Posts

LUCY Security Awareness Posters for free download

Free Security Awareness Posters for your personal usage

Nearly 70 new educational posters for printing and hanging – freely modifiable and available in two different versions. This is simple and effective employee sensitisation for security awareness.

educational awareness poster for free usage - photo

Educational Poster: Photo

educational awareness poster for free usage - illustration

Educational Poster: Illustration

The LUCY Software contains the posters also in the source format (Adobe Illustrator). You can revise and modify the posters according to your ideas. It’s that simple!

Two versions: The posters are available as illustrations and as photo posters. If you would like to edit the poster in the LUCY server or process it further for printing, please click on the navigation point Content template on the left, then click on the button Upload file or image in the visual editor. In the Image Info tab, click on the search server to download the Adobe Illustrator file.

Bring useful variety to your offices. Hang awareness posters. Change them from time to time. With over 60 templates included for free in the LUCY software, it’s no big deal!

 

 

Free Awareness Posters: Following topics are actually available:

01. Lock your device (Photo)
02. Lock your device (Illustration)
03. Sharing Information (Photo)
04. Sharing Information (Illustration)
05. Identify Theft (Photo)
06. Mobile Device Security (Illustration)
07. Surfing unknown websites (Illustration)
08. Surfing unknown websites (Photo)
09. Don’t share private info (Illustration)
10. protect client’s data (Illustration)
11. Identify Theft (Illustration)
12. Secure your mobile device (Illustration)
13. Verify client’s data (Illustration)
14. Build Security Block by Block (Photo)
15. Protect client’s data II (Illustration)
16. Spot the threat (Illustration)
17. Social Media Security (Photo)
18. Security depends on you (Illustration)
19. Protect patient data (Photo)
20. Secure your mobile device (Photo)
21. Our security depends on you (Photo)
22. Secure Payment (Photo)
23. Monitor transactions (Photo)
24. Protect customer’s data II (Photo)
25. Don’t take the bait (Photo)
26. Don’t take the bait (Illustration)
27. Become a human firewall (Illustration)
28. Become a human firewall (Photo)
29. Verify all transations (Illustration)
30. Impersonating institutions (Photo)
31. Be cautious of phishing (Illustration)
32. Be cautious of phishing 2 (Illustration)
33. Password Security (Illustration)
34. Danger of sharing on social media (Photo)
35. Insecured Wi-Fi (Photo)
36. Spoofing & Phishing (Illustration)
37. Whispering (Photo)
38. Bubble (Illustration)
39. Build Security Block (Illustration)
40. Coffee Shop (Illustration)
41. Call center (Photo)
42. Call center person (Photo)
43. Call center person (Illustration)
44. Bubble (Photo)
45. Card (Photo)
46. Coffee Shop 2 (Photo)
47. Coffee Shop (Photo)
48. Crazy Businessman (Illustration)
49. Private (Illustration)
50. One Device (Photo)
51. Personal Info (Photo)
52. Password Mobile (Illustration)
53. One Device (Illustration)
54. Mobile Device Security (Photo)
55. Protect patient data (Illustration)
56. Password Mobile (Photo)
57. Personal Info (Illustration)
58. Spam 2 (Photo)
59. Spam 2 (Illustration)
60. Spam (Photo)
61. Transaction (Illustration)
62. Sticky Note (Photo)
63. Sticky Note (Illustration)
64. Whispering (Illustration)
65. Transaction (Photo)
66. Identity Theft 2 (Photo)
67. Crazy Businessman (Photo)

At LUCY we are constantly delivering new security awareness content and the updates come for free! 

 

So that’s it  🙂  Keep on enjoying LUCY Server and our Security Awareness Training Content

 or download our free Community Edition here.

 

security awareness training update

Bam! Enjoy 163 new Attack and Training Templates – Unlimited Security Awareness Content

At LUCY we are constantly delivering new security awareness content. And that for free! Now 163 new templates have been added in one go: 20 training videos, 9 other awareness trainings and as many as 134 new attack templates. LUCY rocks! right?

Overview

New attack templates for Phishing Simulations

We have delivered 134 new or updated templates. Why are we adding so many? Because it has been proven that many phishing tests that run simultaneously and are sent out at random have the best sustainable training effect for employees. We also have responded to the various customer requests and now offer new group of attack templates who contain typos from known brand names. This is state of the art Security Awareness Training Content!

20 new training videos

The need for more training modules and especially for rich media security awareness content is unbroken. Our new training videos range from security awareness videos to social media usage. Check them out below!

Arabic and Danish as new (standard) languages

All scenarios of the Security Awareness Training Content are now available in several language versions. The language bar usually looks like this:

arabic as standard phishing template

Today we can safely claim that most of the content is available in Arabic, Danish, Dutch, English, French, German, Italian, Portuguese, Spanish and Turkish! Very often Russian and Ukrainian are added.

Beautiful Free and Editable Security Awareness Posters !

Editable and Free Security Awareness Posters Almost 70 posters are now available for publication. Place it in your office so that your employees always have the relevance of IT security in mind. The security awareness posters are equipped with either an illustration or an attractive photo. And best of all: The posters can be edited with Adobe Illustrator (c) because we provide the source files 🙂

How do I get to the new content?

If you have installed LUCY, you get a message that new content is available and you can download it. Otherwise, you can check in the Settings menu in the Download Updates section whether other new templates can be downloaded.

Can I maintain and develop my own templates?

Of course. LUCY is a standard software that was created for this purpose. This ensures reusability and investment protection. You can create your own attack or awarness training templates.

Details: The 2nd LUCY Security Awareness Content update of this year

Here are 163 new or revised training and phishing attack templates. Have fun testing and training!

 

Educational and Security Awareness Training Content Modules

29 updated or new courses: Enjoy our updated or new Security Awareness Training Content: Video / Quiz / Interactive , Course or Static.

01.) Social Engineering Course – This course helps employees understand the threats of social engineering.

 

 

02.) Email Only – This was a phishing simulation & Tips  This is a template that does not have a web page integrated. The employee is informed about the phishing simulation and receives a few tips on how to better detect such attacks in the future.

 

03.) Email Only – This was a simulation & Tips (Text)  This is a template that does not have a web page integrated. The employee is informed about the phishing simulation and receives a few tips on how to better detect such attacks in the future and where to report them.

 

04.) WIFI Security Course – This wireless security course (5-10 minutes) provides employees with an understanding of the risks associated with wireless networks and how best to protect themselves from them.

 

05.) Security Awareness video:7 Tips (close caption) – In this short 3-minute security awareness video we have put together 7 security tips, which involve best practices and policies that promote security. The video has english subtitles. The content (animation, language, script) is customizable. More info about customization can be found here: https://goo.gl/HXN9SG.

06.) Secure social media usage video (close caption) –In this security awareness video we talk about secure social media usage. The video has English subtitles. The content (animation, language, script) is customizable.

 

07.) Secure Internet usage video (close caption) – In this video we show you how to protect yourself when using the internet. The video has english subtitles. The content (animation, language, script) is customizable.

 

08.) Email Security Video 1.3 (close caption) – In this 9-minute security awareness video, we talk about email security risks. The video has subtitles.The content (animation, language, script) is customizable.

 

09.) Lucy Phishing Video 1.1 (close caption) – This is a 3-minute educational video about phishing attacks. The video has english subtitles. Each video scene can be customized (e.g. custom branding) and translated into additional languages.

 

10.) Mobile Security Awareness Video (close caption) – This short security video gives a few tips regarding the secure usage of mobile devices (mainly smartphones & laptops). The video has english subtitles.

 

11.) Password Security Video (close caption) – In this 5-minute security awareness video we talk about password security risks. We have put together a few security tips about best practices and policies. The video has english subtitles. The content (animation, language, script) is customizable.

 

12.) Physical Security Awareness Video (close caption) – In this 4:20-minute long security awareness video we talk about physical security risks. In addition, we have put together a few security tips, which involve best practices and policies. The video has english subtitles. The content (animation, language, script) is customizable.

 

13.) Social Engineering Video – This video is dedicated to the topic “social enginering”. The content (animation, language, script) is customizable. More info about customization can be found here: https://goo.gl/HXN9SG.

 

14.) Social Engineering Video (close caption) – This video is dedicated to the topic “social enginering”. The content (animation, language, script) is customizable. The video has subtitles.

 

15.) Data Privacy & GDPR Video – This video is dedicated to the topic “data privacy & GDPR”. The content (animation, language, script) is customizable. More info about customization can be found here: https://goo.gl/HXN9SG.

 

16.) Data Privacy & GDPR Video (close caption) – This video is dedicated to the topic “data privacy & GDPR”. The content (animation, language, script) is customizable. The video has subtitles.

 

17.) Identity theft video – This video is dedicated to the topic “identity theft”. The content (animation, language, script) is customizable.

 

 

18.) Identity theft video (close caption)  This video is dedicated to the topic “identity theft”. The content (animation, language, script) is customizable. The video has subtitles.

 

 

19.) WI-FI security video – This video is dedicated to the topic “Secure Wi-Wi”. The content (animation, language, script) is customizable.

 

 

20.) WI-FI security video (close caption) – This video is dedicated to the topic “Secure Wi-Fi”.
The content (animation, language, script) is customizable. The video has subtitles.

 

21.) Workplace Security Awareness Video – This video is dedicated to the topic “workplace security”.
The content (animation, language, script) is customizable.

 

22.) Workplace Security Awareness Video (close caption) – This video is dedicated to the topic “workplace security”. The content (animation, language, script) is customizable. The video has subtitles.

 

23.) PCI Security Awareness Video – This video is dedicated to the topic “PCI Security Awareness”. The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards. The content (animation, language, script) is customizable.

 

24.) PCI Security Awareness Video (close caption) – This video is dedicated to the topic “PCI Security Awareness”. The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards. The content (animation, language, script) is customizable. This video has subtitles.

 

25.) Password Security Video -SHORT (close caption) – In this 1-minute security awareness video we talk about password security risks. We have put together a few security tips about best practices and policies. The video has english subtitles. The content (animation, language, script) is customizable.

 

26.) Email Security Video – SHORT (close caption)  In this 1-minute security awareness video, we talk about email security risks. The video has subtitles.The content (animation, language, script) is customizable.

 

27.) Physical Security Video – SHORT (close caption) – In this 1-minute long security awareness video we talk about physical security risks. In addition, we have put together a few security tips, which involve best practices and policies. The video has english subtitles.

 

28.) Comprehensive security course – Topics in this course include “SHOULDER SURFING”, “PORTABLE MEDIA ATTACKS”, “VISHING (COLD CALLING)”, “CLEAR DESK POLICY”, “PHYSICAL SECURITY”, “VISITORS AND IN-PERSON INTERACTION”, “SOCIAL ENGINEERING”, “PASSWORD SECURITY”, “SECURE BROWSING”, “SECURE SOCIAL NETWORKING”, “USING PUBLIC WI-FI’S”, “MOBILE SECURITY”. Please note the different configuration options in readme.html.

 

29.) Awareness Training Library – THIS IS A WHOLE VIDEO LIBRARY – This template offers the possibility to link all existing LUCY training modules in a directory. The end user can then put together his desired training modules himself on an overview page. This is our biggest collection of Security Awareness Training Content so far!

 

 or download our free Community Edition here.

 

134 new and updated Attack Scenarios / Phishing Templates

1.) Free Bitcoins – The user is offered free bitcoins.

 

 

 

2.) Message – The scenario represents a typical communication attempt by a messaging service.

 

3.) Open position (resume enclosed) – Blind applications are a common tool used by attackers to get HR staff to download dangerous content from the Internet.

 

 

4.) Reset your google password – The user is informed that during a random check in the Darknet, you have found his login data and an attacker can misuse it to gain access to his google account.

 

 

5.) Visit to your city – This is a real example of a Russian dating scam that took place a few years ago.

 

 

6.) DHL Shipping confirmation (image only) – This is an example of a real attack that was carried out in the past on behalf of DHL. To get past possible SPAM filters, there is no text in the email, only an image which is linked.

 

7.) Message is only partially downloaded (image only) – This email specifies that the content cannot be displayed. The user is asked to click on a link to download the message. To get past a possible spam filter, only an image is used instead of text.

 

8.) LinkedIn Invitation – Because LinkedIn has become one of the most popular professional online networks, it has become a victim of occasional online scams. Scammers send LinkedIn users emails that appear to be from LinkedIn but are not. This is a typical real life example of such a scam. The logo and name are not modified in this template.

 

9.) Zoom Meeting Invitation – The employee is invited by a colleague from the HR department to a spontaneous zoom meeting to clarify suspicious surfing activities on his PC. The template uses the same formatting and wording as the original.

 

10.) Airbnb illegal activity reported – In this email, the user will be informed that an illegal activity has been detected on Airbnb’s behalf and will be reported to the authorities if necessary. These types of messages play on the user’s curiosity and fear.

 

11.) Instagram Password Reset – This scenario is a typical example of a fraud attempt, in which the user is led to believe that his password has been changed by a third party.

 

 

12.) Facebook notification missed from friends – This is a typical example of an attack in which the user is notified about missed activities of his friends. The logo and name were not adapted in this scenario to make detection more difficult.

 

13.) Facebook: See who liked your page – Most users of social media are by nature curious. They are interested in learning what is going on with their friends, their communities and the world at large. Unfortunately, scammers understand this curiosity and exploit it in an attempt to lure users into clicking on fake messages like this one.

 

14.) Cisco’s Webex – Meeting in progress! This attack scenario gives the user the impression that a WebEx Online Meeting is taking place on their behalf. This scenario adopts the typical features of such an invitation without deliberate errors in the logo or name.

 

15.) Xing Contact Request – Unlike an email address, the business plattform Xing reveals considerable information to scammers because your profile is the digital version of you. This is often used by scammers in the context of contact inquiries, which aim at the curiosity of the user.

 

16.) PayPal suspicious activity on the account – PayPal customers are constantly being targeted in phishing attack. In one of the most pouplar, criminals are distributing fraudulent emails claiming that PayPal has noticed suspicious activity on your account. The emails claim that PayPal has detected a successful sign in from an unrecognised device and you must therefore secure your account before it can be used again.

17.) LinkedIn: Account blocked due to inactivity –This scam first occurred in 2012, when Russian hackers collected and leaked millions of LinkedIn users’ passwords. These scammers send you a fake email, pretending to be the LinkedIn administrative team. The email pretends your LinkedIn account has been blocked due to inactivity. This is security awareness training based on real world examples!

18.) iTunes account confirmation – This attack variant against apple user was first observed in 2016. There have been reports of emails that appear to be from the Apple Store, asking the user to confirm his email to avoid the account from being blocked.

 

19.) LinkedIn – Policy Violation  The user is informed that his profile has been reported by another user due to violations of the general conditions. This example corresponds to a real phishing attack as observed a few years ago.

 

20.) Amazon – your account has been updated  In the past, Amazon users have been persuaded to click on a link using this type of phishing attack. In this scenario it is pretended that another user has changed the email address of the legitimate account owner.

 

21.) Dropbox – Account will be suspended  If there’s no activity on a users Dropbox account for an extended period of time, Dropbox will notify the account owner in an email. In the past, this pattern has often been used by attackers to gain access to user logins.

 

22.) Happy Easter Greeting Card as a phishing attack
A simple but effective security awareness training: Happy Easter Greeting Card as phishing simulation.

 

23.) SAP – The user is invited via mail to access the SAP account just created. This is a great software specific Security Awareness Training Content Template.

 

 

24.) Sharepoint Invitation
Websites in Sharepoint may be shared with external or internal users using this type of invitation.

 

25.) Sharepoint Login –Websites in Sharepoint may be shared with external or internal users using this type of invitation. The recipient will be able to login to a Sharepoint Website which is undergoing some technical maintenance.

 

26.) Netflix Account on hold – This is a replica of a real Netflix phishing attack from 2018, which uses character spacing to trick spam filters. This is a typical example of a mediocre attack email that contains some visual errors.

 

27.) Twitter
Your company is mentioned in WikiLeaks! A twitter message pretending that your company is mentioned in an article at wikileaks.

 

28.) SAP Login
 The user is invited via mail to access the SAP account just created. The fake SAP portal allows the user to login with his windows username and password.

 

29.) Amazon Prime Bonus Scam – In 2017, criminals were sending mass emails that appear to have come from Amazon and thank recipients for making purchases on Amazon’s “Prime Day”. The emails then invite recipients to go to the Amazon website to “write a review” and receive a special $50 “bonus” credit for doing so.

30.) Happy Valentine’s Greeting Card, attack template for phishing simulations 
A simple Happy Valentine’s Greeting Card as phish test template.

 

 

31.) Happy Mother’s Day Greeting Card – Nothing to add here, dear Mum 😉

 

 

32.) Happy Halloween Greeting Card – Happy Halloween Greeting Card.

 

 

33.) Happy Christmas Greeting Card – And last but not least a Happy Christmas Greeting Card as phishing simulation template.

 

 

34.) Microsoft Office 365 Online Login
The message asks the user to login to his/her “Microsoft Office 365” account. The login will generate an error.

 

35.) Citrix Login
In this template the user has the ability to log in and access his/her company’s work environment via Citrix

 

36.) Private Message – enter code to open it   In this template, which corresponds to a real message service with email encryption, the user is asked to enter his email address and a code (this is included in the message) on a web page.

 

37.) Join Skype – Business Meeting Invitation to a Skype Business Meeting.

 

 

38.) Join Skype Business Meeting (Web Login)
Invitation to a Skype Business Meeting. Login with Windows Credentials.

 

 

39.) Cisco’s Webex – meeting in progress (web login) – This attack scenario gives the user the impression that a WebEx Online Meeting is taking place on their behalf. The user can participate the meeting using his email adress and birth date as an authentication
mechanism.

 

40. – 106.) – Editable Security Awareness Posters – Informative and decorative educational posters increase security awareness. Editable and Free Security Awareness PostersThere are now 67(!) such posters available. They can all be edited and customized using Adobe Illustrator.
Usually two different types are available: As an illustration or photo poster.

 

107.) Windows Update
A new Windows Update is available and tries to trick the user for downloading it.

 

 

108.) Corporate WhatsApp Group
The user will be asked to register on a WhatsApp page of the company to join the new group.

