Posts

LUCY Security Awareness Posters for free download

Free Security Awareness Posters for your personal usage

Nearly 70 new educational posters for printing and hanging – freely modifiable and available in two different versions. This is simple and effective employee sensitisation for security awareness.

educational awareness poster for free usage - photo

Educational Poster: Photo

educational awareness poster for free usage - illustration

Educational Poster: Illustration

The LUCY Software contains the posters also in the source format (Adobe Illustrator). You can revise and modify the posters according to your ideas. It’s that simple!

Two versions: The posters are available as illustrations and as photo posters. If you would like to edit the poster in the LUCY server or process it further for printing, please click on the navigation point Content template on the left, then click on the button Upload file or image in the visual editor. In the Image Info tab, click on the search server to download the Adobe Illustrator file.

Bring useful variety to your offices. Hang awareness posters. Change them from time to time. With over 60 templates included for free in the LUCY software, it’s no big deal!

 

 

Free Awareness Posters: Following topics are actually available:

01. Lock your device (Photo)
02. Lock your device (Illustration)
03. Sharing Information (Photo)
04. Sharing Information (Illustration)
05. Identify Theft (Photo)
06. Mobile Device Security (Illustration)
07. Surfing unknown websites (Illustration)
08. Surfing unknown websites (Photo)
09. Don’t share private info (Illustration)
10. protect client’s data (Illustration)
11. Identify Theft (Illustration)
12. Secure your mobile device (Illustration)
13. Verify client’s data (Illustration)
14. Build Security Block by Block (Photo)
15. Protect client’s data II (Illustration)
16. Spot the threat (Illustration)
17. Social Media Security (Photo)
18. Security depends on you (Illustration)
19. Protect patient data (Photo)
20. Secure your mobile device (Photo)
21. Our security depends on you (Photo)
22. Secure Payment (Photo)
23. Monitor transactions (Photo)
24. Protect customer’s data II (Photo)
25. Don’t take the bait (Photo)
26. Don’t take the bait (Illustration)
27. Become a human firewall (Illustration)
28. Become a human firewall (Photo)
29. Verify all transations (Illustration)
30. Impersonating institutions (Photo)
31. Be cautious of phishing (Illustration)
32. Be cautious of phishing 2 (Illustration)
33. Password Security (Illustration)
34. Danger of sharing on social media (Photo)
35. Insecured Wi-Fi (Photo)
36. Spoofing & Phishing (Illustration)
37. Whispering (Photo)
38. Bubble (Illustration)
39. Build Security Block (Illustration)
40. Coffee Shop (Illustration)
41. Call center (Photo)
42. Call center person (Photo)
43. Call center person (Illustration)
44. Bubble (Photo)
45. Card (Photo)
46. Coffee Shop 2 (Photo)
47. Coffee Shop (Photo)
48. Crazy Businessman (Illustration)
49. Private (Illustration)
50. One Device (Photo)
51. Personal Info (Photo)
52. Password Mobile (Illustration)
53. One Device (Illustration)
54. Mobile Device Security (Photo)
55. Protect patient data (Illustration)
56. Password Mobile (Photo)
57. Personal Info (Illustration)
58. Spam 2 (Photo)
59. Spam 2 (Illustration)
60. Spam (Photo)
61. Transaction (Illustration)
62. Sticky Note (Photo)
63. Sticky Note (Illustration)
64. Whispering (Illustration)
65. Transaction (Photo)
66. Identity Theft 2 (Photo)
67. Crazy Businessman (Photo)

At LUCY we are constantly delivering new security awareness content and the updates come for free! 

 

So that’s it  🙂  Keep on enjoying LUCY Server and our Security Awareness Training Content

 or download our free Community Edition here.

 

security awareness training update

Bam! Enjoy 163 new Attack and Training Templates – Unlimited Security Awareness Content

At LUCY we are constantly delivering new security awareness content. And that for free! Now 163 new templates have been added in one go: 20 training videos, 9 other awareness trainings and as many as 134 new attack templates. LUCY rocks! right?

Overview

New attack templates for Phishing Simulations

We have delivered 134 new or updated templates. Why are we adding so many? Because it has been proven that many phishing tests that run simultaneously and are sent out at random have the best sustainable training effect for employees. We also have responded to the various customer requests and now offer new group of attack templates who contain typos from known brand names. This is state of the art Security Awareness Training Content!

20 new training videos

The need for more training modules and especially for rich media security awareness content is unbroken. Our new training videos range from security awareness videos to social media usage. Check them out below!

Arabic and Danish as new (standard) languages

All scenarios of the Security Awareness Training Content are now available in several language versions. The language bar usually looks like this:

arabic as standard phishing template

Today we can safely claim that most of the content is available in Arabic, Danish, Dutch, English, French, German, Italian, Portuguese, Spanish and Turkish! Very often Russian and Ukrainian are added.

Beautiful Free and Editable Security Awareness Posters !

Editable and Free Security Awareness Posters Almost 70 posters are now available for publication. Place it in your office so that your employees always have the relevance of IT security in mind. The security awareness posters are equipped with either an illustration or an attractive photo. And best of all: The posters can be edited with Adobe Illustrator (c) because we provide the source files 🙂

How do I get to the new content?

If you have installed LUCY, you get a message that new content is available and you can download it. Otherwise, you can check in the Settings menu in the Download Updates section whether other new templates can be downloaded.

Can I maintain and develop my own templates?

Of course. LUCY is a standard software that was created for this purpose. This ensures reusability and investment protection. You can create your own attack or awarness training templates.

