Provide a safe learning environment for your employees
Provide a safe learning environment for your employees
Lucy enables organizations to take on the role of an attacker (phishing simulation) and identify gaps in both the technical infrastructure and security awareness and resolve them through a comprehensive e-learning program.
Lucy enables you to simulate the full threat landscape that goes beyond just simple phishing emails:
Hackers can use portable media drives to gain access to sensitive information stored on a computer or network. LUCY offers the option to perform portable media attacks where a file template (e.g., executable, archive, office document with macros, etc.) can be stored on a portable media device such as USB, SD card, or CD. The activation (execution) of these individual files can be tracked in LUCY.
Smishing is, in a sense, “SMS phishing.” When cybercriminals “phish,” they send fraudulent e-mails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of e-mail.
Data entry attacks can include one or more web pages that intercept the input of sensitive information. The available web pages can be easily customized with a LUCY web editor. Additional editing tools allow you to quickly set up functions such as log-in forms, download areas, etc. without HTML knowledge.
A hyperlink-based campaign will send users an e-mail that contains a randomized tracking URL.
LUCY’s flexible redirection functions allow the user to be guided, at the right moment, to the desired areas of attack simulation or training. For example, after entering the first 3 characters of a password in a phishing simulation, the user can be redirected to a special training page about password protection.
Mixed attacks allow a combination of multiple scenario types (file-based, data entry, etc.) in the same campaign.
File-based attacks allow the LUCY administrator to integrate different file types (office documents with macros, PDFs, executables, MP3s, etc.) into mail attachments or websites generated on LUCY and to measure their download or execution rate.
This feature makes it possible to send multiple phishing e-mails in each campaign, with the first benign e-mail (the bait) containing nothing malicious and not demanding a reply from the recipient.
Java-based attacks allow the LUCY administrator to integrate a trusted applet within the file-based or mixed attack templates provided in LUCY and to measure their execution by the user.
PDF-based phishing attacks can be simulated with this module. LUCY allows “hiding” executable files as PDF attachments and measuring their execution. Furthermore, dynamic phishing links can be also generated within PDFs.
In phishing simulations, false positives must be prevented for log-in fields (e.g., logging with invalid syntax). The company guidelines may also forbid the transmission of sensitive data such as passwords. For this purpose, LUCY provides a flexible input filtering engine that offers a suitable solution for every requirement.
LUCY comes with hundreds of predefined attack templates in more than 30 languages in the categories of data entry (templates with a website), file-based (e-mails or websites with a file download), hyperlink (e-mails with a link), mixed (combination of data entry and download), and portable media.
Attack templates are available for specific industries or divisions.
Take control of the generated URLs to identify the recipients. Use automated short (< 5 characters) or long URL strings or set individual URLs for each user. The manual URL creation allows you to form links that a user can easily remember. In environments where link clicks are disabled in e-mails, this is a must.
URL shorteners are a relatively new Internet service. As many online social services impose character limitations (e.g., Twitter), these URLs are very practical. URL shorteners, however, can be used by cyber criminals to hide the real target of a link, such as phishing or infected websites. For this reason, LUCY offers the possibility to integrate different shortener services within a phishing or smishing campaign.
Quickly create highly professional landing pages for your campaigns. Clone existing websites and add additional layers with data entry fields, files for download, and more.
Level-based phishing training for employees serves to make the risk of social hacking measurable. Scientific analysis should also identify the most important risk factors so that individual training content can be offered automatically.
The Spear Phish Tailoring works with dynamic variables (gender, time, name, e-mail, links, messages, division, country, etc.) which you can use in landing and message templates.
Digital signatures for e-mails: Send signed phishing simulation mails (s/mime). Use DKIM to get a better sender score.
Recipients with a better technical understanding could use their browser to call the domain or IP address associated with the randomly generated phishing link. To prevent error messages from appearing or the end user from even coming to the login area of the admin console, you can create generic “homepages” within LUCY for the domains used in the phishing simulation.
Make your own phishing templates with our editor and simulate any type of phishing attack. No special technical skills are necessary.
Phishing simulations provide quantifiable results that can be measured. Our available simulations include SMS Phishing, Corporate Phishing (simulated e-mails that appear to come from “inside” your own organization), Board Member Spear Phishing (target a handful of senior individuals in a position of influence) Ransomware Simulation, Personal Phishing (simulations aimed to use well-known brands like Amazon, Apple, eBay, etc.), and many more techniques. These measurements allow improvement to be identified and tracked. The consultative approach our team takes will ensure all phishing simulations and campaigns are bespoke to the threats facing your organization. Prior to the phishing simulation, the needs and objectives are clarified and coordinated with the planned activities. The goal is to define the key elements of the campaign:
In every phishing simulation activity the theme plays an important part in meeting the end objective of educating users on real threats. To provide a real-world experience and awareness the selected phishing simulation theme should align with an event or context relevant to the targeted individual or group. Here are some points to consider for effective simulation activities:
The LUCY phishing simulation can be combined with services that will help the company to better assess the risk. Here are a few examples: