New Major Release is out - LUCY V4.4 is available for download

Brand new: LUCY V4.4 and why you should upgrade to the new version!

The second release using Debian 9.5 brings significant improvements to users of the Phishing Incident button. Further the GDPR compliance is now on the highest level!

The Office 365 (c) Incident Button is now matured and the Mail and Web Filter Test feature has been polished. Further improvements and bug fixes see below.

What is the Mail and Web Filter Test?

This Email and Internet malware protection test gives you an insight at how your mail server and web proxy handles different variations of files and file types. You can thus see whether potential malicious code, such as Java files, backdoors, scripts, embedded Office Objects are detected and blocked by the filter infrastructure. Based on these results, you can then carry out targeted phishing campaign. And you know which files „go through“.

Why is the new Debian Linux version so important?

The Linux Version that we used until Lucy V4.2 stopped receiving security upgrades from the vendor, so by moving to the new version you will continue getting security updates for all software for the Operating System level until 2022. In addition, Lucy will run on more recent versions of software, and this may speed some things up.

New Major Features in Version 4.4

What improvements and new features are particularly worth mentioning? (Some with links to the LUCY Wiki)



VmWare / VirtualBox / AWS / Native Linux available


Other Improvements and Bug Fixes

Other Improvements / New Features

  • Improvement – Improve template menu (awareness + scenario templates)
  • Improvement – SE: Catch email replies
  • Improvement – SE: Embedded email client
  • Improvement – Recipient Statistic Improvements
  • Improvement – O365: implement features from MSI plugin (Plugin)
  • New Feature  – Campaigns and CampaignScenario tables refactoring
  • New Feature  – SE: Time tracking for landing page


Fixed Bugs

  1. Server – Awareness Delay bug
  2. Server – End User Portal: incorrect redirection
  3. Server – Downloaded Files: incorrect calculation
  4. Server – Test Run: Awareness email isn’t sent if delay>0
  5. Server – Pinned Campaign checkbox: UI changes
  6. Server – Resend Button (Errors): MessageJob does not start
  7. Server – Risk Assessment: highlight recommended scenarios
  8. Server – Invert-Train: trained_at isn’t updated
  9. Server – Campaign name should be unique
  10. Server – Campaign Restore: User Id cannot be blank
  11. Server – Statistic charts are displayed as “in progress” in stopped campaigns
  12. Server – Quiz stops counting answers when get 10th question
  13. Server – Campaigns: backup is displayed when apply search
  14. Server – Campaign Recipients: Distribute users over selected scenarios
  15. Server – Mail & web filter test – 500
  16. Server – Users: Admin account is changed to end user
  17. Server – Update bug 4.3 => 4.4
  18. Server – No default reputation level is displayed after successful submission
  19. Server – Users: Certificate-based login
  20. Server – PHP error
  21. Server – 500 error during import recipients
  22. Server – Invalid awareness_id when restoring awareness only company
  23. Server – 2FA: second password is sent
  24. Server – Missed column names for recipient
  25. Server – Remove `Reports`,`Campaigns` from New Client
  26. Server – X-headers are not set in forwarded emails in O365
  27. Server – Scenario Templates: download instead of release date
  28. Server – Awareness website click stats is not anonimized
  29. Server – Landing Page Editor: Close Handler nor working
  30. Server – Advanced data not anonimized
  31. Server – Incorrect training score
  32. Server – Benchmark Sector settings: top-border overlapping
  33. Server – Text after quotes will disappear after apply search
  34. Server – Quiz Scores Distribution
  35. Server – Recepients: User see `null` text in alert during deletion recipients
  36. Server – Correct text placement in ‘Awareness website’ graph
  37. Server – Incidents: the Email domain is parsed incorrectly
  38. Server – Reports: remove extra tags
  39. Server – End Users: correct succeeded users count
  40. Server – Recipients import: custom fields aren’t imported
  41. Server – Users info is not anonymized
  42. Server – Hide anonimized user data on server side
  43. Server – Campaign Wizard: error creating campaign wizard with ‘Mail & Web Filter Test’, ‘Technical Malware Test’ types
  44. Server – New scenario cannot be added
  45. Server – Portable Media Attack: Failed AJAX requests
  46. Server – LHFC: Tool is not attached
  47. Server – Data in report template is not anonymized
  48. Server – Collected data is not Anonymized
  49. Server – Hide statistic info for company with anonymous scenario
  50. Server – CampaignGroupRecipientEditJob: recipient_count isn’t updated
  51. Server – PHP notice
  52. Server – awareness website – fake anonymity statistic
  53. Server – Adapt template: Website is disabled after saving basic settings
  54. Server – Can not close BenchmarkSettingsForm
  55. Server – 404 on “opened” item
  56. Server – Attaching renamed image
  57. Server – Unable to restore from backup
  58. Server – Campaign recipient link bug
  59. Server – End users not created for the phishing campaign
  60. Server – Data in export drop down is duplicated
  61. Server – PHP notice on time/top worst
  62. Server – Reputations Level bug
  63. Server – Campaigns: Unable to delete all campaigns
  64. Server – Error creating recipient without email
  65. Server – Error saving in “Base Settings” section
  66. Server – Campaign Wizard: 500 error on create campaign ‘Training’ type
  67. Server – LDAP: users from another domain are not imported
  68. Server – Campaigns: Runtime exception of save campaign name with <>
  69. Server – Awareness: 404 on preview website for specific template
  70. Server – Campaign Wizard: the 404 page on preview template
  71. Server – SMS issue
  72. Server – “Test Run” bug in portable campaign
  73. Server – Reputation Levels buttons bug
  74. Server – Recipients import: “records of page” dropdown bug
  75. Server – Recipients import dropdown bug
  76. Server – Dynamic Domain Save Bug
  77. Server – Search field is not cleared after clearing field and click Update button
  78. Server – Migration Tool: “Campaign templates” section is not copied
  79. Server – Campaign export : table appearance issue
  80. Server – Negative rating
  81. Server – API: scenarios bug
  82. Server – Time landing Page varaibale is not shown in help
  83. Server – Individual scenarios not running
  84. Server – Bad code performance in CampaignController.actionClearSimilarErrors
  85. Server – Error uploading logs to server (error 400)
  86. Server – View Only User Bug
  87. Server – Scheduler: Run Days data validation
  88. Server – End User Line Break Issue
  89. Server – Awareness Certificate: non-english scenarios
  90. Server – Broken link in the campaign breadcrumbs
  91. Server – Recipient group creation bug
  92. Server – Mail settings bug
  93. Server – Enduser login bug
  94. Server – Add language to template
  95. Server – Report Variable: limited interval
  96. Server – Report Variable: screenshot by scenario ID
  97. Server – Reminders page: numeric UpDown fields display only one digit in Firefox
  98. Server – Forward Email bug
  99. Server – Test Run: Resend bug
  100. Server – Recipient Import from CSV: Gender column is missing
  101. Server – End User portal: password.txt
  102. Server – Copy button display bug
  103. Server – CSS bug: too long campaign name
  104. Server – Enduser when creating users
  105. Server – Permission issues
  106. Server – Advanced settings form adjustment
  107. Server – View filters bug
  108. Server – Adding recipients from search results
  109. Server – Campaigns.recipient_count bug
  110. Server – Test run affects campaign running time
  111. Server – Campaign summary design issue
  112. Server – System creates endusers for portable attacks
  113. Server – Awareness page is still accessible after campaign is stopped
  114. Server – Wrong user info in campaign stats
  115. Server – Import from CSV: Link field verification
  116. Server – Collision of victim’s links in copied campaign
  117. Server – Performance test campaign is not deleted after stop
  118. Server – Campaign overview not showing success
  119. Server – Reports: file type settings are not displayed
  120. Server – Webpage upload bug
  121. Server – Object restore id bug
  122. Server – Wrong paginator url on recipient page
  123. Server – bug
  124. Server – LDAP: users who have name with brackets are not imported
  125. Outlook MSI Plugin – Outlook phish button error message when reporting mail which is in “draft”
  126. Outlook MSI Plugin – Big attachment bug
  127. Outlook 365 Plugin – Error parsing headers in O365 reports
  128. Outlook 365 Plugin – Useless function-file referenced from XML (with a wrong URL)
  129. Outlook 365 Plugin – Error for awareness reports
  130. Outlook 365 Plugin – Outlook 365 restored item bug


VmWare / VirtualBox / AWS / native Linux available
500 Free Recipient Credits included!


LUCY Software is an Security Awareness System with an integrated Learning Management System LMS and with Debian 9.5

New LUCY 4.3 brings a full blown LMS and Debian 9.5

LUCY V4.3 brings 
  1. The Learning Management System (LMS) has reached full capacity. It includes now the advanced education portal functionality for end users: This feature allows users/victims to log into Lucy on their own and track their progress over multiple campaigns/trainings
  2. A brand new Campaign Wizard
  3. 2-Factor Authentication for Lucy Users and Admins
  4. A new Training Type named Training Library: This feature introduces the ability to offer recipients a library of training materials, compiled of various awareness templates in LUCY Server
  5. The Software runs now on Debian Linux 9.5

Already at the end of September 2018 we have started the rollout of LUCY 4.3. The image is available on


The latest version of LUCY Server offers many interesting functional enhancements and improvements: A new wizard is available to make your first campaigns even easier. A two-factor authentication is now available for end users. Our LMS is now fully functional and has now the desired scope so that you don’t need an additional learning management system anymore. For the trainings there is now a real training portal, in which the user can manage his trainings and follow his learning progress. Especially we would like to point our new “Awareness Training Library”, where the end user can individually select his own training from a whole library of training modules. And there are even more new features worth to mention:

  • Threat analysis for endusers
  • Add attachments to PDF
  • User reputation report
  • Disk usage tracking
  • Block search engine networks from accessing Lucy
  • Incident center with Filter, Search and Sort
  • CSV, PDF export of Mail & Web Filter Test results
  • Campaign message log: search and filter


Linux Upgrade

The most far-reaching change is the upgrade of the operating system to Debian Linux 9.5 Stretch. This measure was necessary to ensure maintainability and to maintain system security, as this guarantees security updates for the OS until 2022.

All customers using a system hosted by LUCY have already been contacted or will be contacted directly by our support. Customers who use LUCY as VMware, VirtualBox or AWS appliance have an automated upgrade routine available for the update.

Customers who have installed LUCY natively on Debian, using a Docker container, will get an automated upgrade as well. Customers with native installations without Docker please contact our support as well. An appointment must be made to perform the manual upgrade.

Contact support in case of problems – We hope to have served with this information. If you have any problems with the upgrade, please do not hesitate to open a ticket directly at support (at) lucysecurity (dot) com. Note that no campaigns can run at the upgrade time and that the server is restarted during the upgrade.

Fixed Bugs in LUCY Software V 4.3

And we fixed a lot:

  • 4.3 Awareness Delay Bug
  • 4.3 Hyperlink Template show landing page
  • 4.3 mail and webfilter display issue
  • Admin port configuration bug
  • Annymous not working for downloads
  • Anonymisation bug fix
  • Apache: Syntax error in apache2.conf while doing graceful restart
  • API recipient-group mapping to campaign fails
  • Awareness certificate generation page
  • AwarenessCertificateJob: runs after stopping any campaign
  • Campaign comparison: recipients bug
  • Campaign Restart & Reset Stats button
  • Campaign Restart not working
  • Campaign Test Run feature: tracking clicks isn’t working in ‘Awareness only’
  • Campaign.recipient_count out of sync
  • CampaignManager.getRunning / getRunningCount bugs
  • Console Post shows empty GUI
  • Constantly running getIpJob
  • Correctly mark simulation reports for stopped campaigns
  • Divided by zero bug
  • DocX report Bug
  • Download Template: Hide Installed is ignored when Check All available is ticked
  • Download templates error
  • Download Templates: Lucy is unable to get ‘updated’ (new) templates
  • Empty report arrives if the option After I stop the campaign send me a report to.. is enabled
  • End User Profile page: available training / History gives a 404
  • Error 500 when downloading campaign template
  • Error downloading user certificate
  • Error in UI when using 2FA
  • Exception on saving Scenario settings
  • Fix awareness cert
  • Fix bug in edit scenario template
  • Fix LDAP bug
  • Fix remaining errors from QA
  • Forgot password
  • Generate Report bug: showDateTime method is missing
  • In the download links files the wrong choice of ip / domain is used
  • Incident Management: download message received by SMTP
  • LDAP cannot be deactivated
  • Lucy is unable to change timezone
  • Lucy Outlook Button: Server Address could not be resolved
  • Mail & Web test – file names bug
  • Mail and webfiltertest: not possible to rename the campaign name
  • Mail Settings resets after insatalling 4.3
  • Migration tool: bugs
  • Migration Tool: empty campaign bug
  • Modifying scheduler rule issue
  • MWF: remove options from scenario and template
  • MX check error
  • Not possible to bind recipients to a campaign
  • O365: No ‘Access-Control-Allow-Origin’ header
  • Outlook plugin download fix
  • Password recovery does not work for any user
  • PDF attachment fixes
  • Portable media attack fixes
  • Property VictimCustomFieldForm.value is not defined
  • Recipients: Copy&Delete buttons unavailable in Internet Explorer
  • Recipients: Select All > Delete leads to system failure
  • Reflective Master/Slave
  • Reminders: FATAL (Exited too quickly)
  • Remove stat fields from Campaign and CampaignScenario
  • Report: Error generating image (custom admin port)
  • Reputation levels: default icon
  • Request failed try again when saving Message Tempalate
  • Scenario Stats : Show All button
  • Scheduler: when start\end have the same time then the plan is not created
  • SCORM Export bug
  • SCORM export: language selection
  • Spoofing Test: could not resolve
  • SSL for Lucy console when custom port is used
  • Stats calculation error
  • Temporary folder bugs
  • Test Run: Email tracking breaks the campaign
  • Translation Bug fix
  • Undefined variable: ip

Have fun using LUCY! Let us know if you like something or if you are still missing some functionality.

We’ll document everything in our LUCY – WIKI  as soon we can! Download the LUCY Anti Phishing and Cyber Crime Prevention Software below!


LUCY V 4.2 brings the Gmail Phish Button!

Brand new Gmail Phish Button and full functional Mail & Web Filter Test: LUCY 4.2 is available now!

New LUCY Version 4.2: The popular Phishing Incident Plugin (Phish button) is now also available for Gmail. This means that Google Mail users now also benefit from automated threat analysis. Furthermore, the web and mail filter test has reached the full configuration status. Thus the search for loopholes in web communication is done in minutes instead of days!

LUCY V 4.2 is available for download now. Besides dozens of bugfixes the following new features are available:

  • Massively improved MWF test (Mail & Web Filter Test: Which file and message types ‘go through’?)
  • New SPF CHECK & MX Check (see below)
  • New Docker configuration (behind the scenes)
  • Add a few reporting variables in awareness mail /website
  • Postfix: support TLS for outgoing messages
  • Gmail phishing button!
  • New Campaign Overview Dashboard with new filters
  • Custom image support for Outlook phishing incident plugin
  • Template editor improvement
  • Automatic invoices (details see below)
  • Outlook Phishing Button Plugin: custom image
  • Mail spoofing test (details see below)
  • New Top Navigation


New SPF CHECK & MX Check

1) SPF check. Half our clients spoof their own company domain as a mail sender. As many use SPF records, those mails do not arrive and client thinks LUCY does not work. Thats why we created an SPF check:

  • First: The user saves the message template in a campaign.
  • Second: Verify, if there is a mismatch of the record and LUCY’s IP.
  • If yes, tell this to the user in a popup he need to acknowledge.

This check is also added to the general checks for campaign checks.

2) MX check: When saving an attack scenario, the system checks if the MX record points to LUCY for the sender domain. This is logically wrong. The sender mail server can be different from the MX. Thats’s why we developed a new check, where LUCY verifes if any MX record exists for the domain. If not: most mail server do not accept mail domains, where no MX record exist. Thats why there’s a new popup where LUCY tells the user, that the mail wont arrive unless the used sender domain OR the LUCY-Server IP number gets whitelisted,

Mail Spoofing Test

This tool will help the company to determine, if an external attacker can spoof mails (from company mail domain TO company mail domain; example: sender is [email protected] and receiver is [email protected]).

Automatic invoices

If the user buys more credits or buys lucy, the system creates an invoice (pdf) for the user automatically. The invoices then will be archived and remain accessible to the user.


Have fun using LUCY! Let us know if you like something or if you are still missing some functionality. Because we want to remain the best product on the market 😉