Details: The 2nd LUCY Security Awareness Content update of this year

Here are 163 new or revised training and phishing attack templates. Have fun testing and training!

 

Educational and Security Awareness Training Content Modules

29 updated or new courses: Enjoy our updated or new Security Awareness Training Content: Video / Quiz / Interactive , Course or Static.

01.) Social Engineering Course – This course helps employees understand the threats of social engineering.

 

 

02.) Email Only – This was a phishing simulation & Tips  This is a template that does not have a web page integrated. The employee is informed about the phishing simulation and receives a few tips on how to better detect such attacks in the future.

 

03.) Email Only – This was a simulation & Tips (Text)  This is a template that does not have a web page integrated. The employee is informed about the phishing simulation and receives a few tips on how to better detect such attacks in the future and where to report them.

 

04.) WIFI Security Course – This wireless security course (5-10 minutes) provides employees with an understanding of the risks associated with wireless networks and how best to protect themselves from them.

 

05.) Security Awareness video:7 Tips (close caption) – In this short 3-minute security awareness video we have put together 7 security tips, which involve best practices and policies that promote security. The video has english subtitles. The content (animation, language, script) is customizable. More info about customization can be found here: https://goo.gl/HXN9SG.

06.) Secure social media usage video (close caption) –In this security awareness video we talk about secure social media usage. The video has English subtitles. The content (animation, language, script) is customizable.

 

07.) Secure Internet usage video (close caption) – In this video we show you how to protect yourself when using the internet. The video has english subtitles. The content (animation, language, script) is customizable.

 

08.) Email Security Video 1.3 (close caption) – In this 9-minute security awareness video, we talk about email security risks. The video has subtitles.The content (animation, language, script) is customizable.

 

09.) Lucy Phishing Video 1.1 (close caption) – This is a 3-minute educational video about phishing attacks. The video has english subtitles. Each video scene can be customized (e.g. custom branding) and translated into additional languages.

 

10.) Mobile Security Awareness Video (close caption) – This short security video gives a few tips regarding the secure usage of mobile devices (mainly smartphones & laptops). The video has english subtitles.

 

11.) Password Security Video (close caption) – In this 5-minute security awareness video we talk about password security risks. We have put together a few security tips about best practices and policies. The video has english subtitles. The content (animation, language, script) is customizable.

 

12.) Physical Security Awareness Video (close caption) – In this 4:20-minute long security awareness video we talk about physical security risks. In addition, we have put together a few security tips, which involve best practices and policies. The video has english subtitles. The content (animation, language, script) is customizable.

 

13.) Social Engineering Video – This video is dedicated to the topic “social enginering”. The content (animation, language, script) is customizable. More info about customization can be found here: https://goo.gl/HXN9SG.

 

14.) Social Engineering Video (close caption) – This video is dedicated to the topic “social enginering”. The content (animation, language, script) is customizable. The video has subtitles.

 

15.) Data Privacy & GDPR Video – This video is dedicated to the topic “data privacy & GDPR”. The content (animation, language, script) is customizable. More info about customization can be found here: https://goo.gl/HXN9SG.

 

16.) Data Privacy & GDPR Video (close caption) – This video is dedicated to the topic “data privacy & GDPR”. The content (animation, language, script) is customizable. The video has subtitles.

 

17.) Identity theft video – This video is dedicated to the topic “identity theft”. The content (animation, language, script) is customizable.

 

 

18.) Identity theft video (close caption)  This video is dedicated to the topic “identity theft”. The content (animation, language, script) is customizable. The video has subtitles.

 

 

19.) WI-FI security video – This video is dedicated to the topic “Secure Wi-Wi”. The content (animation, language, script) is customizable.

 

 

20.) WI-FI security video (close caption) – This video is dedicated to the topic “Secure Wi-Fi”.
The content (animation, language, script) is customizable. The video has subtitles.

 

21.) Workplace Security Awareness Video – This video is dedicated to the topic “workplace security”.
The content (animation, language, script) is customizable.

 

22.) Workplace Security Awareness Video (close caption) – This video is dedicated to the topic “workplace security”. The content (animation, language, script) is customizable. The video has subtitles.

 

23.) PCI Security Awareness Video – This video is dedicated to the topic “PCI Security Awareness”. The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards. The content (animation, language, script) is customizable.

 

24.) PCI Security Awareness Video (close caption) – This video is dedicated to the topic “PCI Security Awareness”. The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards. The content (animation, language, script) is customizable. This video has subtitles.

 

25.) Password Security Video -SHORT (close caption) – In this 1-minute security awareness video we talk about password security risks. We have put together a few security tips about best practices and policies. The video has english subtitles. The content (animation, language, script) is customizable.

 

26.) Email Security Video – SHORT (close caption)  In this 1-minute security awareness video, we talk about email security risks. The video has subtitles.The content (animation, language, script) is customizable.

 

27.) Physical Security Video – SHORT (close caption) – In this 1-minute long security awareness video we talk about physical security risks. In addition, we have put together a few security tips, which involve best practices and policies. The video has english subtitles.

 

28.) Comprehensive security course – Topics in this course include “SHOULDER SURFING”, “PORTABLE MEDIA ATTACKS”, “VISHING (COLD CALLING)”, “CLEAR DESK POLICY”, “PHYSICAL SECURITY”, “VISITORS AND IN-PERSON INTERACTION”, “SOCIAL ENGINEERING”, “PASSWORD SECURITY”, “SECURE BROWSING”, “SECURE SOCIAL NETWORKING”, “USING PUBLIC WI-FI’S”, “MOBILE SECURITY”. Please note the different configuration options in readme.html.

