (login, logout, create/delete campaign or scenario etc.)
  • Multiple default campaign templates
  • Option for awareness results overwriting
  • Outlook plugin: Additional headers checkbox
  • Outlook plugin: configuration interface
  • Outlook plugin: custom image
  • Outlook plugin: localization support
  • Outlook Plugin: option to remove reports on Lucy emails
  • Outlook plugin: Optional additional headers support
  • Outlook plugin: suppress email option support
  • Predefined Campaign Templates
  • Recipient groups selection in schedule rule
  • Reports: Improving reporting capability (low quality of images in DOCX)
  • Reputation Based eLearning
  • Risk Assessment Campaigns
  • Scheduler randomization
  • Scorm export for Learning/Awareness Content
  • Screen locker Template – send data to server on execution
  • Threat Mitigation
  • Campaign Variables enhancements (including use variables in headers and subject)
  • User reputation in Lucy
  • User-Agent string parser doesn’t identify Windows 10 and EDGE
  • Variable buttons in editor
  • Statistics: New realtime statistics overview
  • Web proxy mode improvement
  • Website Copy: Improvements


LUCY Server makes cyber prevention in the form of a standardized product affordable for all.

About: LUCY Security is a Swiss company with international clientele in over than 50 countries and with more than 4000 installlations. Its product LUCY Server allows companies to perform realistic Internet attack simulations and customized awareness programs. The software is also able to run infrastructure assessments and a “Phishing Incident Plugin” empowers the user with an easy alerting mechanism in case of an real attack. Certified LUCY Partners in over a dozen countries are providing local and value added services for cyber prevention and IT-Security awareness.

LUCY Users can update their existing installation within the application by hitting ‘Update’.

Not having LUCY yet?


New Release LUCY V 3.7 is out – Download or update now!

The new release of LUCY Server V 3.7 has functional improvements. Notable changes and new features:

  • New dashboard & new dashboard actions (WIKI): It makes the handling much easier, especially when you have a lot of campaigns running

  • New report template variables (WIKI): Finally you can put everything into your Campaign reports!

  • New REST API (WIKI): Integrate your personal LUCY instance into your corporate infrastructure or enhance the functionality. It’s a bidirectional Interface and we have already partner companies developping add-ons for LUCY (to be announced soon). API functionality is available only to the Corporate Edition.

  • Office 365 Outlook plugin (in addition to the Microsoft Outlook Plugin for Windows)

  • Outlook plugin improvements: custom subject, multiple recipients, additional headers (X-CI-Report)

  • A new Enduser profile page, your personal learning and training portal (LUCY Wiki)

  • Deeper report customization

  • Default campaign template for even more efficient campaign creations

  • Threat Analyzer: Automated Incident analysis improvements (Available to Business Edition and above)

  • CC, BCC and fake TO fields in messages

  • AV/Firewall protection improvement

  • Recipient upload improvement

  • Dashboard page improvements

  • A new “Stop All Campaigns” button (makes patching easier)

  • Scheduler improvements

  • Disable campaign checks option

  • Replace BeEF with custom JS library. The active information gathering for client browser data and plugins has been rewritten. New, LUCY own code is used for that.

  • Fake deletion (you won’t accidentally delete anything)

  • Add comparison/benchmark charts into report

  • Extended reporting options

  • Custom logos in the campaign report. After a successful campaign you can generate a report for the management. You can select between different formats like html, pdf or even in a *.docx format (easy editable later on).

  • Report variable validation

  • Backups speedup

  • Backup DB data. You can Backup your own DB now

  • Domain registration improvements

We’ll document everything in our WIKI as soon we can!

Download LUCY Anti Phishing and Cyber Prevention Server below!

A new Phishing Alert Button for Users - One new feature of LUCY Anti Phishing

Alive and Kicking: LUCY V 3.6 is out!

The new release of LUCY Server V 3.6 has some functional improvements. In particular, changes were made under the hood. We fixed security-critical bugs and the Microsoft Windows 32/64 bit installation packages were separated for the Phishing Incident Plug-in. We strongly recommend to download the newest version of LUCY!

A new Phishing Alert Button for Users - One new feature of LUCY Anti Phishing

Notable changes and new features in LUCY V3.6:

  • Visual changes on the Dashboard
  • New Incident PLug-In (splitted versions x32 / x64)
  • New version of active vulnerabiltiy detection (BeEF replaced)
  • A new version of the active vulnerability detection feature based on own code
  • Fake deletion (you won’t accidentally delete anything)
  • Custom events support
  • Add comparison/benchmark charts into report
  • Extended reporting options
  • Report variable validation
  • Backups speedup
  • Backup of DB data
  • Dashboard improvements
  • Improved Report Templates

Download LUCY Anti Phishing and Cyber Prevention Server below!

Lucy 3.5 is out

Meet new Lucy 3.5! This version covers mainly internal updates not really visible to the user. Nevertheless we strongly recommend to update immediately to Version 3.5 because of the improved security. You can download VMware ESXi, VMware Workstation, VirtualBox images and Linux installer script on Lucy website, or use a pre-configured AMI on Amazon EC2 instance (search for “lucy” in Community AMIs when creating an instance). If you are using a commercial license, you can update the system through the “Update” section in Lucy. Please make sure you have no active campaigns running before updating Lucy!

Update notes:

  • New report variables
  • Paid sources for recipient search
  • Global benchmark stats
  • White labeling options
  • Security enhancements (AES256 encryption instead of the old AES128, password salt improvements)
  • Notification of expiring domains & VPS
  • LDAP improvements (multiple DC and SSL support)