Posts

Phishing Attacks Made Easy Webinar 2018

How do I do a file-based phishing email simulation and training? [Video Tutorial]

Phishing Attacks Made Easy – In 15 minutes to a savvy professional attack with file-based phishing email and IT security training. Prevent cybercrime, strengthen your employees!

The recording of the webinar moderated by Kevin Beaver shows how to provide an advanced phishing campaign. The video tutorial is rounded off with a search for existing data leaks in the darkweb.

 

 

During the screen presentation you will be shown the following steps in the creation of a file-based phishing simulation and the subsequent training lesson:

00:00 – Introduction “A wrong decision is all that it takes” by IT Security Expert Kevin Beaver

08:45: Creating a simulated phishing attack using the new LUCY Software V4.3. Security Evangelist Oliver Münchow shows how to create a sophisticated attack simulation and training campaign with the LUCY software in no time at all:

  • Selection of a Phishing Simulation
  • Create a landing page similar to the login page of an Office 365 © installation.
  • Configuration of a harmless Trojan in the ‘Installation file for Office Mail’.
  • Selection of the training module for the subsequent Awareness Training
  • Executing the awareness-raising campaign
  • Statistics / reporting of phishing simulation and the employee training
  • Reporting suspicious emails using the Phishing button and the Incident Console’s working method

23:00 Dark Web Research & Analysis: As a bonus the new LUCY Darkweb search for existing data leaks is presented (Preview)

26:50 Q+A: Questions from the audience moderated by Colin Bastable LUCY USA

About – The LUCY software serves to prevent cybercrime. The product can be installed locally or downloaded from the cloud. Hundreds of attack templates and training modules are available so that the solution can be used immediately. In the meantime, LUCY has been downloaded over 11000 times and installed over 6000 times. Customers like Robert Bosch, Pioneer or SEB-Bank are customers of the Swiss company with offices in Switzerland and Austin Texas.


LUCY is available in the Cloud or locally (download here)

Contents of the Webinar Video:


LUCY is available in the Cloud or locally (download here)

 

Top Ten Phishing Emails based on customer surveys

The 10 most effective phishing mails for employee sensitization [customer experience sharing]

Simple = Effective. For the top 10 Phishing Emails a simple formula obviously applies when it comes to the question of which phishing simulations are the most effective. During the LUCY User Conference 2018, a survey was conducted among the participating customers to find out which is the best or most effective phishing campaign.

The 10 best phishing mails for the employees are all simply structured. Nevertheless, even with repeated use, high ‘penetration rates’ are achieved. These are the top 10 phishing mails used by the LUCY user community:

  • Private files found on the computer that will soon be deleted
  • Unauthorized files on your drive moved to quarantine
  • E-Fax Phishing scenario with your own company logo.
  • GDPR / DSGVO – Information or confirmation letter
  • Near-time use of security incidents from the real world such as ‘Your data in the Ecofax data breach.
  • Company events such as ‚Your personal data for the preparation of the office move’.
  • Survey-based phishing attacks, especially the HR survey
  • Discounted or free offers (e.g. use Microsoft licenses for home use)
  • New bonus calculation for employees
  • Login masks of all kinds, in particular the Office 365© Login
  • Quarantined unauthorized files on your drive

 

Top Ten Phishing Emails based on customer surveys

According to customer statements, these are two of the most effective phishing templates for employee cybersecurity sensitization: bonus campaigns (fitness subscription) or the e-Fax scenario.

Hundreds of such templates in the Lucy software – so to speak for all above mentioned Top 10 Phishing Mails there is a template in LUCY! The simulated phishing attack is set up in no time, is always available in several languages and can be completely individualized, regardless of whether you prepare the campaign yourself or have it handled by a third-party provider (or even by LUCY Security itself).

Discover a small extract of the effective phishing mails from LUCY! With the large ‘Content Update 2018’, more than 150 new attack and training templates are available to you in one fell swoop. Click here for the table of contents.

Or download our Free Software here

 

An e-Fax Phishing Scam with a trackable PDF File [Video]

Check whether and how many users download a supposed E-fax in PDF format and open it if necessary.

At the turn of the millennium, many companies banned the physical fax machine from the offices and instead introduced fax servers with mail functions. Since then, the number of fax messages sent has fallen almost to zero. Such seldom-used business functions are a popular attack vector for cybercriminals. The eFax attack template with integrated, traceable PDF file is one of the most popular scenarios of the LUCY Cyber Prevention Server. We show in a short video how to configure a phishing campaign and how to track the file download.

This campaign can be carried out with any version of LUCY, including the free Community Edition. The process is completely harmless and no confidential data will be sent to third parties.

Why does the scenario use a landing page for the ‘fax’? This is due to the fact that a PDF does not have a function that allows tracking as long as the end customer does not use a vulnerable PDF reader. The only way to track whether a PDF has been downloaded is to embed the file in a web page.

Further highlights of the LUCY software

  • In addition to phishing tests, the solution also allows comprehensive training of employees with many templates.
  • Local and cloud installation possible
  • LUCY’s Phishing Alarm Button allows easy notification in case of suspicion.
  • The Incident Console in LUCY automatically calculates an Email Risk Score and informs the end user about the risk potential of the reported message.
  • Prefabricated malware simulations show you to what extent an attack on your network would be successfulThe malware simulation also provides tips on how to fix any weak points.
  • You always remain in control of your data, no information is transmitted to third parties!
  • Complies with GDPR

 


or download LUCY here.