 

29.) Awareness Training Library – THIS IS A WHOLE VIDEO LIBRARY – This template offers the possibility to link all existing LUCY training modules in a directory. The end user can then put together his desired training modules himself on an overview page. This is our biggest collection of Security Awareness Training Content so far!

 

 or download our free Community Edition here.

 

134 new and updated Attack Scenarios / Phishing Templates

1.) Free Bitcoins – The user is offered free bitcoins.

 

 

 

2.) Message – The scenario represents a typical communication attempt by a messaging service.

 

3.) Open position (resume enclosed) – Blind applications are a common tool used by attackers to get HR staff to download dangerous content from the Internet.

 

 

4.) Reset your google password – The user is informed that during a random check in the Darknet, you have found his login data and an attacker can misuse it to gain access to his google account.

 

 

5.) Visit to your city – This is a real example of a Russian dating scam that took place a few years ago.

 

 

6.) DHL Shipping confirmation (image only) – This is an example of a real attack that was carried out in the past on behalf of DHL. To get past possible SPAM filters, there is no text in the email, only an image which is linked.

 

7.) Message is only partially downloaded (image only) – This email specifies that the content cannot be displayed. The user is asked to click on a link to download the message. To get past a possible spam filter, only an image is used instead of text.

 

8.) LinkedIn Invitation – Because LinkedIn has become one of the most popular professional online networks, it has become a victim of occasional online scams. Scammers send LinkedIn users emails that appear to be from LinkedIn but are not. This is a typical real life example of such a scam. The logo and name are not modified in this template.

 

9.) Zoom Meeting Invitation – The employee is invited by a colleague from the HR department to a spontaneous zoom meeting to clarify suspicious surfing activities on his PC. The template uses the same formatting and wording as the original.

 

10.) Airbnb illegal activity reported – In this email, the user will be informed that an illegal activity has been detected on Airbnb’s behalf and will be reported to the authorities if necessary. These types of messages play on the user’s curiosity and fear.

 

11.) Instagram Password Reset – This scenario is a typical example of a fraud attempt, in which the user is led to believe that his password has been changed by a third party.

 

 

12.) Facebook notification missed from friends – This is a typical example of an attack in which the user is notified about missed activities of his friends. The logo and name were not adapted in this scenario to make detection more difficult.

 

13.) Facebook: See who liked your page – Most users of social media are by nature curious. They are interested in learning what is going on with their friends, their communities and the world at large. Unfortunately, scammers understand this curiosity and exploit it in an attempt to lure users into clicking on fake messages like this one.

 

14.) Cisco’s Webex – Meeting in progress! This attack scenario gives the user the impression that a WebEx Online Meeting is taking place on their behalf. This scenario adopts the typical features of such an invitation without deliberate errors in the logo or name.

 

15.) Xing Contact Request – Unlike an email address, the business plattform Xing reveals considerable information to scammers because your profile is the digital version of you. This is often used by scammers in the context of contact inquiries, which aim at the curiosity of the user.

 

16.) PayPal suspicious activity on the account – PayPal customers are constantly being targeted in phishing attack. In one of the most pouplar, criminals are distributing fraudulent emails claiming that PayPal has noticed suspicious activity on your account. The emails claim that PayPal has detected a successful sign in from an unrecognised device and you must therefore secure your account before it can be used again.

17.) LinkedIn: Account blocked due to inactivity –This scam first occurred in 2012, when Russian hackers collected and leaked millions of LinkedIn users’ passwords. These scammers send you a fake email, pretending to be the LinkedIn administrative team. The email pretends your LinkedIn account has been blocked due to inactivity. This is security awareness training based on real world examples!

18.) iTunes account confirmation – This attack variant against apple user was first observed in 2016. There have been reports of emails that appear to be from the Apple Store, asking the user to confirm his email to avoid the account from being blocked.

 

19.) LinkedIn – Policy Violation  The user is informed that his profile has been reported by another user due to violations of the general conditions. This example corresponds to a real phishing attack as observed a few years ago.

 

20.) Amazon – your account has been updated  In the past, Amazon users have been persuaded to click on a link using this type of phishing attack. In this scenario it is pretended that another user has changed the email address of the legitimate account owner.

 

21.) Dropbox – Account will be suspended  If there’s no activity on a users Dropbox account for an extended period of time, Dropbox will notify the account owner in an email. In the past, this pattern has often been used by attackers to gain access to user logins.

 

22.) Happy Easter Greeting Card as a phishing attack
A simple but effective security awareness training: Happy Easter Greeting Card as phishing simulation.

 

23.) SAP – The user is invited via mail to access the SAP account just created. This is a great software specific Security Awareness Training Content Template.

 

 

24.) Sharepoint Invitation
Websites in Sharepoint may be shared with external or internal users using this type of invitation.

 

25.) Sharepoint Login –Websites in Sharepoint may be shared with external or internal users using this type of invitation. The recipient will be able to login to a Sharepoint Website which is undergoing some technical maintenance.

 

26.) Netflix Account on hold – This is a replica of a real Netflix phishing attack from 2018, which uses character spacing to trick spam filters. This is a typical example of a mediocre attack email that contains some visual errors.

 

27.) Twitter
Your company is mentioned in WikiLeaks! A twitter message pretending that your company is mentioned in an article at wikileaks.

 

28.) SAP Login
 The user is invited via mail to access the SAP account just created. The fake SAP portal allows the user to login with his windows username and password.