 

 

109.) Outlook to Office365 Migration – As part of a transition from Outlook 2010 to the cloud-based Office365 environment, this scenario asks all employees to register on a new environment located at “login.microsoftonline.com”.

 

110.) Employee of the Month
A new offer enables employees to vote for a candidate who deserves recognition for his or her outstanding achievements.

 

111.) Google Leaks – The company informs the employees that their corporate network credentials have been breached and they should make a Google Search to find out whether their credentials are stolen or not.

 

112.) LinkedIn Company Profiles
The recipient is informed that the HR department has migrated all employee profiles to a newly created company page on LinkedIn in the last few months.

 

113.) BYOD, Open VPN Access
In this scenario, employees can use a new web based SSL VPN login portal to get access with their personal devices to all internal business applications.

 

114.) SSL VPN Compability Check (Netscaler)
In this scenario, the user is prompted to connect his remote workstation to the company network. A compatibility check of the computer with an executable file is also performed. The design is based on a Citrix Netscaler access.

 

115.) UPS Exception Notification – This is a copy of a real UPS attack example gathered from LUCY’s phishing monitoring service.

 

 

116.) Twitter “Corporate” – The user receives a notification that his company has set up a Twitter channel exclusively for all employees. He can keep up to date and receive the latest news about new entries, contests, company events, etc. in real time.

 

117.) NetScaler Unified Gateway SSL VPN
By using a new web-based SSL VPN login portal, employees have access to all internal business applications that allow them to work from a remote location.

 

118.) Facebook Company Page
The employee gets invited to join his company’s facebook page.

 

 

119.) PayPal Open Invoice

The recipient receives an invoice from a seller for a three-digit amount. To view the invoice, the user must login with PayPal. This attack is based on similar attacks observed by our research team in the past.

120.) Email in quarantine – This is an original copy of a phishing attack observed in 2018 by our research team, in which the user is tricked into picking up his quarantined email.

 

 

 

121.) Email in quarantine with Login Page – This is an original copy of a phishing attack observed in 2018 by our research team, in which the user is tricked into picking up his quarantined email.

 

122.) Employee Survey HR Portal – The employee is asked to log on to an HR portal to take part in an internal survey. One of the oldest and most efficient Security Awareness Training Content Templates has been revamped here.

 

 

123.) Netflix – Payment was rejected – This real phishing attack was registered by our reserach team in May 2018. In this attack, the user is informed that his payment method was rejected. This is an example of a better formulated attack with correct grammar and visual elements.

 

124.) F5 VPN Access – In this web-based scenario a VPN access of the company F5 is simulated. The user is asked to enter his user name, password and also his token code.

 

 

125.) Password Check for MS Windows – This extended password check shows the user how secure his password is during input. It is intended to test Windows(c) passwords. As soon as the user enters a password with more than 6 characters, it is transmitted to LUCY.

 

126.) Job Offer
The employee is contacted personally and made aware of a position that would fit his or her profile. This is still an efficient Security Awareness Training Content!

 

127.) Illegal license detected on your PC
 The user is informed that there is an illegal copy of software on his PC and that he must log in to check it.

 

128.) Bitcoin – Trade with a 500 USD starting balance  The user receives a starting credit of USD 500, which he can invest in Bitcoin in a predetermined period of time free of charge on a trading platform.

 

129.) Bad Employer Rating – A negative assessment of the employer has been published. This is a simple but efficient Security Awareness Training Content Template.

 

 

130.) Affordable car leasing for employees – Employees can lease a company car for a fraction of the original cost.

 

 

131.) Leak Alert: Verify your phone number – In this database of stolen records, the user can check if his phone number is being misused in any way.

 

 

132.) DocHub – Please Review Invoice  “Carl Mc Gregor” sends the recipients an invoice to review and complete.

 

 

133.) Melani – Swiss Reporting and Analysis Centre  Reporting and Analysis Centre for Information Assurance (MELANI) has been commissioned by the Federal Council to protect critical infrastructure in Switzerland. In this template the user receives an email about a possible data leak.

 

134.) Your expenses have been denied (SAP) – The user is informed that his submitted expenses have not been accepted.

 

 

So that’s it  🙂  Keep on enjoying LUCY Server and our Security Awareness Training Content

 or download our free Community Edition here.

 

LUCY Content Update 2018 with more than 165 new scenarios

165+ new and revised Phishing Test and Attack Training Templates – Large Awareness Content Update I/2018

Others require you to pay for new or individual attack and training templates. At LUCY, new Phishing tests, training courses or even videos are always included in the basic price! We show the highlights of the more than 165 new templates of the current content update I/2018. What is included in the Big Content Update?

New attack scenarios for Phishing Tests

We have delivered over 30 completely new new scenarios. It has been proven that many phishing tests that run simultaneously and are sent out at random have the greatest sensitizing benefit for employees. This is one of the reasons why the need for simpler’ hyperlink-based’ attack scenarios remains high. That’s why we added about a dozen new hyperlink scenarios. We also have responded to the various customer requests and now offer a’ hyperlink’ variant of some existing ‘web-based’ scenarios (these are the scenarios with landing page). In terms of content, customers report to us that phishing tests around the topics

  • Security alerts
  • Microsoft / Outlook 365 ©
  • notifications for any registrations on web platforms and
  • Smartphone / iPhone © Contests

Still achieve high victim rates (successful phishing simulations). This is why we have delivered further Best Practice templates in these areas.

New training templates

The need for more training modules is unbroken. Our new training modules range from interactive GDPR courses, new or revised videos to simple PDF onepagers.

Significantly more languages

All scenarios are now available in several language versions. The language bar usually looks like this:

Available Standard Languages Phishing Test and Awareness Modules

Languages supported out of the box

Today we can safely claim that most of the content is available in Dutch, English, French, German, Italian, Portuguese, Spanish and Turkish! Very often Russian and Ukrainian are added.

How do I get to the new content?

If you have installed LUCY, the newly available content is automatically reported to you. Otherwise, you can check in the Settings menu in the Download Updates section whether other new templates can be downloaded.

Can I maintain and develop my own templates?

Major customers such as Robert Bosch make intensive use of this functionality. International consulting firms maintain their own phishing templates, which are adapted and maintained on an ongoing basis for each country. LUCY is a standard software that was created for this purpose. This ensures reusability and investment protection.

Examples of the LUCY Awareness Content Update I/2018

Below we show you excerpts from the more than 165 new or revised training and phishing test contents. Have fun testing and training!

or download our free Community Edition here.

Educational and Training Modules

GDPR Course or TrainingGeneral Data Protection Regulation (GDPR) – This interactive e-learning course for employees introduces the GDPR and the key compliance obligations for organizations. It also aims to provide a complete foundation on the principles, roles, responsibilities and processes under the regulation.

 

LUCY Phishing VideoLucy Phishing Video (with Tracking Option) – This is our most successful 3-minute educational video about phishing attacks, shown in English, Spanish, German, Italian and French. Each video scene can be customized (e.g. custom branding) and translated into additional languages. See: http://phishing-server.com/PS/doc/dokuwiki/doku.php?id=create_a_custom_e-learning_video . This video allows you to track if the user watched the content.

Ohne Pager Training Phishing Awareness One Pager Phishing Awareness (responsive | 1.2) – This is a static one page long phishing awareness html template. It works with a min resolution of 360 pixels.

 

 

PDF Infoflyer for educational it-awareness purposesPDF Infoflyer – A one-page phishing awareness flyer (PDF) is embedded in this static web page. The editable word template is located within this scenarios template folder. After you make desired changes to the word file, please save it as a PDF with the name “info.pdf” and upload back to your LUCY instance using the file manager within this template. All content is 100 % customizable.

 

Phishing Security Exam V1.3 Phishing Security Exam (Version 1.2) – In this short interactive exam the user is asked a few multiple choice questions in order to test their knowledge regarding phishing. Duration: 10Minutes

 

 

Phisical Security CoursePhysical Security Course 1.2 – In this short security course, the user is presented a few facts about common threats and countermeasures regarding physical security (unattended devices, shoulder surfing, portable media devices, disposal of sensitive information, visitors, etc).

 

Secure Internet Usage Video Secure internet usage video – In this security awareness video we talk about secure internet usage. The content (animation, language, script) is customizable. More info about customization can be found here: https://goo.gl/HXN9SG .

 

Workplace Security CourseWorkplace Security Course – This course takes approximately 30 Minutes to complete. Upon completion of Workplace Security Awareness, employees and managers will be able to: Identify potential risks to workplace violence, describe measures for improving workplace security & determine the actions to take in response to a security situation.It is a long course requiring a superior skill leve.

 

New and updated Attack Scenarios / Phishing Templates

 

Bizarre News Phishing TestBizarre News – Some bizarre news article asking the user to click the link for more details

 

 

Confirmatin Social Media Profile as Phishing TestConfirmation Social Media Profile (hyperlink only) – A social media provider informs the recipient that a profile under his/her name has been created.

 

 

Contest as a phishing test

Contest (Link Only) -In this hyperlink scenario, people can participate in a contest to win a trip to Paris. This is one of the simplest templates but it is still effective. That’s why we reworked it and added some more languages.

 

 

 

Win an Iphone as a Phishing TestContest II – Win an IPHONE 8 v1.1 – As a part of a special promotion, the recipient can win an IPHONE 8 by registering with his/her company account.

 

 

Cutest Animals as Phishing TestCutest Animals – These animals were voted top 10 cutest in the world. The user is asked to click on the link to see full list

 

 

Dating Site Confirmation as Phishing TestDating Site Confirmation (Ladies) – An email that confirms subscription for a dating site and presents a few matching profiles. This template is intended for the male audience.

 

 

Tinder Confirmation as Phishing TestDating Site Confirmation (Gentlemen) – An email message that confirms subscription for a dating site and presents a few matching profiles. This template is intended for the female audience.

 

 

Dropbox as Phishing TestDropbox (Hyperlink Only) – In this hyperlink scenario the user is informed that a document on “DropoBox” is ready for download.

 

 

Email in Quarantine as Phishing TestYour action is required: email in quarantine 1.1 – This template is made to look like an innocuous spam quarantine message – something most people are used to seeing, but don’t pay a lot of attention to and wouldn’t necessarily question. It’s also preying on the user’s sense of curiosity, by saying you have quarantined messages, but not showing what they are. Once the user is logged in, he/she can download a PDF error report. The download can be tracked by the LUCY admin.

 

Email Access Restrictions as Phishing TestEmail Internet Access Restrictions -Using a new email security filter, the user is informed that his internet access will be fully or partially restricted.

 

 

Encrypted Email as Phishing TestEncrypted Mail (Download Only) – Encrypted e-mail access. The user is asked to download an encrypted e-mail message in an MS-Office © document.

 

 

Final notice as Phising TestFinal notice: unpaid services – You get afinal notice. A payment has not been received, and thus the account remains past due.

 

 

Funny IQ test as mock phish scenarioFunny IQ Test (Hyperlink only) – A hyperlink based scenario with a common IQ test question.

 

 

 

Funny IQ Test as Phishing SimulationFunny IQ Test Webpage – A web based scenario with a few common IQ test question.

 

 

Funny Pics as Phishing TestFunny Pics – Click on a link to explore funny pics on the web. It is a simple scenario but it is still working.

 

 

iCloud login as Phishing TestiCloud (Hyperlink Only) – This template simulates the iCloud tracking feature of lost/stolen devices.

 

 

 

Increase your mail storage as phishing testIncrease your internal mail storage – The user is asked to click a link to increase the mail storage quota in order to have access to the mailbox.

 

 

IRS Tax Refund as Phishing TestIRS Tax Refund – This is a real world tax refund scam example 😉

 

 

Lunch discount with macro as Phishing TestLunch Discount (Mixed with Macro) – Lunch discount voucher with a Macro available, after the user logs into the the authenticated area. This is a file based scenario including one of our own and safe droppers.

 

 

microsoft office 365 login as phishing testMicrosoft 365 © Online Login All new Version 1.2 – The message asks the user to login to his/her “Mircosoft Office 365” account. The login will generate an error, and the user will be able to download the software.

 

 

Microsoft Receipt as Phishing TestMicrosoft Receipt (eMail attachment only) – This is a file-based only scenario without a landing page. It contains a Word file with macros. When the macro gets executed, the script will simply connect back to LUCY using the built-in browser. No data is transmitted. You will have the ability to track who executed the macro.