 

Run Phishing Test using LUCY

run a mock phish campaign using a game

Have you ever been phished using a game?

When it comes to playing, many people are often unreasonable. A new LUCY Mock Phishing Attack Scenario is trying to take advantage of this fact. In the “Flupy” game, employees can try to win movie tickets. Unfortunately they are becoming the ‘victim’ of a phishing simulation.

Get phished using an online gameThis is once a little different IT security awareness campaign . We find, you can also bring a little humor and fun into this really very serious topic.

Otherwise there are different attack template types available. The Flupy Phishing Attack template is a classical web based attack type. People are directed to a landing page, where they are enticed to enter their user data.

Of course there are other Attack Types available: File based attack templates (Scenarios with customizable attachments) or hyperlink scenarios are also available. A special Attack type are USB /DVD based Mock Phish Attacks. LUCY even allows to create ISO Format DVDs with ‘attack files’ on it.

And of course you can mix the different attack types together in one big, sophisticated campaign.

We wish you lots of success with phishing simulations with LUCY!

LUCY provides many more realistic phishing attack templates. Have a look!

 

What the public knows about cybersecurity quiz

Most Americans don’t know much about Cybersecurity – And you?

I did the quiz. My score was 9 out of 10. With this result I belong to the top 4% – It’s not only about strong passwords…
A new Pew Research Center survey titled “What the Public Knows about Cybersecurity” tallied responses from more than thousand American adults last year about their understanding of concepts important to online safety and privacy. It shows that Americans are not as good as recognising Phishing mails or determining if the web site where they are entering credit card information is encrypted. We assume that other countries would not perform better.
Pew - Study: What the public knows about Cybersecurity
Only 54% of US internet users are able to identify examples of phishing attacks. Phishing remains a favourite trick for infecting computers with malware and to gain access to the computer. Americans’ understanding of E-Mail and Wi-Fi encryption is also rather mixed. Less than half of internet users are able to correctly identify that the statement “all email is encrypted by default” is false.
Private browsing not really private – Only 4 out of 10 internet users are aware that internet service providers (ISPs) are able to see the sites their customers are visiting while utilizing the “private browsing” mode on their internet browsers. And one-third (33%) are aware that the letter “s” in a URL beginning with “https://” indicates that the traffic on that site is encrypted!
Other findings in the Pew survey:
  • 75 % of participants are able to identify the most secure password from a list of four options.
  • 52 % of people know that turning off the GPS function on smartphones does not prevent tracking. Mobile phones can be tracked via cell towers / Wi-Fi networks.
  • 10 % were able to identify one example of multi-factor authentication when presented with four images of online login screens.

LUCY Server makes Phishing Simulations and Cybersecurity education available and affordable to everybody. A free Community Edition can be downloaded from lucysecurity.com/download. Hunderts of customers trust LUCY!

Big Update: Awareness Training and Phishing Attack Templates 02/2017 – IT Security Training reloaded!

Phishing Awareness Content Templates for LUCY Server 01/2017

Phishing Awareness and Attack Scenario Update 01/2017 – Lot of new or improved content!

LUCY Phishing Software Java Dropper for Awareness Training

11 Great Things LUCY Phishing Software 2017

Setup Phishing attack – Your first Phishing simulation

Setup a Phishing attack within minutes due template based wizards. If you want to find out how vulnerable your people are to Phishing scams , you should choose LUCY Community Edition (free). Watch the screencast.

Setup phishing attack: When you use a best practice template together with the wizard mode, you will have your phishing email set up instantly. When you choose a scenario with a landing page you can also base on a best practice site template. This html-page can be adapted to your need directly using the graphic editor in LUCY.  Before launching the campaign you need to add address groups containing the recipients of your phishing attack. After minutes your are ready to run your first phishing campaign in order to train your employees. Watch the screencast “Set up a Phishing Attack – your first phishing simulation” below  (Sorry for the strong accent 😉 )


Keep it simple stupid, phisher!
Please take note: If your employees are new to the topic of phishing (simulations), please start with simple campaigns! Make it a game or a competition and try that most people are successful in spotting your simulations, at least at the beginning.

Setup Phishing attack – Screencast:

Setup Phishing Attack with LUCY and start your first simulation

Video: Setup Phishing attack with LUCY

If you want to know more about set up Phishing Attacks please refer to our Manual available on the Support Wiki: 

Before set up of the phishing attack – Preliminary tasks

If you need to download and to install LUCY first, then

  1. Get VMware, Oracle Virtual Box or similar
  2. Download LUCY here it’s done in minutes and the Community Edition comes free
  3. Watch the screencast: Install LUCY  from scratch

What is LUCY Phishing and Infrastructure Test Server?

LUCY is a Phishing, Training and Tech Assessment solution. It can be installed on premise or in the cloud. It enables you to run

  • Fake Phishing / Smishing / Bad-USB scams
  • IT-Security awareness trainings and increase knowledge against Social Engineering
  • IT-Infrastructure assessments and Technology tests
  • Fake ransomware simulations

We have more than 2’400 active installations so far. For more information please refer to http://www.lucysecurity.com .  LUCY Security – Increase IT Security and maintain Cybersecurity Awareness.