Darkweb Research with LUCY

Darkweb Research from LUCY

Did you want to know if there is a data outflow of your company? With our Darkweb Research we bring employee or company data to the surface. Our new  Deep Web analysis service examines what information about a company can be found in public and closed networks. Information from various sources is screened automatically and manually:

  • Pages in the Darknet (e.g. Tor Pages),
  • Forums,
  • Chats (IRC etc.),
  • Dump bots,
  • Cloud Storage
  • others

This makes it possible to ascertain whether and which business-relevant information exists outside the company’s boundaries. The effort required for this depends on the desired scope of examination.

Automated Darknet Research in LUCY Server

In the near future the LUCY software will be equipped with automated analysis mechanisms. The LUCY Deep Web analysis framework enables search queries by the end user. The new functionality will greatly automate Darkweb Research. End users and LUCY administrators will be able to quickly and efficiently determine whether critical data has left the company boundaries. It is obvious that the LUCY server functionality cannot completely replace manual Darknet research. In such actions, the human mind is still very important. AI (Artificial Intelligence) will also not be able to completely replace humans in Darknet Research.

BRAND MONITORING IN THE DARKWEB

Monitor your company and your brand with our new service. Successful companies do well to constantly monitor cyberspace. The automated and recurring scans of LUCY allow the regular control of

  • Darknet,
  • Deep Web,
  • Social media,
  • App Stores
  • and other sources.

The service offer is individually configurable.

 

security awareness training update

Bam! Enjoy 163 new Attack and Training Templates – Unlimited Security Awareness Content

At LUCY we are constantly delivering new security awareness content. And that for free! Now 163 new templates have been added in one go: 20 training videos, 9 other awareness trainings and as many as 134 new attack templates. LUCY rocks! right?

Overview

New attack templates for Phishing Simulations

We have delivered 134 new or updated templates. Why are we adding so many? Because it has been proven that many phishing tests that run simultaneously and are sent out at random have the best sustainable training effect for employees. We also have responded to the various customer requests and now offer new group of attack templates who contain typos from known brand names. This is state of the art Security Awareness Training Content!

20 new training videos

The need for more training modules and especially for rich media security awareness content is unbroken. Our new training videos range from security awareness videos to social media usage. Check them out below!

Arabic and Danish as new (standard) languages

All scenarios of the Security Awareness Training Content are now available in several language versions. The language bar usually looks like this:

arabic as standard phishing template

Today we can safely claim that most of the content is available in Arabic, Danish, Dutch, English, French, German, Italian, Portuguese, Spanish and Turkish! Very often Russian and Ukrainian are added.

Beautiful Free and Editable Security Awareness Posters !

Editable and Free Security Awareness Posters Almost 70 posters are now available for publication. Place it in your office so that your employees always have the relevance of IT security in mind. The security awareness posters are equipped with either an illustration or an attractive photo. And best of all: The posters can be edited with Adobe Illustrator (c) because we provide the source files 🙂

How do I get to the new content?

If you have installed LUCY, you get a message that new content is available and you can download it. Otherwise, you can check in the Settings menu in the Download Updates section whether other new templates can be downloaded.

Can I maintain and develop my own templates?

Of course. LUCY is a standard software that was created for this purpose. This ensures reusability and investment protection. You can create your own attack or awarness training templates.

Details: The 2nd LUCY Security Awareness Content update of this year

Here are 163 new or revised training and phishing attack templates. Have fun testing and training!

 

Educational and Security Awareness Training Content Modules

29 updated or new courses: Enjoy our updated or new Security Awareness Training Content: Video / Quiz / Interactive , Course or Static.

01.) Social Engineering Course – This course helps employees understand the threats of social engineering.

 

 

02.) Email Only – This was a phishing simulation & Tips  This is a template that does not have a web page integrated. The employee is informed about the phishing simulation and receives a few tips on how to better detect such attacks in the future.

 

03.) Email Only – This was a simulation & Tips (Text)  This is a template that does not have a web page integrated. The employee is informed about the phishing simulation and receives a few tips on how to better detect such attacks in the future and where to report them.

 

04.) WIFI Security Course – This wireless security course (5-10 minutes) provides employees with an understanding of the risks associated with wireless networks and how best to protect themselves from them.

 

05.) Security Awareness video:7 Tips (close caption) – In this short 3-minute security awareness video we have put together 7 security tips, which involve best practices and policies that promote security. The video has english subtitles. The content (animation, language, script) is customizable. More info about customization can be found here: https://goo.gl/HXN9SG.

06.) Secure social media usage video (close caption) –In this security awareness video we talk about secure social media usage. The video has English subtitles. The content (animation, language, script) is customizable.

 

07.) Secure Internet usage video (close caption) – In this video we show you how to protect yourself when using the internet. The video has english subtitles. The content (animation, language, script) is customizable.

 

08.) Email Security Video 1.3 (close caption) – In this 9-minute security awareness video, we talk about email security risks. The video has subtitles.The content (animation, language, script) is customizable.

 

09.) Lucy Phishing Video 1.1 (close caption) – This is a 3-minute educational video about phishing attacks. The video has english subtitles. Each video scene can be customized (e.g. custom branding) and translated into additional languages.