 

Microsoft Virus as a phishing testMicrosoft Warning (Hyperlink Only) – The user receives a window style warning “Internet Browser is infected with a worm SVCHOST.Stealth.Keylogger.” and is asked to click on a link to resolve this.

 

 

Reedeem points from airline as phishing testRedeem points for Airline ticket – Some phishing scams do not ask for logins. Instead, they try to get some general information about the user by offering interesting giveaways. In this scenario, we ask the user to provide  information about past flights. Many people participate in these bogus giveaways thinking some of them might be genuine.  However, providing information about past flights is valuable for any attacker as it helps prepare more sophisticated attacks.

secure message waiting as mock phish templateSecure Message Waiting – In this hyperlink scenario the user will get a notification about a secure e-mail waiting in his inbox. This message template has different languages within the actual message body. The recipient can select the language at the top

 

termination of your email account as simulated phising attackTermination of your email account (Hyperlink Only) – Email messages which claim the recipient’s email account is in the process of being deactivated and hence he/she must click the link within the same email message to cancel the deactivation process.

 

termination of your email account as phishing testTermination of your email account – It is the same scenario as above. But after the ‘login’, the recipient will also be able to download a PDF error report. The download of this report can be tracked by the LUCY admin.

 

 

web surfing statistics as phishing simulation scenarioNew Web Surfing Statistics (Login & Macro) – Employees get asked to enter their MS-Windows credentials to access personalized web surfing statistics from a site, where they can download a detailed report that contains a Macro. This is still one of our most successful scenarios that’s why we reworked it.

 

simulation template: Workplace security notificationWorkplace Security Notification – “Workdaysystem”: a security notification from the workplace information system requires immediate attention. The notification details can be downloaded within the authenticated area as a traceable PDF

 

workplace security notification with word macro as phishing simulation (template)Workplace Security Notification (Download Only) – “Workdaysystem”: a security notification from the workplace information system requires immediate attention. The notification details can be downloaded as a traceable Microsoft Office © file with a Macro, that pings back to LUCY upon opening.

 

you have been tagged as phishing testYou have been tagged – Your picture has been tagged on “SocialHub”. Provide your e-mail and birth date to confirm that this is you!

 

 

your account was leaked as phishing testYour account was leaked! (hyperlink only) – The FBI Cybercrime Division informs the recipient that his/her email account was flagged in their database as potentially being used for fraudulent activity.

 

 

your account was leaked as phishing simulation including word macroYour account was leaked! (with Word Macro) – The FBI Cybercrime Division informs the recipient that his/her email account was flagged in their database as potentially being used for fraudulent activity. After filling the fields on the Landing Page, a MS-Word Document with a Macro will be available for downloading the database report. This is a new file based attack template.

 

premium membership account details as a phishing testYour membership account has been created – The user gets a notification that a membership account has been created and he has 24 hours to deactivate the account before his credit card gets charged

 

 

Train ticket purchase as phishing testYour train ticket is ready for download – The user gets a copy of his train tickets, which can be edited/viewed using a link

 

 

So that’s it so far. Keep on enjoying LUCY Server!

 

 or download our free Community Edition here.

 

What is New in LUCY Version 4.0?

The 14 best new phishing and databreach prevention features in LUCY V4.0 [Video]

With 4.0, we’ve rolled out a pretty long list of new features and improvements. Our cyberprevention server has become even better than it already is. In this article, we would like to show you our 14 favorite new features that are worthy of special mention.

01. Dashboard improvements One

Starting with LUCY 4.0 we re-designed the dashboard. Filter by type or by execution status, use the search field and select between multiple dashboard modes.

02. Dashboard improvements Two

Widgets! Can be moved on the screen

03. Incident Auto Feedback

Including Risk Score Autoresponder. LUCY allows the admin to define an auto responder for submitted emails through the phish button. The risk score uses the IP’s and domains in your email and compares them with databases that contain information about malicious activities

04. Threat mitigation

The threat mitigation is a new feature that allows the LUCY admin to report reported phishing mails to according abuse contact of the provider’s originating IP address taken from the message header. You can click on the mail symbol within the incident center to initiate the sending of the report

05. Risk Assessment mode for campaigns

Instead of showing only raw data about how many users have been successfully phished, we can additionally provide a risk assessment methodology in LUCY, that shows the exposure to certain threats. We can classify different types of threats/Likelihoods such as Technical threats (e.g. unsecured windows PC, unsecure browser etc.), internal threat (e.g. uneducated user who clicks on certain content) and externals threats through hackers (latest trends in attacks, e.g. exploiting a specific browser vulnerability). In LUCY 4.0 we implemented the 1st analysis step and in the coming releases, this feature will be improved.

06. Create a new campaign based on a previous campaign template

LUCY now allows an administrator to create a template based on a previous campaign. The template consists of all settings including all associated scenario and awareness templates. You can then start a new campaign, using this campaign template

07. User reputation

The user reputation level is a score that gives every user a specific profile based on the number of tests performed against this user and the amount of successful phishing simulations.

08. New message template variables

Lucy allows you to use multiple variables within the message template. The variables pull the information from the recipient in the associated group. We added a few new variables (e.g. Gender specific variable) and you can now also use the dropdown in the message template to insert the variables at the right place. New is also the option to use these variables in the message header.

09Authoring Toolkit 

Create e-learning content with the integrated ADAPT Authoring tool: LUCY comes with an integrated e-learning tool called ADAPT. Adapt allows you to build a Multi-Modal content. You can watch videos, listen to audios with transcripts, and complete quizzes. Adapt also has Multi language and localization support Adapt is designed to solve a problem in eLearning. When you’re faced with delivery to multiple devices, such as desktop, tablet, mobile, you have a choice: you can create multiple versions, each optimized for specific devices, or you can use a responsive design approach. If you create and optimize multiple versions for each device, you might build in Flash for desktop, a native app for iPhone, a different version for iPad, and Android, and so on. As you can see, this method is complex and expensive. Then when you start getting into translation and maintenance, it gets out of control pretty quickly – not to mention the tracking issues if you’re trying to track data from multiple sources. Adapt gives you a different, and much simpler option. Adapt creates just one version of your eLearning in HTML5, which responds intelligently to the device it is viewed on.

10. Reputation Based Learning 

Assign custom e-learning content based on a user’s reputation level: Based on the amount of successful attack simulations for an individual user, you can assign a specific e-learning template in LUCY. If a user didn’t fall for a phishing simulation yet, you might want to assign a different e-learning content than for a user who continuously submitted sensitive data in previous phishing simulations. Please visit this chapter for details.

 11. SCORM export of awareness content

All e-learning templates can now be exported using the SCORM format, allowing you to use the LUCY content in another  LMS (Learning Management System).

12. Advanced export features

Starting with LUCY 4.0 we added a navigation item called export within the campaign overview page. The menu that opens allows you to export any campaign related data

13. Randomization feature for the scheduler

We added a randomization feature, that allows you to split up your recipients over different scenario’s using the scheduler.

14. New real time statistics overview

The real time statistics were improved and they include various data sources and ‘views’ that allow you to see the overall campaign statistics (attack & e-learning) on one page.

Wiki Resources

  1. Dashboard improvements (Dashboard)
  2. Dashboard improvements (Widgets)
  3. Incident Auto Feedback
  4. Threat mitigation
  5. Multiple Default Campaigns
  6. Risk Assessment mode for campaigns
  7. User reputation
  8. New real time statistics overview
  9. New message template variables
  10. Authoring Toolkit
  11. Reputation Based Learning
  12. SCORM export of eLearning content: 
  13. Randomization feature for the scheduler 
  14. Advanced export features

 

Do you like our tool? Let us know if yes please! Thanks!

An e-Fax Phishing Scam with a trackable PDF File [Video]

Check whether and how many users download a supposed E-fax in PDF format and open it if necessary.

At the turn of the millennium, many companies banned the physical fax machine from the offices and instead introduced fax servers with mail functions. Since then, the number of fax messages sent has fallen almost to zero. Such seldom-used business functions are a popular attack vector for cybercriminals. The eFax attack template with integrated, traceable PDF file is one of the most popular scenarios of the LUCY Cyber Prevention Server. We show in a short video how to configure a phishing campaign and how to track the file download.

This campaign can be carried out with any version of LUCY, including the free Community Edition. The process is completely harmless and no confidential data will be sent to third parties.

Why does the scenario use a landing page for the ‘fax’? This is due to the fact that a PDF does not have a function that allows tracking as long as the end customer does not use a vulnerable PDF reader. The only way to track whether a PDF has been downloaded is to embed the file in a web page.

Further highlights of the LUCY software

  • In addition to phishing tests, the solution also allows comprehensive training of employees with many templates.
  • Local and cloud installation possible
  • LUCY’s Phishing Alarm Button allows easy notification in case of suspicion.
  • The Incident Console in LUCY automatically calculates an Email Risk Score and informs the end user about the risk potential of the reported message.
  • Prefabricated malware simulations show you to what extent an attack on your network would be successfulThe malware simulation also provides tips on how to fix any weak points.
  • You always remain in control of your data, no information is transmitted to third parties!
  • Complies with GDPR

 


or download LUCY here.

 

IT Security Tutorial Content available for free download in LUCY

New IT-Security Tutorials and Videos available for Free Download in LUCY

Download the new set of security tutorial video’s and brand new phishing attack templates for LUCY Server. Big free content upgrade 2017-09 is available now for everybody.

We have heard from some customers that they would like to use shorter versions of our popular videos. LUCY Security meets this demand with the big content update 09/2017. Not only are rich media security tutorials and videos delivered, but also brand new attack templates for phishing simulations. The content was tested and improved by our pilot customers. We can only recommend the videos: Don’t only run Mock Phish Campaigns, but also educate your staff with security tutorials from LUCY!

No. 4 this year – This is already the fourth content update this year. The software actually counts 97 phishing simulation templates, 38 awareness trainings, 16 educational videos and 16 file based attack templates and everything is included for free in LUCY Server.

Spam Unsubscribe – Spammers sometimes just send an email to get the user to click on the unsubscribe link in order to verify their email address. In this scenario we simulate such a SPAM message with an unsubscribe link.

 

Payment reminder template for mock phish with lucyPayment Reminder (Payoner) – The recipient gets a reminder of a payment, which is due. Clicking on the “reject” button allows the user to start a dispute.

 

 

it security tutorial is available for free download in lucyEmail Security Video – Short Version -In this short (~1 minute) security tutorial video we talk about email security risks. We have put together a few security tips, which involve best practices and policies. The content (animation, language, script) is customizable. More info about customization can be found here: https://goo.gl/HXN9SG

 

password security video - it security tutorial is available for free download in lucyPassword Security Video – Short Version – In this (~1 minute) security tutorial video we talk about password security risks. We have put together a few security tips, which involve best practices and policies. The content (animation, language, script) is customizable.

 

physical security video short - it security tutorial is available for free download in lucyPhysical Security Tutorial Video – Short Version – In this (~ 1 minute) security awareness video we talk about physical security risks. We also have put together a few security tips, which involve best practices and policies. The content (animation, language, script) is customizable.

 

Infosec Tutorial Video - This IT security tutorial is available for free download in lucyLucy Phishing Educational Video – Short version – This is a 1 minute educational video about phishing attacks. Every video scene can be customized (e.g. custom branding) and translated into additional languages.  This video allows you to track if the user watched the video.

 

Mobile Security Tutorial VideoMobile Security Tutorial Video 1.1 – Short Version – This short security video gives a few tips regarding the secure usage of mobile devices (mainly smartphone & laptop). Length: ~ 1 Minute, Audiences and Skill Levels see above and please note that all video’s can be fully customized. More info: http://www.lucysecurity.com/PS/doc/dokuwiki/doku.php?id=create_a_custom_e-learning_video

 

ransomware tutorial videoRansomware Tutorial Video – Short Version – In this short video (~ 1 Min) we talk about the ransomware threats. Since the NotPetya and WannaCry attacks of 2017, this video is very popular!

 

Security Tipps Tutorial Video by LUCYSecurity Tips Tutorial – Short Version – In this short (~ 1 minute) security tutorial video we have put together a few security tips, which involve best practices and policies that promote security. The content (animation, language, script) is customizable.

