Posts

The Google Docs Phishing Scam as Mock Phish Scenario

The Google Docs Phishing Attack was highly efficient in the wild. LUCY delivers a Mock Phish scenario based on this attack. The scenario has functions that are not possible with competing products.

The Google Docs Phishing scam in May 2017 was a really efficient one. The google docs phish affected 0.1% of the gmail users. So 1 million accounts (out of approx 1 billion) were affected. That’s why we delivered such a mock phish scenario in LUCY Server:

Google Docs Phishing Scheme as TemplateThe Goggle Docs Phishing SimulationSomeone has shared a document on Goggle Docs with the recipient. This attack template offers a web based login and a download section for a Office-Document with a Macro. The download can be tracked and the Macro additionally reports back to LUCY upon opening.

We’re especially proud of this scenrio not only because it reflects the latest attack. The special thing is that

a.) It goes a step further than the real attack: It contains a custom word file which is compiled in LUCY. And

b.) LUCY-Server is able to track more risk levels than any other competitor product:

  • Link click
  • Submitting credentials
  • Downloading Document
  • Opening Document (Other solutions cannot track this 😉 )

About: LUCY-Security is a Swiss company with customers in more than 50 countries. Its product LUCY Server allows companies to perform realistic cyber attack simulations. At the same time, customized awareness programs and incident alerting tools can be used to increase cyber security. For the first time, the LUCY server makes cyber prevention in the form of a standardized product affordable for all. Customers can now test and improve their IT security without special knowledge! For more information please call Palo under +41 44 557 19 37 or write him a mail under palo (a t) lucysecurity (d ot) com. Thank you.

 

Setup Phishing attack – Your first Phishing simulation

Setup a Phishing attack within minutes due template based wizards. If you want to find out how vulnerable your people are to Phishing scams , you should choose LUCY Community Edition (free). Watch the screencast.

Setup phishing attack: When you use a best practice template together with the wizard mode, you will have your phishing email set up instantly. When you choose a scenario with a landing page you can also base on a best practice site template. This html-page can be adapted to your need directly using the graphic editor in LUCY.  Before launching the campaign you need to add address groups containing the recipients of your phishing attack. After minutes your are ready to run your first phishing campaign in order to train your employees. Watch the screencast “Set up a Phishing Attack – your first phishing simulation” below  (Sorry for the strong accent 😉 )


Keep it simple stupid, phisher!
Please take note: If your employees are new to the topic of phishing (simulations), please start with simple campaigns! Make it a game or a competition and try that most people are successful in spotting your simulations, at least at the beginning.

Setup Phishing attack – Screencast:

Setup Phishing Attack with LUCY and start your first simulation

Video: Setup Phishing attack with LUCY

If you want to know more about set up Phishing Attacks please refer to our Manual available on the Support Wiki: 

Before set up of the phishing attack – Preliminary tasks

If you need to download and to install LUCY first, then

  1. Get VMware, Oracle Virtual Box or similar
  2. Download LUCY here it’s done in minutes and the Community Edition comes free
  3. Watch the screencast: Install LUCY  from scratch

What is LUCY Phishing and Infrastructure Test Server?

LUCY is a Phishing, Training and Tech Assessment solution. It can be installed on premise or in the cloud. It enables you to run

  • Fake Phishing / Smishing / Bad-USB scams
  • IT-Security awareness trainings and increase knowledge against Social Engineering
  • IT-Infrastructure assessments and Technology tests
  • Fake ransomware simulations

We have more than 2’400 active installations so far. For more information please refer to http://www.lucysecurity.com .  LUCY Security – Increase IT Security and maintain Cybersecurity Awareness.