 

10.) Mobile Security Awareness Video (close caption) – This short security video gives a few tips regarding the secure usage of mobile devices (mainly smartphones & laptops). The video has english subtitles.

 

11.) Password Security Video (close caption) – In this 5-minute security awareness video we talk about password security risks. We have put together a few security tips about best practices and policies. The video has english subtitles. The content (animation, language, script) is customizable.

 

12.) Physical Security Awareness Video (close caption) – In this 4:20-minute long security awareness video we talk about physical security risks. In addition, we have put together a few security tips, which involve best practices and policies. The video has english subtitles. The content (animation, language, script) is customizable.

 

13.) Social Engineering Video – This video is dedicated to the topic “social enginering”. The content (animation, language, script) is customizable. More info about customization can be found here: https://goo.gl/HXN9SG.

 

14.) Social Engineering Video (close caption) – This video is dedicated to the topic “social enginering”. The content (animation, language, script) is customizable. The video has subtitles.

 

15.) Data Privacy & GDPR Video – This video is dedicated to the topic “data privacy & GDPR”. The content (animation, language, script) is customizable. More info about customization can be found here: https://goo.gl/HXN9SG.

 

16.) Data Privacy & GDPR Video (close caption) – This video is dedicated to the topic “data privacy & GDPR”. The content (animation, language, script) is customizable. The video has subtitles.

 

17.) Identity theft video – This video is dedicated to the topic “identity theft”. The content (animation, language, script) is customizable.

 

 

18.) Identity theft video (close caption)  This video is dedicated to the topic “identity theft”. The content (animation, language, script) is customizable. The video has subtitles.

 

 

19.) WI-FI security video – This video is dedicated to the topic “Secure Wi-Wi”. The content (animation, language, script) is customizable.

 

 

20.) WI-FI security video (close caption) – This video is dedicated to the topic “Secure Wi-Fi”.
The content (animation, language, script) is customizable. The video has subtitles.

 

21.) Workplace Security Awareness Video – This video is dedicated to the topic “workplace security”.
The content (animation, language, script) is customizable.

 

22.) Workplace Security Awareness Video (close caption) – This video is dedicated to the topic “workplace security”. The content (animation, language, script) is customizable. The video has subtitles.

 

23.) PCI Security Awareness Video – This video is dedicated to the topic “PCI Security Awareness”. The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards. The content (animation, language, script) is customizable.

 

24.) PCI Security Awareness Video (close caption) – This video is dedicated to the topic “PCI Security Awareness”. The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards. The content (animation, language, script) is customizable. This video has subtitles.

 

25.) Password Security Video -SHORT (close caption) – In this 1-minute security awareness video we talk about password security risks. We have put together a few security tips about best practices and policies. The video has english subtitles. The content (animation, language, script) is customizable.

 

26.) Email Security Video – SHORT (close caption)  In this 1-minute security awareness video, we talk about email security risks. The video has subtitles.The content (animation, language, script) is customizable.

 

27.) Physical Security Video – SHORT (close caption) – In this 1-minute long security awareness video we talk about physical security risks. In addition, we have put together a few security tips, which involve best practices and policies. The video has english subtitles.

 

28.) Comprehensive security course – Topics in this course include “SHOULDER SURFING”, “PORTABLE MEDIA ATTACKS”, “VISHING (COLD CALLING)”, “CLEAR DESK POLICY”, “PHYSICAL SECURITY”, “VISITORS AND IN-PERSON INTERACTION”, “SOCIAL ENGINEERING”, “PASSWORD SECURITY”, “SECURE BROWSING”, “SECURE SOCIAL NETWORKING”, “USING PUBLIC WI-FI’S”, “MOBILE SECURITY”. Please note the different configuration options in readme.html.

 

29.) Awareness Training Library – THIS IS A WHOLE VIDEO LIBRARY – This template offers the possibility to link all existing LUCY training modules in a directory. The end user can then put together his desired training modules himself on an overview page. This is our biggest collection of Security Awareness Training Content so far!

 

 or download our free Community Edition here.

 

134 new and updated Attack Scenarios / Phishing Templates

1.) Free Bitcoins – The user is offered free bitcoins.

 

 

 

2.) Message – The scenario represents a typical communication attempt by a messaging service.

 

3.) Open position (resume enclosed) – Blind applications are a common tool used by attackers to get HR staff to download dangerous content from the Internet.

 

 

4.) Reset your google password – The user is informed that during a random check in the Darknet, you have found his login data and an attacker can misuse it to gain access to his google account.

 

 

5.) Visit to your city – This is a real example of a Russian dating scam that took place a few years ago.

 

 

6.) DHL Shipping confirmation (image only) – This is an example of a real attack that was carried out in the past on behalf of DHL. To get past possible SPAM filters, there is no text in the email, only an image which is linked.

 

7.) Message is only partially downloaded (image only) – This email specifies that the content cannot be displayed. The user is asked to click on a link to download the message. To get past a possible spam filter, only an image is used instead of text.

 

8.) LinkedIn Invitation – Because LinkedIn has become one of the most popular professional online networks, it has become a victim of occasional online scams. Scammers send LinkedIn users emails that appear to be from LinkedIn but are not. This is a typical real life example of such a scam. The logo and name are not modified in this template.

