Top Ten Phishing Emails based on customer surveys

The 10 most effective phishing mails for employee sensitization [customer experience sharing]

Simple = Effective. For the top 10 Phishing Emails a simple formula obviously applies when it comes to the question of which phishing simulations are the most effective. During the LUCY User Conference 2018, a survey was conducted among the participating customers to find out which is the best or most effective phishing campaign.

The 10 best phishing mails for the employees are all simply structured. Nevertheless, even with repeated use, high ‘penetration rates’ are achieved. These are the top 10 phishing mails used by the LUCY user community:

  • Private files found on the computer that will soon be deleted
  • Unauthorized files on your drive moved to quarantine
  • E-Fax Phishing scenario with your own company logo.
  • GDPR / DSGVO – Information or confirmation letter
  • Near-time use of security incidents from the real world such as ‘Your data in the Ecofax data breach.
  • Company events such as ‚Your personal data for the preparation of the office move’.
  • Survey-based phishing attacks, especially the HR survey
  • Discounted or free offers (e.g. use Microsoft licenses for home use)
  • New bonus calculation for employees
  • Login masks of all kinds, in particular the Office 365© Login
  • Quarantined unauthorized files on your drive


Top Ten Phishing Emails based on customer surveys

According to customer statements, these are two of the most effective phishing templates for employee cybersecurity sensitization: bonus campaigns (fitness subscription) or the e-Fax scenario.

Hundreds of such templates in the Lucy software – so to speak for all above mentioned Top 10 Phishing Mails there is a template in LUCY! The simulated phishing attack is set up in no time, is always available in several languages and can be completely individualized, regardless of whether you prepare the campaign yourself or have it handled by a third-party provider (or even by LUCY Security itself).

Discover a small extract of the effective phishing mails from LUCY! With the large ‘Content Update 2018’, more than 150 new attack and training templates are available to you in one fell swoop. Click here for the table of contents.

Or download our Free Software here


The Google Docs Phishing Scam as Mock Phish Scenario

The Google Docs Phishing Attack was highly efficient in the wild. LUCY delivers a Mock Phish scenario based on this attack. The scenario has functions that are not possible with competing products.

The Google Docs Phishing scam in May 2017 was a really efficient one. The google docs phish affected 0.1% of the gmail users. So 1 million accounts (out of approx 1 billion) were affected. That’s why we delivered such a mock phish scenario in LUCY Server:

Google Docs Phishing Scheme as TemplateThe Goggle Docs Phishing SimulationSomeone has shared a document on Goggle Docs with the recipient. This attack template offers a web based login and a download section for a Office-Document with a Macro. The download can be tracked and the Macro additionally reports back to LUCY upon opening.

We’re especially proud of this scenrio not only because it reflects the latest attack. The special thing is that

a.) It goes a step further than the real attack: It contains a custom word file which is compiled in LUCY. And

b.) LUCY-Server is able to track more risk levels than any other competitor product:

  • Link click
  • Submitting credentials
  • Downloading Document
  • Opening Document (Other solutions cannot track this 😉 )

About: LUCY-Security is a Swiss company with customers in more than 50 countries. Its product LUCY Server allows companies to perform realistic cyber attack simulations. At the same time, customized awareness programs and incident alerting tools can be used to increase cyber security. For the first time, the LUCY server makes cyber prevention in the form of a standardized product affordable for all. Customers can now test and improve their IT security without special knowledge! For more information please call Palo under +41 44 557 19 37 or write him a mail under palo (a t) lucysecurity (d ot) com. Thank you.


Big Update: Awareness Training and Phishing Attack Templates 02/2017 – IT Security Training reloaded!

Phishing Awareness Content Templates for LUCY Server 01/2017

Phishing Awareness and Attack Scenario Update 01/2017 – Lot of new or improved content!