Posts

An e-Fax Phishing Scam with a trackable PDF File [Video]

Check whether and how many users download a supposed E-fax in PDF format and open it if necessary.

At the turn of the millennium, many companies banned the physical fax machine from the offices and instead introduced fax servers with mail functions. Since then, the number of fax messages sent has fallen almost to zero. Such seldom-used business functions are a popular attack vector for cybercriminals. The eFax attack template with integrated, traceable PDF file is one of the most popular scenarios of the LUCY Cyber Prevention Server. We show in a short video how to configure a phishing campaign and how to track the file download.

This campaign can be carried out with any version of LUCY, including the free Community Edition. The process is completely harmless and no confidential data will be sent to third parties.

Why does the scenario use a landing page for the ‘fax’? This is due to the fact that a PDF does not have a function that allows tracking as long as the end customer does not use a vulnerable PDF reader. The only way to track whether a PDF has been downloaded is to embed the file in a web page.

Further highlights of the LUCY software

  • In addition to phishing tests, the solution also allows comprehensive training of employees with many templates.
  • Local and cloud installation possible
  • LUCY’s Phishing Alarm Button allows easy notification in case of suspicion.
  • The Incident Console in LUCY automatically calculates an Email Risk Score and informs the end user about the risk potential of the reported message.
  • Prefabricated malware simulations show you to what extent an attack on your network would be successfulThe malware simulation also provides tips on how to fix any weak points.
  • You always remain in control of your data, no information is transmitted to third parties!
  • Complies with GDPR

 


or download LUCY here.

 

Longer and shorter videos for employee awareness education (and trackable)

Trackable educational IT security awareness videos with various durations from LUCY Security are included in all commercial editions of its Software.

Longer Videos for initial trainings and short videos for skilled workers! LUCY Security is aware that customers have individual needs. That’s why LUCY Best Practice Training Videos for employee education are rolled out in a long and in a short version. Today we present two recently added videos:

  • Secure Internet Usage Video (Long / Short)
  • Secure Social Media Usage Video (Long / Short)

Secure Social Media Usage Video: The content (animation, language, script) is customizable. The long video takes 5.4 Minutes and the short version is only one minute long.

In the second featured rich media training we talk about secure internet usage. Also here the content (animation, language, script) is customizable. The long version is 4.3 Minutes and the short one is one Minute long.

Video Statistics available

Who watched how long? These awareness training templates provide statisticial insights. They are reported in the dashboards as well in the campaign reporting.

Setup Phishing attack – Your first Phishing simulation

Setup a Phishing attack within minutes due template based wizards. If you want to find out how vulnerable your people are to Phishing scams , you should choose LUCY Community Edition (free). Watch the screencast.

Setup phishing attack: When you use a best practice template together with the wizard mode, you will have your phishing email set up instantly. When you choose a scenario with a landing page you can also base on a best practice site template. This html-page can be adapted to your need directly using the graphic editor in LUCY.  Before launching the campaign you need to add address groups containing the recipients of your phishing attack. After minutes your are ready to run your first phishing campaign in order to train your employees. Watch the screencast “Set up a Phishing Attack – your first phishing simulation” below  (Sorry for the strong accent 😉 )


Keep it simple stupid, phisher!
Please take note: If your employees are new to the topic of phishing (simulations), please start with simple campaigns! Make it a game or a competition and try that most people are successful in spotting your simulations, at least at the beginning.

Setup Phishing attack – Screencast:

Setup Phishing Attack with LUCY and start your first simulation

Video: Setup Phishing attack with LUCY

If you want to know more about set up Phishing Attacks please refer to our Manual available on the Support Wiki: 

Before set up of the phishing attack – Preliminary tasks

If you need to download and to install LUCY first, then

  1. Get VMware, Oracle Virtual Box or similar
  2. Download LUCY here it’s done in minutes and the Community Edition comes free
  3. Watch the screencast: Install LUCY  from scratch

What is LUCY Phishing and Infrastructure Test Server?

LUCY is a Phishing, Training and Tech Assessment solution. It can be installed on premise or in the cloud. It enables you to run

  • Fake Phishing / Smishing / Bad-USB scams
  • IT-Security awareness trainings and increase knowledge against Social Engineering
  • IT-Infrastructure assessments and Technology tests
  • Fake ransomware simulations

We have more than 2’400 active installations so far. For more information please refer to http://www.lucysecurity.com .  LUCY Security – Increase IT Security and maintain Cybersecurity Awareness.