Top Ten Phishing Emails based on customer surveys

The 10 most effective phishing mails for employee sensitization [customer experience sharing]

Simple = Effective. For the top 10 Phishing Emails a simple formula obviously applies when it comes to the question of which phishing simulations are the most effective. During the LUCY User Conference 2018, a survey was conducted among the participating customers to find out which is the best or most effective phishing campaign.

The 10 best phishing mails for the employees are all simply structured. Nevertheless, even with repeated use, high ‘penetration rates’ are achieved. These are the top 10 phishing mails used by the LUCY user community:

  • Private files found on the computer that will soon be deleted
  • Unauthorized files on your drive moved to quarantine
  • E-Fax Phishing scenario with your own company logo.
  • GDPR / DSGVO – Information or confirmation letter
  • Near-time use of security incidents from the real world such as ‘Your data in the Ecofax data breach.
  • Company events such as ‚Your personal data for the preparation of the office move’.
  • Survey-based phishing attacks, especially the HR survey
  • Discounted or free offers (e.g. use Microsoft licenses for home use)
  • New bonus calculation for employees
  • Login masks of all kinds, in particular the Office 365© Login
  • Quarantined unauthorized files on your drive


Top Ten Phishing Emails based on customer surveys

According to customer statements, these are two of the most effective phishing templates for employee cybersecurity sensitization: bonus campaigns (fitness subscription) or the e-Fax scenario.

Hundreds of such templates in the Lucy software – so to speak for all above mentioned Top 10 Phishing Mails there is a template in LUCY! The simulated phishing attack is set up in no time, is always available in several languages and can be completely individualized, regardless of whether you prepare the campaign yourself or have it handled by a third-party provider (or even by LUCY Security itself).

Discover a small extract of the effective phishing mails from LUCY! With the large ‘Content Update 2018’, more than 150 new attack and training templates are available to you in one fell swoop. Click here for the table of contents.

Or download our Free Software here


It's done in two minutes - create a phishing scam simulation with LUCY. A webcast

Create and Execute a Phishing Scam in 2 Minutes – Simulations with LUCY

Setup Phishing attack – Your first Phishing simulation

Setup a Phishing attack within minutes due template based wizards. If you want to find out how vulnerable your people are to Phishing scams , you should choose LUCY Community Edition (free). Watch the screencast.

Setup phishing attack: When you use a best practice template together with the wizard mode, you will have your phishing email set up instantly. When you choose a scenario with a landing page you can also base on a best practice site template. This html-page can be adapted to your need directly using the graphic editor in LUCY.  Before launching the campaign you need to add address groups containing the recipients of your phishing attack. After minutes your are ready to run your first phishing campaign in order to train your employees. Watch the screencast “Set up a Phishing Attack – your first phishing simulation” below  (Sorry for the strong accent 😉 )

Keep it simple stupid, phisher!
Please take note: If your employees are new to the topic of phishing (simulations), please start with simple campaigns! Make it a game or a competition and try that most people are successful in spotting your simulations, at least at the beginning.

Setup Phishing attack – Screencast:

Setup Phishing Attack with LUCY and start your first simulation

Video: Setup Phishing attack with LUCY

If you want to know more about set up Phishing Attacks please refer to our Manual available on the Support Wiki: 

Before set up of the phishing attack – Preliminary tasks

If you need to download and to install LUCY first, then

  1. Get VMware, Oracle Virtual Box or similar
  2. Download LUCY here it’s done in minutes and the Community Edition comes free
  3. Watch the screencast: Install LUCY  from scratch

What is LUCY Phishing and Infrastructure Test Server?

LUCY is a Phishing, Training and Tech Assessment solution. It can be installed on premise or in the cloud. It enables you to run

  • Fake Phishing / Smishing / Bad-USB scams
  • IT-Security awareness trainings and increase knowledge against Social Engineering
  • IT-Infrastructure assessments and Technology tests
  • Fake ransomware simulations

We have more than 2’400 active installations so far. For more information please refer to .  LUCY Security – Increase IT Security and maintain Cybersecurity Awareness.