Fixed Bugs in LUCY V 4.2

  • “Benchmark Based” campaigns are incorrectly distributed on benchmarks
  • “Client” field in “Incidents” not filled bug (Outlook MSI)
  • “Reset Stats” button marks campaign as Not Running
  • “Service Logs” dont display logs when selecting files in the “File” field
  • “Trying to get property of non-object” when deleting recipient group(s)
  • 404 error after updating to 4.2 when trying to use system with domain
  • Advanced Settings: Date Time & Export issues
  • After update 4.1 – 4.2: Adding a group refresh bug, After start campaign check not working, Copy webpage refresh bug
  • After update on 4.2 – endless reboot
  • Awareness certificate – checkbox “Create Awareness Certificate” bug
  • Awareness certificate file is downloaded without the use of customized styles
  • Awareness Certificate: enduser bug
  • Awareness only report summary chart bug
  • Awareness page link
  • Backup\Restore of campaign (between two different Lucy instances)
  • Campaign comparison bugs
  • Campaign recipient management bug
  • Campaign report doesnt include the content of variable %charts.analyse%
  • Campaign Restart (Reset Stats)
  • Copy Webpage: SSL Error
  • Critical reports bug (from 4.0)
  • Data for plugin cleared
  • Delete duplicate creates unspecified db error
  • Deletion all recipients bug
  • Digital Signature (error: The message contents may have been altered)
  • DKIM selector always is “mail”
  • Download Templates: Install & Replace
  • Editor 500 Bug when accessing system folder via file explorer
  • Error “Empty recipient list.” when adding selected recipients to campaign
  • Error “SMTP server not found” when using “Default Mail Settings”
  • Error 500 if Awareness Only scenario is missing
  • Error 500 when saving Whitelabel
  • Errors in the Whitelabel section
  • Fix Invoice page
  • From LDAP server only some users imported to “Users”
  • Gmail Addon: plugin page causes Error 500
  • Impossible to add recipients in a portable scenario through the campaign
  • In the download links files, the wrong choice of ip / domain is used
  • Incident stats issues
  • Info “Download files” and graphics style bug
  • Label fix
  • LDAPS connection doesn’t work
  • LetsEncrypt: replace expired certificate
  • Letter about changing status of the domain comes in German
  • Login using personal certificate issue
  • Lucy is not updated from 4.1 to 4.2
  • Messages in application log
  • No references to recipients in groups in the “Recipients” section
  • Outlook Plugin: Custom icon causes Outlook to crash
  • Recipients copy bug
  • Recipients search causes error 404
  • Remove/reinstall MSI addon bug
  • Resend Email fails with Database error
  • Scenario landing page proxy bug
  • Skipped questions bug (quiz)
  • SmtpErrorsCommand bug
  • SSL generation bug
  • Template “Health Promotion 1.1” issue
  • Templates: filenames (without spaces)
  • Time variable is not working in landing
  • Training Library: awareness links in preview mode
  • Unselected scenarios included in delayed campaign report

We’ll document everything in our LUCY – WIKI  as soon we can! Download LUCY Anti Phishing and Cyber Prevention Server below!


LUCY Version 4.1 is available for download

LUCY Version 4.1 available for download

Users get certificates of attendance when they successfully complete an Awareness Training. Send signed phishing emails, extend your purchased domains and much more! Download the new Release, try the powerful Community Edition!

LUCY V 4.1 is available for download since the end of March 2018. Besides dozens of bugfixes the following new features are available:

  • Mail and Web Filter Test (Which file and message types ‘go through’?)
  • Attendance Certificate for successful trainings / Traning Diploma
  • Recommended email domains in templates
  • Digital signature in phishing emails
  • Domain renewal option
  • Scheduler randomization improvement
  • Date view options
  • Website Cloner improvements
  • XML export support
  • Export Recipient Groups
  • Reports: Table of contents improvements
  • Enduser Profile Improvements
  • Reports: Image placeholder
  • MS-Outlook / Office365© Incident Plugin improvements: configurable ribbon label, inline email forwarding options
  • Dashboard changes
  • Report: Hourly Stats default Value
  • More Whitelabeling: Change default name, copyright, logo, etc.
  • Now you can edit nearly all Text Messages or Labels!

Have fun using LUCY! Let us know if you like something or if you are still missing some functionality. Because we want to remain the best product on the market 😉

Fixed Bugs in LUCY V 4.1

  • Anonymous mode bug
  • Change language scenario bug
  • Click rate and success rate wrong formula
  • Display imported recipients in End Users bug
  • Fix postfix memory limit
  • LDAP import bug
  • LDAP: display list of users
  • Mail Settings Bug
  • Mixed Scenario Template doesn’t collect User Data
  • O365 – email format error
  • Plug-in for Office 365 (bugs & improvements)
  • Redis memory issue
  • Reminders bug
  • Rescheduler bug
  • Resend Awareness Email issue
  • Scheduler plan bug
  • Scheduler: Awareness Only
  • Settings Check error: Scenario Awareness Only has no recipients
  • Several recipients were not added to the schedule plan
  • URL Shortener bug
  • Use quotes in file download names everywhere

We’ll document everything in our LUCY – WIKI  as soon we can! Download LUCY Anti Phishing and Cyber Prevention Server below!


What is New in LUCY Version 4.0?

The 14 best new phishing and databreach prevention features in LUCY V4.0 [Video]

With 4.0, we’ve rolled out a pretty long list of new features and improvements. Our cyberprevention server has become even better than it already is. In this article, we would like to show you our 14 favorite new features that are worthy of special mention.