 

29.) Amazon Prime Bonus Scam – In 2017, criminals were sending mass emails that appear to have come from Amazon and thank recipients for making purchases on Amazon’s “Prime Day”. The emails then invite recipients to go to the Amazon website to “write a review” and receive a special $50 “bonus” credit for doing so.

30.) Happy Valentine’s Greeting Card, attack template for phishing simulations 
A simple Happy Valentine’s Greeting Card as phish test template.

 

 

31.) Happy Mother’s Day Greeting Card – Nothing to add here, dear Mum 😉

 

 

32.) Happy Halloween Greeting Card – Happy Halloween Greeting Card.

 

 

33.) Happy Christmas Greeting Card – And last but not least a Happy Christmas Greeting Card as phishing simulation template.

 

 

34.) Microsoft Office 365 Online Login
The message asks the user to login to his/her “Microsoft Office 365” account. The login will generate an error.

 

35.) Citrix Login
In this template the user has the ability to log in and access his/her company’s work environment via Citrix

 

36.) Private Message – enter code to open it   In this template, which corresponds to a real message service with email encryption, the user is asked to enter his email address and a code (this is included in the message) on a web page.

 

37.) Join Skype – Business Meeting Invitation to a Skype Business Meeting.

 

 

38.) Join Skype Business Meeting (Web Login)
Invitation to a Skype Business Meeting. Login with Windows Credentials.

 

 

39.) Cisco’s Webex – meeting in progress (web login) – This attack scenario gives the user the impression that a WebEx Online Meeting is taking place on their behalf. The user can participate the meeting using his email adress and birth date as an authentication
mechanism.

 

40. – 106.) – Editable Security Awareness Posters – Informative and decorative educational posters increase security awareness. Editable and Free Security Awareness PostersThere are now 67(!) such posters available. They can all be edited and customized using Adobe Illustrator.
Usually two different types are available: As an illustration or photo poster.

 

107.) Windows Update
A new Windows Update is available and tries to trick the user for downloading it.

 

 

108.) Corporate WhatsApp Group
The user will be asked to register on a WhatsApp page of the company to join the new group.

 

 

109.) Outlook to Office365 Migration – As part of a transition from Outlook 2010 to the cloud-based Office365 environment, this scenario asks all employees to register on a new environment located at “login.microsoftonline.com”.

 

110.) Employee of the Month
A new offer enables employees to vote for a candidate who deserves recognition for his or her outstanding achievements.

 

111.) Google Leaks – The company informs the employees that their corporate network credentials have been breached and they should make a Google Search to find out whether their credentials are stolen or not.

 

112.) LinkedIn Company Profiles
The recipient is informed that the HR department has migrated all employee profiles to a newly created company page on LinkedIn in the last few months.

 

113.) BYOD, Open VPN Access
In this scenario, employees can use a new web based SSL VPN login portal to get access with their personal devices to all internal business applications.

 

114.) SSL VPN Compability Check (Netscaler)
In this scenario, the user is prompted to connect his remote workstation to the company network. A compatibility check of the computer with an executable file is also performed. The design is based on a Citrix Netscaler access.

 

115.) UPS Exception Notification – This is a copy of a real UPS attack example gathered from LUCY’s phishing monitoring service.

 

 

116.) Twitter “Corporate” – The user receives a notification that his company has set up a Twitter channel exclusively for all employees. He can keep up to date and receive the latest news about new entries, contests, company events, etc. in real time.

 

117.) NetScaler Unified Gateway SSL VPN
By using a new web-based SSL VPN login portal, employees have access to all internal business applications that allow them to work from a remote location.

 

118.) Facebook Company Page
The employee gets invited to join his company’s facebook page.

 

 

119.) PayPal Open Invoice

The recipient receives an invoice from a seller for a three-digit amount. To view the invoice, the user must login with PayPal. This attack is based on similar attacks observed by our research team in the past.

120.) Email in quarantine – This is an original copy of a phishing attack observed in 2018 by our research team, in which the user is tricked into picking up his quarantined email.

 

 

 

121.) Email in quarantine with Login Page – This is an original copy of a phishing attack observed in 2018 by our research team, in which the user is tricked into picking up his quarantined email.

 

122.) Employee Survey HR Portal – The employee is asked to log on to an HR portal to take part in an internal survey. One of the oldest and most efficient Security Awareness Training Content Templates has been revamped here.

 

 

123.) Netflix – Payment was rejected – This real phishing attack was registered by our reserach team in May 2018. In this attack, the user is informed that his payment method was rejected. This is an example of a better formulated attack with correct grammar and visual elements.

 

124.) F5 VPN Access – In this web-based scenario a VPN access of the company F5 is simulated. The user is asked to enter his user name, password and also his token code.

 

 

125.) Password Check for MS Windows – This extended password check shows the user how secure his password is during input. It is intended to test Windows(c) passwords. As soon as the user enters a password with more than 6 characters, it is transmitted to LUCY.

 

126.) Job Offer
The employee is contacted personally and made aware of a position that would fit his or her profile. This is still an efficient Security Awareness Training Content!

 

127.) Illegal license detected on your PC
 The user is informed that there is an illegal copy of software on his PC and that he must log in to check it.

 

128.) Bitcoin – Trade with a 500 USD starting balance  The user receives a starting credit of USD 500, which he can invest in Bitcoin in a predetermined period of time free of charge on a trading platform.

 

129.) Bad Employer Rating – A negative assessment of the employer has been published. This is a simple but efficient Security Awareness Training Content Template.

 

 

130.) Affordable car leasing for employees – Employees can lease a company car for a fraction of the original cost.