 

9.) Zoom Meeting Invitation – The employee is invited by a colleague from the HR department to a spontaneous zoom meeting to clarify suspicious surfing activities on his PC. The template uses the same formatting and wording as the original.

 

10.) Airbnb illegal activity reported – In this email, the user will be informed that an illegal activity has been detected on Airbnb’s behalf and will be reported to the authorities if necessary. These types of messages play on the user’s curiosity and fear.

 

11.) Instagram Password Reset – This scenario is a typical example of a fraud attempt, in which the user is led to believe that his password has been changed by a third party.

 

 

12.) Facebook notification missed from friends – This is a typical example of an attack in which the user is notified about missed activities of his friends. The logo and name were not adapted in this scenario to make detection more difficult.

 

13.) Facebook: See who liked your page – Most users of social media are by nature curious. They are interested in learning what is going on with their friends, their communities and the world at large. Unfortunately, scammers understand this curiosity and exploit it in an attempt to lure users into clicking on fake messages like this one.

 

14.) Cisco’s Webex – Meeting in progress! This attack scenario gives the user the impression that a WebEx Online Meeting is taking place on their behalf. This scenario adopts the typical features of such an invitation without deliberate errors in the logo or name.

 

15.) Xing Contact Request – Unlike an email address, the business plattform Xing reveals considerable information to scammers because your profile is the digital version of you. This is often used by scammers in the context of contact inquiries, which aim at the curiosity of the user.

 

16.) PayPal suspicious activity on the account – PayPal customers are constantly being targeted in phishing attack. In one of the most pouplar, criminals are distributing fraudulent emails claiming that PayPal has noticed suspicious activity on your account. The emails claim that PayPal has detected a successful sign in from an unrecognised device and you must therefore secure your account before it can be used again.

17.) LinkedIn: Account blocked due to inactivity –This scam first occurred in 2012, when Russian hackers collected and leaked millions of LinkedIn users’ passwords. These scammers send you a fake email, pretending to be the LinkedIn administrative team. The email pretends your LinkedIn account has been blocked due to inactivity. This is security awareness training based on real world examples!

18.) iTunes account confirmation – This attack variant against apple user was first observed in 2016. There have been reports of emails that appear to be from the Apple Store, asking the user to confirm his email to avoid the account from being blocked.

 

19.) LinkedIn – Policy Violation  The user is informed that his profile has been reported by another user due to violations of the general conditions. This example corresponds to a real phishing attack as observed a few years ago.

 

20.) Amazon – your account has been updated  In the past, Amazon users have been persuaded to click on a link using this type of phishing attack. In this scenario it is pretended that another user has changed the email address of the legitimate account owner.

 

21.) Dropbox – Account will be suspended  If there’s no activity on a users Dropbox account for an extended period of time, Dropbox will notify the account owner in an email. In the past, this pattern has often been used by attackers to gain access to user logins.

 

22.) Happy Easter Greeting Card as a phishing attack
A simple but effective security awareness training: Happy Easter Greeting Card as phishing simulation.

 

23.) SAP – The user is invited via mail to access the SAP account just created. This is a great software specific Security Awareness Training Content Template.

 

 

24.) Sharepoint Invitation
Websites in Sharepoint may be shared with external or internal users using this type of invitation.

 

25.) Sharepoint Login –Websites in Sharepoint may be shared with external or internal users using this type of invitation. The recipient will be able to login to a Sharepoint Website which is undergoing some technical maintenance.

 

26.) Netflix Account on hold – This is a replica of a real Netflix phishing attack from 2018, which uses character spacing to trick spam filters. This is a typical example of a mediocre attack email that contains some visual errors.

 

27.) Twitter
Your company is mentioned in WikiLeaks! A twitter message pretending that your company is mentioned in an article at wikileaks.

 

28.) SAP Login
 The user is invited via mail to access the SAP account just created. The fake SAP portal allows the user to login with his windows username and password.

 

29.) Amazon Prime Bonus Scam – In 2017, criminals were sending mass emails that appear to have come from Amazon and thank recipients for making purchases on Amazon’s “Prime Day”. The emails then invite recipients to go to the Amazon website to “write a review” and receive a special $50 “bonus” credit for doing so.

30.) Happy Valentine’s Greeting Card, attack template for phishing simulations 
A simple Happy Valentine’s Greeting Card as phish test template.

 

 

31.) Happy Mother’s Day Greeting Card – Nothing to add here, dear Mum 😉

 

 

32.) Happy Halloween Greeting Card – Happy Halloween Greeting Card.

 

 

33.) Happy Christmas Greeting Card – And last but not least a Happy Christmas Greeting Card as phishing simulation template.

 

 

34.) Microsoft Office 365 Online Login
The message asks the user to login to his/her “Microsoft Office 365” account. The login will generate an error.

 

35.) Citrix Login
In this template the user has the ability to log in and access his/her company’s work environment via Citrix

 

36.) Private Message – enter code to open it   In this template, which corresponds to a real message service with email encryption, the user is asked to enter his email address and a code (this is included in the message) on a web page.

 

37.) Join Skype – Business Meeting Invitation to a Skype Business Meeting.

 

 

38.) Join Skype Business Meeting (Web Login)
Invitation to a Skype Business Meeting. Login with Windows Credentials.