01. Dashboard improvements One

Starting with LUCY 4.0 we re-designed the dashboard. Filter by type or by execution status, use the search field and select between multiple dashboard modes.

02. Dashboard improvements Two

Widgets! Can be moved on the screen

03. Incident Auto Feedback

Including Risk Score Autoresponder. LUCY allows the admin to define an auto responder for submitted emails through the phish button. The risk score uses the IP’s and domains in your email and compares them with databases that contain information about malicious activities

04. Threat mitigation

The threat mitigation is a new feature that allows the LUCY admin to report reported phishing mails to according abuse contact of the provider’s originating IP address taken from the message header. You can click on the mail symbol within the incident center to initiate the sending of the report

05. Risk Assessment mode for campaigns

Instead of showing only raw data about how many users have been successfully phished, we can additionally provide a risk assessment methodology in LUCY, that shows the exposure to certain threats. We can classify different types of threats/Likelihoods such as Technical threats (e.g. unsecured windows PC, unsecure browser etc.), internal threat (e.g. uneducated user who clicks on certain content) and externals threats through hackers (latest trends in attacks, e.g. exploiting a specific browser vulnerability). In LUCY 4.0 we implemented the 1st analysis step and in the coming releases, this feature will be improved.

06. Create a new campaign based on a previous campaign template

LUCY now allows an administrator to create a template based on a previous campaign. The template consists of all settings including all associated scenario and awareness templates. You can then start a new campaign, using this campaign template

07. User reputation

The user reputation level is a score that gives every user a specific profile based on the number of tests performed against this user and the amount of successful phishing simulations.

08. New message template variables

Lucy allows you to use multiple variables within the message template. The variables pull the information from the recipient in the associated group. We added a few new variables (e.g. Gender specific variable) and you can now also use the dropdown in the message template to insert the variables at the right place. New is also the option to use these variables in the message header.

09Authoring Toolkit 

Create e-learning content with the integrated ADAPT Authoring tool: LUCY comes with an integrated e-learning tool called ADAPT. Adapt allows you to build a Multi-Modal content. You can watch videos, listen to audios with transcripts, and complete quizzes. Adapt also has Multi language and localization support Adapt is designed to solve a problem in eLearning. When you’re faced with delivery to multiple devices, such as desktop, tablet, mobile, you have a choice: you can create multiple versions, each optimized for specific devices, or you can use a responsive design approach. If you create and optimize multiple versions for each device, you might build in Flash for desktop, a native app for iPhone, a different version for iPad, and Android, and so on. As you can see, this method is complex and expensive. Then when you start getting into translation and maintenance, it gets out of control pretty quickly – not to mention the tracking issues if you’re trying to track data from multiple sources. Adapt gives you a different, and much simpler option. Adapt creates just one version of your eLearning in HTML5, which responds intelligently to the device it is viewed on.

10. Reputation Based Learning 

Assign custom e-learning content based on a user’s reputation level: Based on the amount of successful attack simulations for an individual user, you can assign a specific e-learning template in LUCY. If a user didn’t fall for a phishing simulation yet, you might want to assign a different e-learning content than for a user who continuously submitted sensitive data in previous phishing simulations. Please visit this chapter for details.

 11. SCORM export of awareness content

All e-learning templates can now be exported using the SCORM format, allowing you to use the LUCY content in another  LMS (Learning Management System).

12. Advanced export features

Starting with LUCY 4.0 we added a navigation item called export within the campaign overview page. The menu that opens allows you to export any campaign related data

13. Randomization feature for the scheduler

We added a randomization feature, that allows you to split up your recipients over different scenario’s using the scheduler.

14. New real time statistics overview

The real time statistics were improved and they include various data sources and ‘views’ that allow you to see the overall campaign statistics (attack & e-learning) on one page.

Wiki Resources

  1. Dashboard improvements (Dashboard)
  2. Dashboard improvements (Widgets)
  3. Incident Auto Feedback
  4. Threat mitigation
  5. Multiple Default Campaigns
  6. Risk Assessment mode for campaigns
  7. User reputation
  8. New real time statistics overview
  9. New message template variables
  10. Authoring Toolkit
  11. Reputation Based Learning
  12. SCORM export of eLearning content: 
  13. Randomization feature for the scheduler 
  14. Advanced export features


Do you like our tool? Let us know if yes please! Thanks!