 

 

131.) Leak Alert: Verify your phone number – In this database of stolen records, the user can check if his phone number is being misused in any way.

 

 

132.) DocHub – Please Review Invoice  “Carl Mc Gregor” sends the recipients an invoice to review and complete.

 

 

133.) Melani – Swiss Reporting and Analysis Centre  Reporting and Analysis Centre for Information Assurance (MELANI) has been commissioned by the Federal Council to protect critical infrastructure in Switzerland. In this template the user receives an email about a possible data leak.

 

134.) Your expenses have been denied (SAP) – The user is informed that his submitted expenses have not been accepted.

 

 

So that’s it  🙂  Keep on enjoying LUCY Server and our Security Awareness Training Content

 or download our free Community Edition here.

 

LUCY Content Update 2018 with more than 165 new scenarios

165+ new and revised Phishing Test and Attack Training Templates – Large Awareness Content Update I/2018

Others require you to pay for new or individual attack and training templates. At LUCY, new Phishing tests, training courses or even videos are always included in the basic price! We show the highlights of the more than 165 new templates of the current content update I/2018. What is included in the Big Content Update?

New attack scenarios for Phishing Tests

We have delivered over 30 completely new new scenarios. It has been proven that many phishing tests that run simultaneously and are sent out at random have the greatest sensitizing benefit for employees. This is one of the reasons why the need for simpler’ hyperlink-based’ attack scenarios remains high. That’s why we added about a dozen new hyperlink scenarios. We also have responded to the various customer requests and now offer a’ hyperlink’ variant of some existing ‘web-based’ scenarios (these are the scenarios with landing page). In terms of content, customers report to us that phishing tests around the topics

  • Security alerts
  • Microsoft / Outlook 365 ©
  • notifications for any registrations on web platforms and
  • Smartphone / iPhone © Contests

Still achieve high victim rates (successful phishing simulations). This is why we have delivered further Best Practice templates in these areas.

New training templates

The need for more training modules is unbroken. Our new training modules range from interactive GDPR courses, new or revised videos to simple PDF onepagers.

Significantly more languages

All scenarios are now available in several language versions. The language bar usually looks like this:

Available Standard Languages Phishing Test and Awareness Modules

Languages supported out of the box

Today we can safely claim that most of the content is available in Dutch, English, French, German, Italian, Portuguese, Spanish and Turkish! Very often Russian and Ukrainian are added.

How do I get to the new content?

If you have installed LUCY, the newly available content is automatically reported to you. Otherwise, you can check in the Settings menu in the Download Updates section whether other new templates can be downloaded.

Can I maintain and develop my own templates?

Major customers such as Robert Bosch make intensive use of this functionality. International consulting firms maintain their own phishing templates, which are adapted and maintained on an ongoing basis for each country. LUCY is a standard software that was created for this purpose. This ensures reusability and investment protection.

Examples of the LUCY Awareness Content Update I/2018

Below we show you excerpts from the more than 165 new or revised training and phishing test contents. Have fun testing and training!

or download our free Community Edition here.

Educational and Training Modules

GDPR Course or TrainingGeneral Data Protection Regulation (GDPR) – This interactive e-learning course for employees introduces the GDPR and the key compliance obligations for organizations. It also aims to provide a complete foundation on the principles, roles, responsibilities and processes under the regulation.

 

LUCY Phishing VideoLucy Phishing Video (with Tracking Option) – This is our most successful 3-minute educational video about phishing attacks, shown in English, Spanish, German, Italian and French. Each video scene can be customized (e.g. custom branding) and translated into additional languages. See: http://phishing-server.com/PS/doc/dokuwiki/doku.php?id=create_a_custom_e-learning_video . This video allows you to track if the user watched the content.

Ohne Pager Training Phishing Awareness One Pager Phishing Awareness (responsive | 1.2) – This is a static one page long phishing awareness html template. It works with a min resolution of 360 pixels.

 

 

PDF Infoflyer for educational it-awareness purposesPDF Infoflyer – A one-page phishing awareness flyer (PDF) is embedded in this static web page. The editable word template is located within this scenarios template folder. After you make desired changes to the word file, please save it as a PDF with the name “info.pdf” and upload back to your LUCY instance using the file manager within this template. All content is 100 % customizable.

 

Phishing Security Exam V1.3 Phishing Security Exam (Version 1.2) – In this short interactive exam the user is asked a few multiple choice questions in order to test their knowledge regarding phishing. Duration: 10Minutes

 

 

Phisical Security CoursePhysical Security Course 1.2 – In this short security course, the user is presented a few facts about common threats and countermeasures regarding physical security (unattended devices, shoulder surfing, portable media devices, disposal of sensitive information, visitors, etc).

 

Secure Internet Usage Video Secure internet usage video – In this security awareness video we talk about secure internet usage. The content (animation, language, script) is customizable. More info about customization can be found here: https://goo.gl/HXN9SG .

 

Workplace Security CourseWorkplace Security Course – This course takes approximately 30 Minutes to complete. Upon completion of Workplace Security Awareness, employees and managers will be able to: Identify potential risks to workplace violence, describe measures for improving workplace security & determine the actions to take in response to a security situation.It is a long course requiring a superior skill leve.

 

New and updated Attack Scenarios / Phishing Templates

 

Bizarre News Phishing TestBizarre News – Some bizarre news article asking the user to click the link for more details

 

 

Confirmatin Social Media Profile as Phishing TestConfirmation Social Media Profile (hyperlink only) – A social media provider informs the recipient that a profile under his/her name has been created.

 

 

Contest as a phishing test

Contest (Link Only) -In this hyperlink scenario, people can participate in a contest to win a trip to Paris. This is one of the simplest templates but it is still effective. That’s why we reworked it and added some more languages.

 

 

 

Win an Iphone as a Phishing TestContest II – Win an IPHONE 8 v1.1 – As a part of a special promotion, the recipient can win an IPHONE 8 by registering with his/her company account.

 

 

Cutest Animals as Phishing TestCutest Animals – These animals were voted top 10 cutest in the world. The user is asked to click on the link to see full list

 

 

Dating Site Confirmation as Phishing TestDating Site Confirmation (Ladies) – An email that confirms subscription for a dating site and presents a few matching profiles. This template is intended for the male audience.

 

 

Tinder Confirmation as Phishing TestDating Site Confirmation (Gentlemen) – An email message that confirms subscription for a dating site and presents a few matching profiles. This template is intended for the female audience.

 

 

Dropbox as Phishing TestDropbox (Hyperlink Only) – In this hyperlink scenario the user is informed that a document on “DropoBox” is ready for download.

 

 

Email in Quarantine as Phishing TestYour action is required: email in quarantine 1.1 – This template is made to look like an innocuous spam quarantine message – something most people are used to seeing, but don’t pay a lot of attention to and wouldn’t necessarily question. It’s also preying on the user’s sense of curiosity, by saying you have quarantined messages, but not showing what they are. Once the user is logged in, he/she can download a PDF error report. The download can be tracked by the LUCY admin.

 

Email Access Restrictions as Phishing TestEmail Internet Access Restrictions -Using a new email security filter, the user is informed that his internet access will be fully or partially restricted.

 

 

Encrypted Email as Phishing TestEncrypted Mail (Download Only) – Encrypted e-mail access. The user is asked to download an encrypted e-mail message in an MS-Office © document.

 

 

Final notice as Phising TestFinal notice: unpaid services – You get afinal notice. A payment has not been received, and thus the account remains past due.

 

 

Funny IQ test as mock phish scenarioFunny IQ Test (Hyperlink only) – A hyperlink based scenario with a common IQ test question.

 

 

 

Funny IQ Test as Phishing SimulationFunny IQ Test Webpage – A web based scenario with a few common IQ test question.

 

 

Funny Pics as Phishing TestFunny Pics – Click on a link to explore funny pics on the web. It is a simple scenario but it is still working.

 

 

iCloud login as Phishing TestiCloud (Hyperlink Only) – This template simulates the iCloud tracking feature of lost/stolen devices.

 

 

 

Increase your mail storage as phishing testIncrease your internal mail storage – The user is asked to click a link to increase the mail storage quota in order to have access to the mailbox.

 

 

IRS Tax Refund as Phishing TestIRS Tax Refund – This is a real world tax refund scam example 😉

 

 

Lunch discount with macro as Phishing TestLunch Discount (Mixed with Macro) – Lunch discount voucher with a Macro available, after the user logs into the the authenticated area. This is a file based scenario including one of our own and safe droppers.

 

 

microsoft office 365 login as phishing testMicrosoft 365 © Online Login All new Version 1.2 – The message asks the user to login to his/her “Mircosoft Office 365” account. The login will generate an error, and the user will be able to download the software.

 

 

Microsoft Receipt as Phishing TestMicrosoft Receipt (eMail attachment only) – This is a file-based only scenario without a landing page. It contains a Word file with macros. When the macro gets executed, the script will simply connect back to LUCY using the built-in browser. No data is transmitted. You will have the ability to track who executed the macro.

 

Microsoft Virus as a phishing testMicrosoft Warning (Hyperlink Only) – The user receives a window style warning “Internet Browser is infected with a worm SVCHOST.Stealth.Keylogger.” and is asked to click on a link to resolve this.

 

 

Reedeem points from airline as phishing testRedeem points for Airline ticket – Some phishing scams do not ask for logins. Instead, they try to get some general information about the user by offering interesting giveaways. In this scenario, we ask the user to provide  information about past flights. Many people participate in these bogus giveaways thinking some of them might be genuine.  However, providing information about past flights is valuable for any attacker as it helps prepare more sophisticated attacks.

secure message waiting as mock phish templateSecure Message Waiting – In this hyperlink scenario the user will get a notification about a secure e-mail waiting in his inbox. This message template has different languages within the actual message body. The recipient can select the language at the top

 

termination of your email account as simulated phising attackTermination of your email account (Hyperlink Only) – Email messages which claim the recipient’s email account is in the process of being deactivated and hence he/she must click the link within the same email message to cancel the deactivation process.

 

termination of your email account as phishing testTermination of your email account – It is the same scenario as above. But after the ‘login’, the recipient will also be able to download a PDF error report. The download of this report can be tracked by the LUCY admin.

 

 

web surfing statistics as phishing simulation scenarioNew Web Surfing Statistics (Login & Macro) – Employees get asked to enter their MS-Windows credentials to access personalized web surfing statistics from a site, where they can download a detailed report that contains a Macro. This is still one of our most successful scenarios that’s why we reworked it.

 

simulation template: Workplace security notificationWorkplace Security Notification – “Workdaysystem”: a security notification from the workplace information system requires immediate attention. The notification details can be downloaded within the authenticated area as a traceable PDF

 

workplace security notification with word macro as phishing simulation (template)Workplace Security Notification (Download Only) – “Workdaysystem”: a security notification from the workplace information system requires immediate attention. The notification details can be downloaded as a traceable Microsoft Office © file with a Macro, that pings back to LUCY upon opening.

 

you have been tagged as phishing testYou have been tagged – Your picture has been tagged on “SocialHub”. Provide your e-mail and birth date to confirm that this is you!

 

 

your account was leaked as phishing testYour account was leaked! (hyperlink only) – The FBI Cybercrime Division informs the recipient that his/her email account was flagged in their database as potentially being used for fraudulent activity.

 

 

your account was leaked as phishing simulation including word macroYour account was leaked! (with Word Macro) – The FBI Cybercrime Division informs the recipient that his/her email account was flagged in their database as potentially being used for fraudulent activity. After filling the fields on the Landing Page, a MS-Word Document with a Macro will be available for downloading the database report. This is a new file based attack template.

 

premium membership account details as a phishing testYour membership account has been created – The user gets a notification that a membership account has been created and he has 24 hours to deactivate the account before his credit card gets charged

 

 

Train ticket purchase as phishing testYour train ticket is ready for download – The user gets a copy of his train tickets, which can be edited/viewed using a link

 

 

So that’s it so far. Keep on enjoying LUCY Server!

 

 or download our free Community Edition here.

 

Interactive GDPR Course by LUCY

Watch the GDPR Data Privacy and the General Data Protection Regulation Course [Video]

LUCY Learning Content – Our interactive GDPR course

This course aims to provide a comprehensive guide about how and why the Data Protection regulations should be put into practice in your workplace. It also explains what will happen if you don’t follow the rules.

Where do you find this course? It’s located as an awareness training in LUCY Server, but you can export the GDPR-Training as a SCORM-File and use it in any other Learning Management Solution.

The GDPR Course has seven sections or lessons

  1. In the first lesson of the GDPR Course you will learn the background of data protection and why it’s important. Key terms and exceptions are explained. In addition, you will learn some practical tips.
  2. In the second lesson, you will learn what the General Data Protection Regulation actually is, where it’s applied and what its basic purpose is.
  3. The third lesson shows a little more in detail for whom GDPR applies. Who is particularly affected?
  4. Chapter four deals with key definitions, for example the difference between personal data and sensitive data, what a recipient – or – what a data subject is. At the end of lesson 4 you will complete a short quiz.
  5. In the fifth lesson, you learn about exemptions from GDPR: – The data processor must disclose information when it comes to prosecuting a criminal offence, to name just one example in the course. And at the end of the lesson you will complete a short exercise.
  6. In the sixth part of the training you will learn the 9 principles on which GDPR is based.
  7. In the last and the biggest course part you will learn the real basics: How and in what way can personal data be collected and processed? Who needs to be informed and how? What is NOT allowed to do with the data? Who needs to be informed in case of a data breach and other security incidents?

Have a look at our second GDPR webcast. There you can see how such training courses can be set up within minutes and rolled out throughout the whole company. And: The software currently has fifty other modules for security training!

Thank you and have fun using LUCY! – Do you like our tool? Let us know if yes please! Thanks!

Longer and shorter videos for employee awareness education (and trackable)

Trackable educational IT security awareness videos with various durations from LUCY Security are included in all commercial editions of its Software.

Longer Videos for initial trainings and short videos for skilled workers! LUCY Security is aware that customers have individual needs. That’s why LUCY Best Practice Training Videos for employee education are rolled out in a long and in a short version. Today we present two recently added videos:

  • Secure Internet Usage Video (Long / Short)
  • Secure Social Media Usage Video (Long / Short)

Secure Social Media Usage Video: The content (animation, language, script) is customizable. The long video takes 5.4 Minutes and the short version is only one minute long.

In the second featured rich media training we talk about secure internet usage. Also here the content (animation, language, script) is customizable. The long version is 4.3 Minutes and the short one is one Minute long.

Video Statistics available

Who watched how long? These awareness training templates provide statisticial insights. They are reported in the dashboards as well in the campaign reporting.

IT Security Tutorial Content available for free download in LUCY

New IT-Security Tutorials and Videos available for Free Download in LUCY

Download the new set of security tutorial video’s and brand new phishing attack templates for LUCY Server. Big free content upgrade 2017-09 is available now for everybody.

We have heard from some customers that they would like to use shorter versions of our popular videos. LUCY Security meets this demand with the big content update 09/2017. Not only are rich media security tutorials and videos delivered, but also brand new attack templates for phishing simulations. The content was tested and improved by our pilot customers. We can only recommend the videos: Don’t only run Mock Phish Campaigns, but also educate your staff with security tutorials from LUCY!

No. 4 this year – This is already the fourth content update this year. The software actually counts 97 phishing simulation templates, 38 awareness trainings, 16 educational videos and 16 file based attack templates and everything is included for free in LUCY Server.

Spam Unsubscribe – Spammers sometimes just send an email to get the user to click on the unsubscribe link in order to verify their email address. In this scenario we simulate such a SPAM message with an unsubscribe link.

 

Payment reminder template for mock phish with lucyPayment Reminder (Payoner) – The recipient gets a reminder of a payment, which is due. Clicking on the “reject” button allows the user to start a dispute.

 

 

it security tutorial is available for free download in lucyEmail Security Video – Short Version -In this short (~1 minute) security tutorial video we talk about email security risks. We have put together a few security tips, which involve best practices and policies. The content (animation, language, script) is customizable. More info about customization can be found here: https://goo.gl/HXN9SG

 

password security video - it security tutorial is available for free download in lucyPassword Security Video – Short Version – In this (~1 minute) security tutorial video we talk about password security risks. We have put together a few security tips, which involve best practices and policies. The content (animation, language, script) is customizable.

 

physical security video short - it security tutorial is available for free download in lucyPhysical Security Tutorial Video – Short Version – In this (~ 1 minute) security awareness video we talk about physical security risks. We also have put together a few security tips, which involve best practices and policies. The content (animation, language, script) is customizable.

 

Infosec Tutorial Video - This IT security tutorial is available for free download in lucyLucy Phishing Educational Video – Short version – This is a 1 minute educational video about phishing attacks. Every video scene can be customized (e.g. custom branding) and translated into additional languages.  This video allows you to track if the user watched the video.

 

Mobile Security Tutorial VideoMobile Security Tutorial Video 1.1 – Short Version – This short security video gives a few tips regarding the secure usage of mobile devices (mainly smartphone & laptop). Length: ~ 1 Minute, Audiences and Skill Levels see above and please note that all video’s can be fully customized. More info: http://www.lucysecurity.com/PS/doc/dokuwiki/doku.php?id=create_a_custom_e-learning_video

 

ransomware tutorial videoRansomware Tutorial Video – Short Version – In this short video (~ 1 Min) we talk about the ransomware threats. Since the NotPetya and WannaCry attacks of 2017, this video is very popular!

 

Security Tipps Tutorial Video by LUCYSecurity Tips Tutorial – Short Version – In this short (~ 1 minute) security tutorial video we have put together a few security tips, which involve best practices and policies that promote security. The content (animation, language, script) is customizable.

 

Microsoft receipt tutorial from LUCY SecurityMicrosoft Receipt Mock Phish Attack Template – This is a file based only scenario without a landing page containing a Word file with macros. When the macro gets executed, the script will simply connect back to LUCY using the build in browser. No data is transmitted. You will have the ability to track, who executed the macro.

 

Avoid Phishing Attacks TutorialAvoid & Recognize Phishing Attacks (Remake 09/2017: Version 2.1) – In this static course we describe the different phishing types (MASS-SCALE PHISHING, SPEAR PHISHING, WHALING, VISHING, SMISHING, SOCIAL MEDIA PHISHING) and give the user practical tips. All content is 100 % customizable. Duration: 5-10 Minutes.

Security Awareness Videos, Tutorials, Trainings and Quizes from LUCY – everything is included!

By the way: If you want to translate the video into your local language, we do this for only 350 USD….

Security Awareness Videos 07/2017

LUCY Customers get great new Security Awareness Videos for free – Content Update 07/2017

Great new Security Awareness videos for you! Anyone can use the videos, owners of a commercial LUCY license can use them in training campaigns in an unlimited way.

New Security Awareness Videos from LUCY 07/2017

The content was tested and improved by pilot customers. We can only recommend the videos! Don’t only run Mock Phish Campaigns with LUCY, but also educate your staff with LUCY!

Create educational campaigns in LUCY where you can customize the awareness content and use the video out of the box. If you want to run an completely individual training for higher success you can order a semi custom video based on one of our movies for a reasonable price. Here’s a brief overview of the new Security Awareness Videos.

Videos for all audiences and requiring a low skill level:

  • Email Security Video: In this (9 minutes) security awareness video we talk about email security risks.We have put together a few security tips, which involve best practices and policies. The content (animation, language, script) is customizable.
  • Password Security Video: In this (5 minutes) video the user is confronted with password security risks. We show best practices and policies how to decrease the risk. The content (animation, language, script) is customizable.
  • Physical Security Awareness Video: This is a 4.2 minutes) security awareness video about physical security risks. It contains also security tips and we show best practices and policies. The content (animation, language, script) is customizable.
  • Mixed Awareness Template IV: This short 5 minute version of a mixed template contains a trainings video and gives the user a few security tips.

A video and a quiz requiring a medium skill level:

  • Mixed Awareness Template III: This mixed INTERACTIVE template explains how to recognize a phishing mail. It also contains a phishing quiz and a video. The duration is approximatively 15-20 Minutes.

 

Security Awareness Videos from LUCY – everything is included!

By the way: If you want to translate the video into your local language, we do this for only 350 USD….

Create and run a smishing attack in two minutes - LUCY screencast

Setup and Run a Smishing Attack in 2 Minutes – Educational Social Engineering with LUCY

A smishing attack is done easily with LUCY Server. Set up your educational social engineering campaigns and train your people.

Create and Run a Smishing Attack Simulations with LUCY Server. A Smishing Campaign is like a Phishing Campaign, but the distribution is done over SMS messages instead using email. With LUCY you can set up such a campaign as easy as a phishing simulation. This Video shows how it’s done. You need to have the mobile numbers from the recipients. Please take note that Smishing is unlawful in some countries! LUCY Security from Switzerland makes cyber prevention and IT-Security awareness affordable and available to everbody!

 

Ransomware Explainer Video by LUCY

Did you know that you can customize our Ransomware Explainer Video?

Adapt LUCY’s Ransomware Explainer Video to your own needs. Owners of a commercial edition can customize every educational video delivered by LUCY for a reasonable price.

Our Ransomware video explains in less than two minutes how to protect against Ransomware attacks. This is about the behaviour of each individual: do not open links from unknown, think twice before you click.

Many customers use the video without customization to train your organization. But there is also a considerable amount that want to individualize the video or they want to add customer-specific information into the video. With the help of our storybooks, which we deliver to the customer as needed, this is done quickly. This allows the desired changes or extensions to be clearly and easily documented and specified.

Thus, a rapid and low-cost individualisation of the learning content is made possible.

Contact us if necessary or if you have more questions here: Request a semi-custom video.