 

 

39.) Cisco’s Webex – meeting in progress (web login) – This attack scenario gives the user the impression that a WebEx Online Meeting is taking place on their behalf. The user can participate the meeting using his email adress and birth date as an authentication
mechanism.

 

40. – 106.) – Editable Security Awareness Posters – Informative and decorative educational posters increase security awareness. Editable and Free Security Awareness PostersThere are now 67(!) such posters available. They can all be edited and customized using Adobe Illustrator.
Usually two different types are available: As an illustration or photo poster.

 

107.) Windows Update
A new Windows Update is available and tries to trick the user for downloading it.

 

 

108.) Corporate WhatsApp Group
The user will be asked to register on a WhatsApp page of the company to join the new group.

 

 

109.) Outlook to Office365 Migration – As part of a transition from Outlook 2010 to the cloud-based Office365 environment, this scenario asks all employees to register on a new environment located at “login.microsoftonline.com”.

 

110.) Employee of the Month
A new offer enables employees to vote for a candidate who deserves recognition for his or her outstanding achievements.

 

111.) Google Leaks – The company informs the employees that their corporate network credentials have been breached and they should make a Google Search to find out whether their credentials are stolen or not.

 

112.) LinkedIn Company Profiles
The recipient is informed that the HR department has migrated all employee profiles to a newly created company page on LinkedIn in the last few months.

 

113.) BYOD, Open VPN Access
In this scenario, employees can use a new web based SSL VPN login portal to get access with their personal devices to all internal business applications.

 

114.) SSL VPN Compability Check (Netscaler)
In this scenario, the user is prompted to connect his remote workstation to the company network. A compatibility check of the computer with an executable file is also performed. The design is based on a Citrix Netscaler access.

 

115.) UPS Exception Notification – This is a copy of a real UPS attack example gathered from LUCY’s phishing monitoring service.

 

 

116.) Twitter “Corporate” – The user receives a notification that his company has set up a Twitter channel exclusively for all employees. He can keep up to date and receive the latest news about new entries, contests, company events, etc. in real time.

 

117.) NetScaler Unified Gateway SSL VPN
By using a new web-based SSL VPN login portal, employees have access to all internal business applications that allow them to work from a remote location.

 

118.) Facebook Company Page
The employee gets invited to join his company’s facebook page.

 

 

119.) PayPal Open Invoice

The recipient receives an invoice from a seller for a three-digit amount. To view the invoice, the user must login with PayPal. This attack is based on similar attacks observed by our research team in the past.

120.) Email in quarantine – This is an original copy of a phishing attack observed in 2018 by our research team, in which the user is tricked into picking up his quarantined email.

 

 

 

121.) Email in quarantine with Login Page – This is an original copy of a phishing attack observed in 2018 by our research team, in which the user is tricked into picking up his quarantined email.

 

122.) Employee Survey HR Portal – The employee is asked to log on to an HR portal to take part in an internal survey. One of the oldest and most efficient Security Awareness Training Content Templates has been revamped here.

 

 

123.) Netflix – Payment was rejected – This real phishing attack was registered by our reserach team in May 2018. In this attack, the user is informed that his payment method was rejected. This is an example of a better formulated attack with correct grammar and visual elements.

 

124.) F5 VPN Access – In this web-based scenario a VPN access of the company F5 is simulated. The user is asked to enter his user name, password and also his token code.

 

 

125.) Password Check for MS Windows – This extended password check shows the user how secure his password is during input. It is intended to test Windows(c) passwords. As soon as the user enters a password with more than 6 characters, it is transmitted to LUCY.

 

126.) Job Offer
The employee is contacted personally and made aware of a position that would fit his or her profile. This is still an efficient Security Awareness Training Content!

 

127.) Illegal license detected on your PC
 The user is informed that there is an illegal copy of software on his PC and that he must log in to check it.

 

128.) Bitcoin – Trade with a 500 USD starting balance  The user receives a starting credit of USD 500, which he can invest in Bitcoin in a predetermined period of time free of charge on a trading platform.

 

129.) Bad Employer Rating – A negative assessment of the employer has been published. This is a simple but efficient Security Awareness Training Content Template.

 

 

130.) Affordable car leasing for employees – Employees can lease a company car for a fraction of the original cost.

 

 

131.) Leak Alert: Verify your phone number – In this database of stolen records, the user can check if his phone number is being misused in any way.

 

 

132.) DocHub – Please Review Invoice  “Carl Mc Gregor” sends the recipients an invoice to review and complete.

 

 

133.) Melani – Swiss Reporting and Analysis Centre  Reporting and Analysis Centre for Information Assurance (MELANI) has been commissioned by the Federal Council to protect critical infrastructure in Switzerland. In this template the user receives an email about a possible data leak.

 

134.) Your expenses have been denied (SAP) – The user is informed that his submitted expenses have not been accepted.

 

 

So that’s it  🙂  Keep on enjoying LUCY Server and our Security Awareness Training Content

 or download our free Community Edition here.

 

German Axsos AG becomes certified LUCY Ecosystem Partner

Zug, June 20, 2018 – The employee is the major target for Internet Attacks. 97% of all attacks target the person and only 3% target the technology. People are the central link in the IT security chain. Employees with high awareness and a secured technology stack are the best protection for an organization. The German Axsos AG is therefore further expanding its successful user-oriented IT security services with the help of LUCY Server.

Employee Awareness and Testing with Axsos AG – Axsos has recognized the strongly increasing need and offers phishing simulations and awareness training on the basis of the LUCY platform for this purpose. The LUCY Phishing & Technology Assessment Server is a software suite with which, for example, realistic social engineering, simulated phishing and malware attacks can be carried out. The eLearning portal integrated in the system allows effective employee education, which is necessary to be able to counter all possible Internet attacks.

LUCY Partnership with Axsos – LUCY Security AG announced a partnership with the German Axsos AG today, a powerful system integrator in the areas of IT security, IT infrastructure and software development. The company has over 100 employees and its headquarters in Stuttgart. Further branches are in Solingen, Dettingen an der Ems and Ramallah.

 

Axsos ist ein LUCY Partner für Deutschland

About Axsos AGAxsos AG offers user-oriented IT from a single source: Listening and customer understanding are the credo of the IT-integrator from Stuttgart with further locations in Germany and abroad. The company’s main service areas are IT security, IT infrastructure and software development. IT security is essential for every company’s success and Axsos understands the art of developing a suitable security strategy for your customers and finding the right balance between risk minimization and risk acceptance when implementing it.

About LUCY – LUCY Security AG offers software for simulated Internet attacks and cyber prevention. With the platform, phishing simulations, USB attacks as well as malware simulations and infrastructure assessments are immediately set up and executed. Phishing incident buttons for Gmail/Outlook help with real-time email threat analysis. More than 5000 active installations worldwide testify to the success of the LUCY server, which is also offered in a free version.

The excellent NPS of 85 and the outstanding Gartner Peer Rating of 4.8 confirm the quality of the up-and-coming Swiss company, which has office in Austin Texas and a worldwide partner network.

For more information plase contact palo  (a t) lucysecurity-do t-com

  • LUCY Security AG, Chamerstrasse 44, CH-6300 Zug, Switzerland, +41 44 557 19 37
  • LUCY Security LLC, 801 W 5th St, Suite 809, Austin TX 78703, USA, 512-917-9180

Find out how many of these potentially dangerous file types are allowed through to your network

You think that no such files reach your network or the mailbox of your employees? We don’t think so, because in that case you’d be cut off from the rest of the world. The automated mail and web filter test shows you which files and which contents reach your company network unhindered.

What’s going through? This is a frequently placed order or task, which our security specialists receive during IT security audits. The fact is that most organizations do not know whether and which mails with obscene content or messages with a given PDF exploit are effectively blocked or not.

If you want to answer the question reliably, you have to test all potentially dangerous file types, because sometimes the firewall filters out a message, otherwise it is a gateway device or the mail server itself. To do such a ‘delivery control’ manually is actually no problem. The corresponding file lists on the Internet provide information about potentially dangerous or manipulable file formats. You can use these and then use these lists to create a test scenario for

  • Sending the mail or
  • Check if they can be accessed and downloaded via browser

But the effort to do that is considerable. And then comes the problem that the actuality of such tests quickly becomes obsolete. Old loopholes and sources of danger are eliminated and new ones are created.

Therefore, a standardized, automated mail and web filter test is required! On the one hand, this can massively reduce the effort required for the test. On the other hand, professional and central maintenance ensures that the test is  always up to date.

New infrastructure test in LUCY Server: Mail and Web Filter Test (MWF)

LUCY Technology Assessements Category "Mail & Web Test"

With this MWF test, anyone can now check their network environment and email infrastructure for vulnerability – or rather permeability – to potentially dangerous file types and content. As is usual with LUCY Server, the whole process is prepared for the end user and easy to operate.

The user can decide whether he wants to do the complete test – for the mail infrastructure and for the browser download of various file types and contents. Alternatively, the LUCY system allows the test to be easily split into packages. This division is offered as standard, a further refinement is possible:

 

  • Dangerous File Types in archives
  • Files containing ‘Profanity’ (Sexual or rascist or other content)
  • Harmless Level 3 Files
  • Encrypted Class 1 Files
  • PDF & Office Exploits
  • Files containing obfuscated malware
  • Files containing harmless macros
  • Dangerous file types

A mail and web test campaign is set up within minutes and the test can start immediately! Here are some screenshots of the LUCY system, which give an insight into an ongoing test. Further detailed information is available in our LUCY WIKI!

 

Have fun with the LUCY-Server – We make cyber prevention affordable and available for everyone!

 

 

LUCY gets a Score of 4.8 on Gartner Peer Insights – That is a great rating!

Great toolbox, goes further than some big players” – Such statements and an overall rating of 4.8 out of 5 points are an excellent rating for our software and our company’s support services.

 

In the Gartner Peer Insights and Reviews  professionals will share their experiences, which they had with their suppliers and the suppliers’ services / products. The experience reports (the review), is validated by Gartner for probity and reliability, and therefore has a high relevance on the quality of the supplier, in the market. Some excerpts from the reviews:

  • “LUCY is the perfect tool for encompassing all aspects of phishing testing and training”
  • “Great toolbox, goes further then some big players”
  • “Great value package, easy to use”
  • Service & Support: “Very supportive and dedicated”
  • Service & Support: “Good training by service provider and good handbook available”
  • Quality and availability of administrator training: “Half a day of training was sufficient to handle the product and set up first campaign”

We are happy for the ratings and are committed to maintaining LUCY’s  good results on Gartner Peer Insights!

We look forward to any further review

LUCY: We make cyber-prevention affordable and available to everybody!

 

Envoy Data Corportration is a LUCY Software Distributor

Envoy Data now distributes the best solution for cyber prevention and IT security awareness

LUCY Security has entered into a partnership with the leading Value-Added Distributor of data security solutions.

Austin, June-16-2018 – “With Envoy, we have found a partner that suits us and actively helps us to develop the large American market better,” says Palo Stacho, co-founder of LUCY Security. “The support of Envoy in engineering, marketing and sales support is very convenient for us and we know that with the LUCY software the Envoy portfolio is extended by a very innovative solution!”

Visit the LUCY product page at Envoy : https://www.envoydata.com/partners/lucy-security/

About LUCY – LUCY Security offers software for simulated Internet attacks and cyber prevention. With the solution, phishing simulations, USB attacks as well as malware simulations and infrastructure assessments are immediately set up and executed. The scope of services is rounded off with phishing incident buttons for Gmail/Outlook and real-time email threat analysis.

The excellent NPS of 85 and the outstanding Gartner Peer Rating of 4.8 testify to the quality of the up-and-coming Swiss company, which has a branch office in Austin Texas and a worldwide partner network.

For more information please contact Colin (a t) lucysecurity-do t-com

  • LUCY Security AG, Chamerstrasse 44, CH-6300 Zug, Switzerland, +41 44 557 19 37
  • LUCY Security LLC, 801 W 5th St, Suite 809, Austin TX 78703, USA, 512-917-9180
LUCY V 4.2 brings the Gmail Phish Button!

Brand new Gmail Phish Button and full functional Mail & Web Filter Test: LUCY 4.2 is available now!

New LUCY Version 4.2: The popular Phishing Incident Plugin (Phish button) is now also available for Gmail. This means that Google Mail users now also benefit from automated threat analysis. Furthermore, the web and mail filter test has reached the full configuration status. Thus the search for loopholes in web communication is done in minutes instead of days!

LUCY V 4.2 is available for download now. Besides dozens of bugfixes the following new features are available:

  • Massively improved MWF test (Mail & Web Filter Test: Which file and message types ‘go through’?)
  • New SPF CHECK & MX Check (see below)
  • New Docker configuration (behind the scenes)
  • Add a few reporting variables in awareness mail /website
  • Postfix: support TLS for outgoing messages
  • Gmail phishing button!
  • New Campaign Overview Dashboard with new filters
  • Custom image support for Outlook phishing incident plugin
  • Template editor improvement
  • Automatic invoices (details see below)
  • Outlook Phishing Button Plugin: custom image
  • Mail spoofing test (details see below)
  • New Top Navigation

 

New SPF CHECK & MX Check

1) SPF check. Half our clients spoof their own company domain as a mail sender. As many use SPF records, those mails do not arrive and client thinks LUCY does not work. Thats why we created an SPF check:

  • First: The user saves the message template in a campaign.
  • Second: Verify, if there is a mismatch of the record and LUCY’s IP.
  • If yes, tell this to the user in a popup he need to acknowledge.

This check is also added to the general checks for campaign checks.

2) MX check: When saving an attack scenario, the system checks if the MX record points to LUCY for the sender domain. This is logically wrong. The sender mail server can be different from the MX. Thats’s why we developed a new check, where LUCY verifes if any MX record exists for the domain. If not: most mail server do not accept mail domains, where no MX record exist. Thats why there’s a new popup where LUCY tells the user, that the mail wont arrive unless the used sender domain OR the LUCY-Server IP number gets whitelisted,

Mail Spoofing Test

This tool will help the company to determine, if an external attacker can spoof mails (from company mail domain TO company mail domain; example: sender is [email protected] and receiver is [email protected]).

Automatic invoices

If the user buys more credits or buys lucy, the system creates an invoice (pdf) for the user automatically. The invoices then will be archived and remain accessible to the user.

 

Have fun using LUCY! Let us know if you like something or if you are still missing some functionality. Because we want to remain the best product on the market 😉