New Release LUCY V 3.7 is out – Download or update now!

The new release of LUCY Server V 3.7 has functional improvements. Notable changes and new features:

  • New dashboard & new dashboard actions (WIKI): It makes the handling much easier, especially when you have a lot of campaigns running

  • New report template variables (WIKI): Finally you can put everything into your Campaign reports!

  • New REST API (WIKI): Integrate your personal LUCY instance into your corporate infrastructure or enhance the functionality. It’s a bidirectional Interface and we have already partner companies developping add-ons for LUCY (to be announced soon). API functionality is available only to the Corporate Edition.

  • Office 365 Outlook plugin (in addition to the Microsoft Outlook Plugin for Windows)

  • Outlook plugin improvements: custom subject, multiple recipients, additional headers (X-CI-Report)

  • A new Enduser profile page, your personal learning and training portal (LUCY Wiki)

  • Deeper report customization

  • Default campaign template for even more efficient campaign creations

  • Threat Analyzer: Automated Incident analysis improvements (Available to Business Edition and above)

  • CC, BCC and fake TO fields in messages

  • AV/Firewall protection improvement

  • Recipient upload improvement

  • Dashboard page improvements

  • A new “Stop All Campaigns” button (makes patching easier)

  • Scheduler improvements

  • Disable campaign checks option

  • Replace BeEF with custom JS library. The active information gathering for client browser data and plugins has been rewritten. New, LUCY own code is used for that.

  • Fake deletion (you won’t accidentally delete anything)

  • Add comparison/benchmark charts into report

  • Extended reporting options

  • Custom logos in the campaign report. After a successful campaign you can generate a report for the management. You can select between different formats like html, pdf or even in a *.docx format (easy editable later on).

  • Report variable validation

  • Backups speedup

  • Backup DB data. You can Backup your own DB now

  • Domain registration improvements

We’ll document everything in our WIKI as soon we can!

Download LUCY Anti Phishing and Cyber Prevention Server below!

A new Phishing Alert Button for Users - One new feature of LUCY Anti Phishing

Alive and Kicking: LUCY V 3.6 is out!

The new release of LUCY Server V 3.6 has some functional improvements. In particular, changes were made under the hood. We fixed security-critical bugs and the Microsoft Windows 32/64 bit installation packages were separated for the Phishing Incident Plug-in. We strongly recommend to download the newest version of LUCY!

A new Phishing Alert Button for Users - One new feature of LUCY Anti Phishing

Notable changes and new features in LUCY V3.6:

  • Visual changes on the Dashboard
  • New Incident PLug-In (splitted versions x32 / x64)
  • New version of active vulnerabiltiy detection (BeEF replaced)
  • A new version of the active vulnerability detection feature based on own code
  • Fake deletion (you won’t accidentally delete anything)
  • Custom events support
  • Add comparison/benchmark charts into report
  • Extended reporting options
  • Report variable validation
  • Backups speedup
  • Backup of DB data
  • Dashboard improvements
  • Improved Report Templates

Download LUCY Anti Phishing and Cyber Prevention Server below!

The new version 3.4 is available and thus also a world novelty

We launched LUCY V 3.4: Cyber prevention as well as IT health checks affordable for everyone and the world-wide new integrated threat analysis of incoming e-mails using the LUCY Risk Score are the highlights of the current release.

Threat Analyser and Risk Score

The “Cisco 2017 Annual Cybersecurity Report“, which is highly regarded in the industry, puts it in a nutshell: “…In many cases, their securityteams can investigate only half the security alerts they receive on a given day.” This is where the Threat Analyzer provides a remedy and relieves the security team of routine work!

The newly introduced Threat Analyzer allows comprehensive threat management and risk analysis of e-mails who have been submitted by users using the Phishing Incident Plugin for MS-Outlook. The LUCY Risk Score calculated by the LUCY Server is a world-novelty. For the first time, internal databases and IT security rules are combined with external threat information. The world’s first multi-level analysis algorithm of the suspicious e-mails allows the calculation of a particularly meaningful key figure – the LUCY Risk Score. First, the header data of the message is inspected. This is followed by the investigation of the message body. Subsequently, the trustworthiness of the sender as well as of the dispatch route are checked and finally the internal security rules are applied. This results in a comprehensive KPI:

E-Mail Risk Score by LUCY


Phishing Incident Plugin for MS-Outlook available everywhere

The plugin allows an immediate response to running cyber attacks. Because it’s such a powerful and highly beneficial feature we decided to make the functionality available to all commercial editions of LUCY Server. Already for 350 dollars you have the possibility to introduce a company-wide cyber alert-system in the enterprise. And that without user limitations! Read more about our Phishing Button here.