 

Microsoft receipt tutorial from LUCY SecurityMicrosoft Receipt Mock Phish Attack Template – This is a file based only scenario without a landing page containing a Word file with macros. When the macro gets executed, the script will simply connect back to LUCY using the build in browser. No data is transmitted. You will have the ability to track, who executed the macro.

 

Avoid Phishing Attacks TutorialAvoid & Recognize Phishing Attacks (Remake 09/2017: Version 2.1) – In this static course we describe the different phishing types (MASS-SCALE PHISHING, SPEAR PHISHING, WHALING, VISHING, SMISHING, SOCIAL MEDIA PHISHING) and give the user practical tips. All content is 100 % customizable. Duration: 5-10 Minutes.

Security Awareness Videos, Tutorials, Trainings and Quizes from LUCY – everything is included!

By the way: If you want to translate the video into your local language, we do this for only 350 USD….

Educational Advanced Spear Phishing Simulation with the appropriate Malware

Advanced Spear Phishing Campaign and appropriate Malware [Video-Tutorial]

Suitable for reproduction: Build your own advanced Spear Phishing Simulation with the appropriate attached Malware with LUCY. A 30 minute video gives you the possibility to build up an advanced phishing and malware simulation almost off the cuff!

LUCY Founder Oliver explains how you can set up an advanced Educational Spear Phishing campaign and store it as an reusable template. Contents are:

  • Create a new attack template for your own purpose
  • Create a file-based or mixed advanced spear phishing scenario, using pre-defined templates.
  • Configure the phishing mails, so that thy contain personalized content
  • Configure and integrate harmless Trojans (Malware) into the file-based scenario
  • Set a default behavior of the Trojan (f.e. commands on the client to be executed or the listing of “Recent Documents” on the target computer)
  • Start, monitor and finalize the campaign
  • Reporting: Analyze the results of the Spear Phishing campaign
  • Useage of the scheduler with multiple scenarios (Q+A at the end)

You would like to reproduce/replay this educational phishing campaign? Just request a Demo System here:

 

You want to copy an existing Website for a Social Engineering Scam? (Simulation) – We show you how it’s done

After 2 (two!) minutes you have a cloned website for your Phishing Scenario. LUCY Social Engineering Simulation Server empowers you when you set up an IT-Security Awareness Campaign [Screencast].

Advanced Phishing Simulations: Clone a Website and add your own Login Form – Do you want to create a phishing simulation and you want to use an social engineering simulation with LUCY - Cloning an existing Website and inserting a login form for data capturealready existing website as a landing page? This 2 minute video shows you quickly how to create a custom landing page with the website copy feature and adding a custom login form for data capture.

Just create a new scenario and select an empty Web based scenario. You can also select any other Web based scenario template for the social engineering simulation you want to customize, because the “Website Copy Feature” overwrites the default Landing Page of the template.

The steps described in the webcast are

  1. In LUCY, create a new campaign, edit the basic settings and save it
  2. Create a new scenario by selecting a Web based attack template (or chose an empty one), populate all mandatory fields and save it.
  3. Go to the Landing Page Menu Item of the scenario you created just before
  4. Push the “Copy Website Button”, the ‘WebSiteCopy’ dialogue appears
  5. Fill out the fields:
    • URL – The source website you want to copy
    • Language – With that you’re defining your language version (LUCY allows multiple languages in the same campaign)
    • File – Select the appropriate value in the poplist, choose f.e. index.html
  6. Push the “Start” Button and the Website Copy is executed. Even really big sites can be copied. And it’s fast!
  7. After the copy is finished, use the Back Button of the dialoge (not of the browser)
  8. Go into the editor, place the cursor where you want to add the login form, push the button “Insert Login Form”
  9. The System provides you three predefined login forms. Select an appropriate one and press OK. If you want to modify it later on, you can do that manually.
  10. The login form appears on the landing page from you social engineering simulation / phishing scenario. Save your setup of the landing page and you’re done with it!

 

Thank you for using LUCY. If you want to see the full end-to-end process from setting up the campaign until sending out and tracking the phishing simulation messages, the just watch the longer webcast below.

Watch the full and more detailed Scenario: Social Engineering Simulation Webcast

 

 

Setup Phishing attack – Your first Phishing simulation

Setup a Phishing attack within minutes due template based wizards. If you want to find out how vulnerable your people are to Phishing scams , you should choose LUCY Community Edition (free). Watch the screencast.

Setup phishing attack: When you use a best practice template together with the wizard mode, you will have your phishing email set up instantly. When you choose a scenario with a landing page you can also base on a best practice site template. This html-page can be adapted to your need directly using the graphic editor in LUCY.  Before launching the campaign you need to add address groups containing the recipients of your phishing attack. After minutes your are ready to run your first phishing campaign in order to train your employees. Watch the screencast “Set up a Phishing Attack – your first phishing simulation” below  (Sorry for the strong accent 😉 )


Keep it simple stupid, phisher!
Please take note: If your employees are new to the topic of phishing (simulations), please start with simple campaigns! Make it a game or a competition and try that most people are successful in spotting your simulations, at least at the beginning.

Setup Phishing attack – Screencast:

Setup Phishing Attack with LUCY and start your first simulation

Video: Setup Phishing attack with LUCY

If you want to know more about set up Phishing Attacks please refer to our Manual available on the Support Wiki: 

Before set up of the phishing attack – Preliminary tasks

If you need to download and to install LUCY first, then

  1. Get VMware, Oracle Virtual Box or similar
  2. Download LUCY here it’s done in minutes and the Community Edition comes free
  3. Watch the screencast: Install LUCY  from scratch

What is LUCY Phishing and Infrastructure Test Server?

LUCY is a Phishing, Training and Tech Assessment solution. It can be installed on premise or in the cloud. It enables you to run

  • Fake Phishing / Smishing / Bad-USB scams
  • IT-Security awareness trainings and increase knowledge against Social Engineering
  • IT-Infrastructure assessments and Technology tests
  • Fake ransomware simulations

We have more than 2’400 active installations so far. For more information please refer to http://www.lucysecurity.com .  LUCY Security – Increase IT Security and maintain Cybersecurity Awareness.

New Video Tutorial “Interactive Sessions with LUCY”

Please watch our latest video tutorial concerning a malware simulation that establishes an interactive client communication with reverse http or https channels.