Fixed Bugs in LUCY V 4.2

  • “Benchmark Based” campaigns are incorrectly distributed on benchmarks
  • “Client” field in “Incidents” not filled bug (Outlook MSI)
  • “Reset Stats” button marks campaign as Not Running
  • “Service Logs” dont display logs when selecting files in the “File” field
  • “Trying to get property of non-object” when deleting recipient group(s)
  • 404 error after updating to 4.2 when trying to use system with domain
  • Advanced Settings: Date Time & Export issues
  • After update 4.1 – 4.2: Adding a group refresh bug, After start campaign check not working, Copy webpage refresh bug
  • After update on 4.2 – endless reboot
  • Awareness certificate – checkbox “Create Awareness Certificate” bug
  • Awareness certificate file is downloaded without the use of customized styles
  • Awareness Certificate: enduser bug
  • Awareness only report summary chart bug
  • Awareness page link
  • Backup\Restore of campaign (between two different Lucy instances)
  • Campaign comparison bugs
  • Campaign recipient management bug
  • Campaign report doesnt include the content of variable %charts.analyse%
  • Campaign Restart (Reset Stats)
  • Copy Webpage: SSL Error
  • Critical reports bug (from 4.0)
  • Data for plugin cleared
  • Delete duplicate creates unspecified db error
  • Deletion all recipients bug
  • Digital Signature (error: The message contents may have been altered)
  • DKIM selector always is “mail”
  • Download Templates: Install & Replace
  • Editor 500 Bug when accessing system folder via file explorer
  • Error “Empty recipient list.” when adding selected recipients to campaign
  • Error “SMTP server not found” when using “Default Mail Settings”
  • Error 500 if Awareness Only scenario is missing
  • Error 500 when saving Whitelabel
  • Errors in the Whitelabel section
  • Fix Invoice page
  • From LDAP server only some users imported to “Users”
  • Gmail Addon: plugin page causes Error 500
  • Impossible to add recipients in a portable scenario through the campaign
  • In the download links files, the wrong choice of ip / domain is used
  • Incident stats issues
  • Info “Download files” and graphics style bug
  • Label fix
  • LDAPS connection doesn’t work
  • LetsEncrypt: replace expired certificate
  • Letter about changing status of the domain comes in German
  • Login using personal certificate issue
  • Lucy is not updated from 4.1 to 4.2
  • Messages in application log
  • No references to recipients in groups in the “Recipients” section
  • Outlook Plugin: Custom icon causes Outlook to crash
  • Recipients copy bug
  • Recipients search causes error 404
  • Remove/reinstall MSI addon bug
  • Resend Email fails with Database error
  • Scenario landing page proxy bug
  • Skipped questions bug (quiz)
  • SmtpErrorsCommand bug
  • SSL generation bug
  • Template “Health Promotion 1.1” issue
  • Templates: filenames (without spaces)
  • Time variable is not working in landing
  • Training Library: awareness links in preview mode
  • Unselected scenarios included in delayed campaign report

We’ll document everything in our LUCY – WIKI  as soon we can! Download LUCY Anti Phishing and Cyber Prevention Server below!

June-12th-2018

Booth X 43 – Visit LUCY Security at Infosec Europe 2018 in London and get great gifts!

Our booth X43 is located in the startup area of Infosec Europe 2018, right next to the lecture hall on the first floor. Come by, we look forward to getting to know you personally!

Booth X 43 - Visit LUCY Security at Infosec Europe 2018

The founders Oliver and Palo are part of it. Let our team show you a 10 minute live demonstration of our antiphishing software. Ask us detailed questions about the security, performance and application scenarios of the LUCY Cyber Prevention Server. The founders Oliver and Palo will also be present.

We look forward to seeing you at Infosec Europe at the Olympia, London from 5 to 7 June 2018!

 

LUCY @ Booth X 43 on the 1st floor!

#infosec2018 / http://www.infosecurityeurope.com/

A1 Telekom, Adnoc, Autoriti Monetari Brunei Darussalam, David J Peck, Ethical Intruder, Frosta, Intuity, Principle Logic, Privasec, Sapphire, SEB, Siroop, Vaadata, VA Intertrading are official customers from LUCY Security

Meet 15 New Official Customers of LUCY

We are very happy that we can again officially name some customers! They come from all industries, not just from the information security corner.

 A1 Telekom, Adnoc, Autoriti Monetari Brunei Darussalam, David J Peck, Ethical Intruder, Frosta, Intuity, Principle Logic, Privasec, Sapphire, SEB, Siroop, Vaadata, VA Intertrading are official customers from LUCY Security

A1 Telekom, Telecommunication, Austria

A1 Telekom Austria is the leading communications provider in Austria with over 5.4 million mobile and 2.3 million fixed-network customers. The company operates its own networks and is a subsidiary of Telekom Austria, which is active in a total of eight Central and Eastern European countries. A1 employs over 8000 people in Austria. https://www.a1.net/

 

Adnoc, Oil & Gas, United Arab Emirates (UAE)

The Abu Dhabi National Oil Company (formerly Adgas) is one of the world’s largest oil producers. Adnoc is a state-owned company with a 90 percent share of the nationwide oil and gas reserves of the United Arab Emirates. https://www.adnoc.ae

 

Autoriti Monetari Brunei Darussalam, Banks – Finance, Sultanate of Brunei

The Central Bank of the Sultanate of Brunei is not the first such institution to count LUCY Security among its clients. But it is the first central bank we can call public J  http://ambd.gov.bn/about-ambd/

 

FroSTA, Food Industry, Germany

In Germany, as in the whole German-speaking area, FROSTA is a household name. It is the only frozen food brand with the Purity Law. 100% real pleasure. No tricks. No secrets. For over 10 years FRoSTA has consistently dispensed with additives and the company promises the best taste only from the best ingredients. Some LUCY employees are FroSTA fans! https://www.frosta.de/

 

SEB, Banking, Sweden and Estonia, Latvia, Lithuania, Russia and Ukraine

Skandinaviska Enskilda Banken (SEB) is a universal bank with the claim to be the leading Nordic bank. It has subsidiaries in all countries bordering the Baltic Sea and the Ukraine. There is also a worldwide network of branches for corporate customer business. The financial institute was founded in the 1850s by Oscar Wallenberg. https://sebgroup.com/

 

Siroop, e-Commerce, Switzerland

Siroop is a leading electronic marketplace in Switzerland. Products from local, regional and national dealers are offered from a single source. At siroop you can buy everything, over 1 million products and over 500 Swiss dealers are available in the e-Shop. https://siroop.ch/

 

VA Intertrading, Trade, Austria

VA Intertrading was founded in 1978 under the name Voest-Alpine Intertrading GmbH and is now an outstanding trading company and Austria’s leading trading house. In addition to trading activities, VA Intertrading offers services such as transport and logistics, futures and trade finance. The wide network of branches all over the world guarantees VA Intertrading customers optimal access to markets and manufacturers. http://www.vait.com/

 

New official customers from the cyber security industry

 

David J Peck and Associates LLC, IT Security, USA

The Pennsylvania-based company specializes in penetration and security testing. The specialists of DJPA belong to the power users of the LUCY server and the company is one of the top addresses for independent security tests on the American East Coast. http://www.davidjpeckandassociates.com/

 

Ethical Intruder Cyber Security, IT Security, USA

Ethical Intruder is a specialized security service provider with its own standard solutions and tailor-made services for the financial sector, retail trade, healthcare and medical technology. The company is based in Pittsburgh, the hometown of a LUCY competitor and we are very pleased that the well-known Ethical Intruder has nevertheless chosen LUCY! http://ethicalintruder.com/

 

Infiltration Labs, IT Security, USA

Infiltration Labs is committed to securing and testing our customers’ systems. Phishing assessments, social engineering, vulnerability assessments, training and other services are offered. The nationally operating company is based in Fort Lauderdale, Florida. https://www.infiltrationlabs.com/

 

Intuity, IT Security, Italy

Intuity, based in Padova, offers IT security services around’Red Teams’ or’Blue Teams’. This also includes vulnerability assessments and penetration tests, which are necessary to carry out the “official evaluation of the robustness of IT process support infrastructures” known in Italy. https://www.intuity.it/

 

Principle Logic, IT Security USA

The company around the security expert and well-known book author Kevin Beaver offers various information security services. These also include “Website and Application Vulnerability Assessments” or “Internet of Things (IoT) Vulnerability Assessments and Penetration Testing”. https://www.principlelogic.com/

 

Privasec, IT Security, Australia

Privasec, the Australian information security company, has a national and international clientele. With offices in Sydney, Melbourne, Brisbane and Auckland (NZ), the company provides Cloud & Cyber Security services, including Compliance, Risk & Governance and Pentration Testing Services. Particularly worth mentioning are Privasec’s Health Checks and ISO27001 services. https://privasec.com.au

 

Sapphire Security, IT Security, United Kingdom

Founded in 1996, Sapphire is one of the leading cyber defence companies in northern England and Scotland. The company has four offices in the UK and is one of only 42 companies in the UK that have achieved the level of certification to evaluate and certify the British “Cyber Essentials Programme”. http://www.sapphire.net/

 

Vaadata, IT Security, France
The aim of French Vaadata from Lyon is to democratise cyber security with innovative services suitable for both start-ups and large companies. Vaadata’s values are based on our shared passion for hacking and the human factor. These are values that are very similar to those of LUCY Security. It’s a great Infosec company! https://www.vaadata.com/en/

 

 

You buy a phishing service directly from LUCY and we guarantee the start of the campaign within 10 days.

Start a Phishing Simulation within 10 days and for 1800 Dollars!

We guarantee: In 10 days and for 1800 Dollars to your first LUCY phishing simulation or awareness campaign!

You buy a phishing campaign or IT security training directly from LUCY and we guarantee the start of the campaign within 10 days. Describe your requirements and we will set up a service for you based on our existing attack or training templates. If you are under time pressure, no problem: Just tell us your deadlines and we will make it possible.

You buy a phishing service directly from LUCY and we guarantee the start of the campaign within 10 days.

In our shop you can purchase LUCY Educational Social Engineering Services: training, phishing tests and more: We set up a phish campaign or awareness training according to your requirements and based on one of our existing templates and prepare everything. This also includes individual templating: we configure Phishing simulations, SMiShing’s, file-based attacks, a “bad media” attack (USB/DVD/CD) or a security training as required. The configuration of the LUCY server including the server configuration is also part of the service.

Of course we carry out the campaign for you but you can start it yourself if you want to. Reporting and debriefing is included. LUCY Security also support you in interpreting the campaign results.

You get everything for 1800 Dollars and within 10 days. Buying and running phishing simulations has never been easier!

Buy Phishing Services – What is included in the package?

  • Requirements analysis with the customer
  • Campaign Configuration
  • Domain reservation and configuration (if required)
  • User management and import (if required)
  • Templating: Set up a suitable attack/training scenario based on an existing LUCY template
  • Up to 4 iterations for refinement
  • Detailed reporting after the campaign
  • Support during the campaign execution
  • Implementation guarantee within 10 days, provided that the requirements are clear and can be covered by the standard scenarios.

No long projects, no lengthy preparations, no hidden costs! Get the best content from the product leader!