Multi-language awareness page

Since LUCY V1.0 you have the possibility to run several language versions of the same scenario in a mock phishing campaign. Now you can do the same with your learning and training content. With that LUCY became the most multilingual solution in the market!

“Collected user data” available in reports

The data you collect during a campaign from the users is now available in the reports and the data can be exported as well for further analysis. Read more about statistical campaign data in our Wiki.

Even more new or improved Features in LUCY V 3.4 :

  • Letsencrypt autorenewal SSL
  • Campaign stats page improvement
  • Phishing Incident Plugin for MS-Outlook fixes & improvements  (completely new code)
  • New stats for portable & file-based attacks
  • Performance improvements in the frontend (Ajax settings)
  • Enable screenshots in the java plugin (dropper)
  • Other minor improvements and multiple bugfixes

Upgrade now to the ultimate Phishing Tool (and it’s even more ) ! Or download below:

The ultimate Phishing Tool and even more – LUCY V 3.3 out now!

A completely redeveloped PhishButton, Reports in Microsoft Word format, improved learning management system (LMS) functionalities: LUCY had become the ultimate Phishing Tool (and even more)! And it’s still free for up to 50 Users! Download it now.

New Version: The Phishing Tool and its training functionalities

Again, we put lot of efforts into our baby. With the feedback from our customers and we improved many existing features. Here’s the list:

Completely new Outlook Plugin / Phish Button: Starting with LUCY 3.3 the plugin is a signed MSI file and programmed as a C++/COM object. The loading time of the plugin is around 10 Milliseconds.

Reports in Microsoft Word Format – Docx: Within each campaign you will find a button that allows you to create a PDF, HTML, raw CSV and now in Version 3.3 a Word report based on a predefined *.docx template report format

New CSV reports. Export the insights you got in raw CSV format

Embedded java exploit: The JavaExploiter is a signed applet that will execute one or multiple commands and report back to LUCY

Recipient stats page improvement:

Alternative dashboard views & actions: You can select different default views for your dashboard and starting with LUCY 3.3 you can export the dashboard info (overall stats, campaign names etc.): Ability to reschedule awareness training: Starting with LUCY 3.3 the recipient will be able to re-schedule an awareness training.

The ultimate Phishing Tool Dashboard - LUCY V 3.3 is out

New Dashboard Style available – LUCY – Phishing Tool and more

Comparison improvement: Starting with LUCY 3.3 you have advanced comparison statistics that allow you to make also trend analysis

Scheduling improvement (Timezones)  Now you have the ability to create scheduling rules based on different time zones. If you specify a longer time range you can also ensure, that mails are not sent out on weekends by selecting the according checkbox

Victim reminder: The victim reminder is a new feature that can be configured within a campaign. It allows the administrator to define, that recipients who did not click on a link, did not start a training or did not finish a training, get a reminder message send after X days (to be specified).

Automated awareness link delay (LMS): Now you can set a delay for the automated awareness email. This setting will ensure, that people within the same office will not all be informed immediately that a phishing simulation took place.

Recipient list custom fields:  You can create custom recipient fields now. You can add any new recipient attribute you want (e.g. city, gender, education etc.). Those attributes can be used for using customized statistics in LUCY (dashboard filters or raw exports).

Linking a custom Wiki / Optional manual view: By default the LUCY admin or view only user will have access to the LUCY WIKI. If you don’t want to expose the WIKI or create your own web based manual with your corporate design, you can go to the advanced settings and define a link to your manual

Even more new or improved Features in LUCY V 3.3 – The ultimate Phishing Tool:

  • Ability to install all available patches at once
  • Improved charts in reports
  • Time-based variables in message templates
  • Website copying improvement
  • Campaign recipients page improvement
  • Victim side optimizations
  • License purchase improvement
  • Improved statistics
  • Campaign blocking improvements
  • Benchmark statistics improvement
  • Ability to detect clients behind proxy
  • Awareness scheduler improvement
  • Possibility to rename fields in report
  • Timeline improvements
  • Closed JS files from unauthenticated access
  • Setup tool improvement
  • Optional custom 404 for domains
  • OpenDKIM improvements
  • Optional let’s encrypt domain check
  • IDN improvements
  • Limited view account
  • Menu adjustments

Upgrade now to the ultimate Phishing Tool (and it’s even more ) ! Or download below: