# Table of Contents - [Wiki Overview | Lucy Awareness](#wiki-overview-lucy-awareness) - [Guides | Lucy Awareness](#guides-lucy-awareness) - [Quick Guides | Lucy Awareness](#quick-guides-lucy-awareness) - [Create Your First Campaign | Lucy Awareness](#create-your-first-campaign-lucy-awareness) - [Register an Attack Domain | Lucy Awareness](#register-an-attack-domain-lucy-awareness) - [Attack Settings | Lucy Awareness](#attack-settings-lucy-awareness) - [Adding a New Client | Lucy Awareness](#adding-a-new-client-lucy-awareness) - [Selecting an Attack | Lucy Awareness](#selecting-an-attack-lucy-awareness) - [Campaign Setup | Lucy Awareness](#campaign-setup-lucy-awareness) - [Installing Lucy | Lucy Awareness](#installing-lucy-lucy-awareness) - [Review | Lucy Awareness](#review-lucy-awareness) - [On-Premise vs Cloud Installation | Lucy Awareness](#on-premise-vs-cloud-installation-lucy-awareness) - [Whitelisting | Lucy Awareness](#whitelisting-lucy-awareness) - [Recipients | Lucy Awareness](#recipients-lucy-awareness) - [Awareness Settings | Lucy Awareness](#awareness-settings-lucy-awareness) - [Architecture | Lucy Awareness](#architecture-lucy-awareness) - [Microsoft O365 Whitelisting | Lucy Awareness](#microsoft-o365-whitelisting-lucy-awareness) - [Attack Simulations | Lucy Awareness](#attack-simulations-lucy-awareness) - [Network Communication | Lucy Awareness](#network-communication-lucy-awareness) - [Whitelisting a Lucy Server | Lucy Awareness](#whitelisting-a-lucy-server-lucy-awareness) - [Installing Lucy | Lucy Awareness](#installing-lucy-lucy-awareness) - [Awareness Training | Lucy Awareness](#awareness-training-lucy-awareness) - [Attack Types | Lucy Awareness](#attack-types-lucy-awareness) - [Hardware Requirements | Lucy Awareness](#hardware-requirements-lucy-awareness) - [Firewall Protection Interval | Lucy Awareness](#firewall-protection-interval-lucy-awareness) - [Email Tracking Technologies | Lucy Awareness](#email-tracking-technologies-lucy-awareness) - [Google Workspace Whitelisting | Lucy Awareness](#google-workspace-whitelisting-lucy-awareness) - [Application Reference | Lucy Awareness](#application-reference-lucy-awareness) - [Post Installation | Lucy Awareness](#post-installation-lucy-awareness) - [Campaigns | Lucy Awareness](#campaigns-lucy-awareness) - [Ransomware Emulation | Lucy Awareness](#ransomware-emulation-lucy-awareness) - [Managing Google SafeBrowsing Alerts | Lucy Awareness](#managing-google-safebrowsing-alerts-lucy-awareness) - [Copy a Website | Lucy Awareness](#copy-a-website-lucy-awareness) - [Using Multiple Awareness Trainings | Lucy Awareness](#using-multiple-awareness-trainings-lucy-awareness) - [Notifications | Lucy Awareness](#notifications-lucy-awareness) - [Regular Expressions in Login Fields | Lucy Awareness](#regular-expressions-in-login-fields-lucy-awareness) - [Deploying Gmail | Lucy Awareness](#deploying-gmail-lucy-awareness) - [Use extended method of tracking the end of the quiz | Lucy Awareness](#use-extended-method-of-tracking-the-end-of-the-quiz-lucy-awareness) - [Lures | Lucy Awareness](#lures-lucy-awareness) - [File Attack Whitelisting | Lucy Awareness](#file-attack-whitelisting-lucy-awareness) - [Hyperlink Attack | Lucy Awareness](#hyperlink-attack-lucy-awareness) - [Advanced Information Gathering | Lucy Awareness](#advanced-information-gathering-lucy-awareness) - [Email Spoofing Test | Lucy Awareness](#email-spoofing-test-lucy-awareness) - [Deploying Office 365 | Lucy Awareness](#deploying-office-365-lucy-awareness) - [Data Entry Attack | Lucy Awareness](#data-entry-attack-lucy-awareness) - [QR Codes | Lucy Awareness](#qr-codes-lucy-awareness) - [Redirecting Users | Lucy Awareness](#redirecting-users-lucy-awareness) - [Attack Settings | Lucy Awareness](#attack-settings-lucy-awareness) - [Reporting Plugin | Lucy Awareness](#reporting-plugin-lucy-awareness) - [Deploying Outlook Native (Deprecated) | Lucy Awareness](#deploying-outlook-native-deprecated-lucy-awareness) - [Legal | Lucy Awareness](#legal-lucy-awareness) - [Privacy Policy | Lucy Awareness](#privacy-policy-lucy-awareness) - [Service Level Agreement | Lucy Awareness](#service-level-agreement-lucy-awareness) - [Confidentiality of Campaign Data | Lucy Awareness](#confidentiality-of-campaign-data-lucy-awareness) - [Contact Us | Lucy Awareness](#contact-us-lucy-awareness) - [EULA | Lucy Awareness](#eula-lucy-awareness) - [DPA, Customer and Partner Info | Lucy Awareness](#dpa-customer-and-partner-info-lucy-awareness) - [Email Protection | Cloudflare](#email-protection-cloudflare) --- # Wiki Overview | Lucy Awareness ![Page cover](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252F25p8W5O6yL1RidjXRZlx%252FLucyLogoEvolution%25202025.jpg%3Falt%3Dmedia%26token%3Df193bd9f-0cc9-415d-abc1-0b4602d6dac3&width=1248&dpr=4&quality=100&sign=4277d4a&sv=2) This wiki is for Lucy version 5.2 and higher. This wiki assists users in navigating and utilizing Lucy's platform. Whether you're looking for in-depth technical details about Lucy's platform specifications and features, or need step-by-step guidance for developing comprehensive security awareness strategies, this wiki is designed to be your go-to resource. * * * **This wiki is organized into two primary sections:** [](https://wiki.lucysecurity.com/application-reference) **Application Reference** Provides detailed information on Lucy's platform specifications and features. [](https://wiki.lucysecurity.com/guides) **Guides** Provides step-by-step instructions for administrators to create, configure, and troubleshoot platform-related topics. * * * [](https://wiki.lucysecurity.com/#quick-links) Quick Links --------------------------------------------------------------- [](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign) Quick Start [](https://wiki.lucysecurity.com/guides/installing-lucy) Installing Lucy [](https://wiki.lucysecurity.com/release-notes) Release Notes * * * Last updated 6 months ago Was this helpful? --- # Guides | Lucy Awareness [Quick Guides](https://wiki.lucysecurity.com/guides/quick-guides) [Installing Lucy](https://wiki.lucysecurity.com/guides/installing-lucy) [Manage Blacklisted Domains](https://wiki.lucysecurity.com/guides/manage-blacklisted-domains) [Whitelisting a Lucy Server](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server) [Attack Simulations](https://wiki.lucysecurity.com/guides/attack-simulations) [Awareness Training](https://wiki.lucysecurity.com/guides/awareness-training) [Reporting Plugin](https://wiki.lucysecurity.com/guides/reporting-plugin) [PreviousWiki Overview](https://wiki.lucysecurity.com/) [NextQuick Guides](https://wiki.lucysecurity.com/guides/quick-guides) Last updated 1 year ago Was this helpful? Was this helpful? --- # Quick Guides | Lucy Awareness [Create Your First Campaign](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign) [PreviousGuides](https://wiki.lucysecurity.com/guides) [NextCreate Your First Campaign](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign) Was this helpful? Was this helpful? --- # Create Your First Campaign | Lucy Awareness Before launching your first campaign, configure the key settings outlined in this guide to streamline the setup process and minimize delays. Lucy is designed for all experience levels, offering a versatile and intuitive interface. [PreviousQuick Guides](https://wiki.lucysecurity.com/guides/quick-guides) [NextAdding a New Client](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/adding-a-new-client) Last updated 1 year ago Was this helpful? Was this helpful? --- # Register an Attack Domain | Lucy Awareness Why do you need to register an Attack Domain?[](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/register-an-attack-domain#why-do-you-need-to-register-an-attack-domain) Registering an attack domain serves two key purposes: 1. Enables creating domains resembling the targeted organization, enhancing realism (e.g., "mirconsoft.com" instead of "microsoft.com"). 2. Prevents blacklisting of the Lucy system domain, safeguarding your server and ensuring effective future campaigns. Configuring an attack domain in Lucy is simplified with our GoDaddy API integration, which automatically sets up DNS records for email sending and landing page hosting. Navigate to **Settings -> Common System Settings -> Domains** ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FtKMj1Fx7w3UShQTlJZGr%252Fimage.png%3Falt%3Dmedia%26token%3Da6ac6ccd-ca34-41d8-997b-f916eb635fde&width=768&dpr=4&quality=100&sign=5099f04a&sv=2) Select "Register" Enter the modified "spoofed" domain you would like to use and check whether it is available for registration. When the check is complete you will be taken to the registration page. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FI78xYGX3kNMuRdB9mIWT%252Fimage.png%3Falt%3Dmedia%26token%3Df76e6764-4415-48b4-ad84-653e515f7c24&width=768&dpr=4&quality=100&sign=a1e47298&sv=2) Provide a valid email address for WHOIS validation, domain expiration alerts, and DNS management access. Ensure accurate details when registering your domain as it is linked to your organization. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FaV2fY2rKnB0NFW5EUK33%252Fimage.png%3Falt%3Dmedia%26token%3D1f023ff7-29b5-4602-b766-96eefbe59cc6&width=768&dpr=4&quality=100&sign=1a46885a&sv=2) After registering your domain, the automatic DNS configuration typically completes within minutes. However, in very rare cases, it may take 4 to 8 hours for all DNS servers to fully propagate. [PreviousAdding a New Client](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/adding-a-new-client) [NextCampaign Setup](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/campaign-setup) Last updated 1 year ago Was this helpful? Was this helpful? --- # Attack Settings | Lucy Awareness Next, define the Campaign and Attack settings, then link the relevant Awareness Training. **3.1** Campaign settings: Specify the campaign name, associated client, and additional options in this section. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FCrxdL35zGpEQDvOA3SEE%252Fimage.png%3Falt%3Dmedia%26token%3Dc167bcb2-d1b0-43ee-9bc5-6d700929185c&width=768&dpr=4&quality=100&sign=fc379515&sv=2) **3.2** Attack Settings: Next, we will specify the parameters for the Attack. **Domain** -> Select the attack domain registered in [step 2](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/register-an-attack-domain) of the Quick Guides. This will be the primary domain for the email address and the associated landing page. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252Ft3F7tZvslC4CsQ08O3CT%252Fimage.png%3Falt%3Dmedia%26token%3D0775c8ba-9a97-4fce-a9b8-f6ab46754b29&width=768&dpr=4&quality=100&sign=8ec7cd65&sv=2) **SSL** -> Lucy seamlessly integrates with Let's Encrypt to automatically create, validate, and bind SSL certificates to your domain. What is SSL?[](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/campaign-setup/attack-settings#what-is-ssl) SSL (Secure Sockets Layer) acts as a protective shield. It ensures that data exchanged with the phishing page remains secure and protected from eavesdropping. This safeguard helps maintain the realism and safety of your simulation. Without an SSL certificate, recipients will see a red warning page, indicating an insecure site. This can undermine the authenticity of your simulation. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FwFWz23u0sObLnZxdEqy1%252Fimage.png%3Falt%3Dmedia%26token%3D94b43a8e-1917-4e26-992d-c8fcdba3d553&width=768&dpr=4&quality=100&sign=8767c2aa&sv=2) **Sender Name**, **Email**, and **Subject** -> Define the sender of the attack, their email address, and the subject. Using a sender email that matches your registered domain is recommended. This improves email deliverability by leveraging existing DNS records and reduces the risk of emails being flagged as spam. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FokbPyEFBGJMNbbVe0WfO%252Fimage.png%3Falt%3Dmedia%26token%3Dfc2a4e56-2bcc-49fd-9f20-77827f6b0cfa&width=768&dpr=4&quality=100&sign=7f187a6a&sv=2) **3.3** Editing the Email Content: The Lucy email editor is a versatile tool that lets you tailor email content to your preferred language and structure. Most templates include variable placeholders like **%name%**, which auto-insert each recipient's name for a personalized touch, making spear-phishing attacks more effective. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252Fg4o5Msp3r2Rz1hRBCFj3%252Fimage.png%3Falt%3Dmedia%26token%3D54037474-b957-4c65-b938-fb169281b099&width=768&dpr=4&quality=100&sign=4f81902f&sv=2) The objective of simulated attacks is to persuade users to click on an email link, enabling the collection of click-through statistics. To add a **new** link in your email, highlight the desired word or phrase, click the link icon, and enter **%link%** in the URL field. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FY8fX3XA9rKdmy4kSmtjA%252Fimage.png%3Falt%3Dmedia%26token%3D57529458-e3d1-4667-b0e3-6d7a96b8f8f5&width=768&dpr=4&quality=100&sign=4233726a&sv=2) The `%link%` placeholder automatically generates a URL combining your registered attack domain with a unique tracking hash for each recipient, allowing for detailed tracking. For example, with "open-ai.net" as the domain, the recipient sees a link like "[https://open-ai.net/xvcskahjry](https://open-ai.net/xvcskahjry) ", enabling precise monitoring of individual interactions. [PreviousSelecting an Attack](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/campaign-setup/selecting-an-attack) [NextAwareness Settings](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/campaign-setup/awareness-settings) Last updated 1 year ago Was this helpful? Was this helpful? --- # Adding a New Client | Lucy Awareness What is a Client?[](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/adding-a-new-client#what-is-a-client) Lucy’s architecture utilizes a client framework to organize information, where each client acts as a container for elements such as campaigns, templates, and user access. This structure promotes data segregation and improved security, ensuring data integrity and confidentiality. Clients can be customized to suit various needs: a single client is appropriate for one organization, while managing multiple organizations requires distinct clients for each, allowing tailored control and security for every organization. * * * ### [](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/adding-a-new-client#create-a-client) Create a Client Navigate to **Settings -> Clients -> Clients** ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252F8o4xAuiVTTFjcCE8ESyS%252Fimage.png%3Falt%3Dmedia%26token%3D2e1742cf-ef82-4b0a-bca7-80d7fc4b5b5f&width=768&dpr=4&quality=100&sign=eebceb58&sv=2) * * * Select "New Client" ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FR1FSCsUZYKbkUVS6lfBB%252Fimage.png%3Falt%3Dmedia%26token%3D5edd7f3e-e373-4b21-9e52-36bef04744ae&width=768&dpr=4&quality=100&sign=4b27e28&sv=2) * * * To set up a client in Lucy, you only need to enter the client's name. Additional fields can be filled in for record-keeping and statistical analysis. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FcMiXQ9hO6OX2HrKWZ7e7%252Fimage.png%3Falt%3Dmedia%26token%3D7da79ee3-a6a8-4fb5-8bf7-b6015e53f3ba&width=768&dpr=4&quality=100&sign=5908bdc8&sv=2) * * * [PreviousCreate Your First Campaign](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign) [NextRegister an Attack Domain](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/register-an-attack-domain) Last updated 1 year ago Was this helpful? Was this helpful? --- # Selecting an Attack | Lucy Awareness Select one of our multiple Attack templates that closely resembles your simulation goal. Search Hints[](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/campaign-setup/selecting-an-attack#search-hints) To ensure clear communication, always send templates in the recipient's native language. Our language filter showcases templates already translated into your target languages. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FqjKyaAGDojPz8uTH0cVD%252Fimage.png%3Falt%3Dmedia%26token%3Dc868d45e-5c2b-43a5-b38e-be58ed94daa3&width=300&dpr=4&quality=100&sign=479b7dec&sv=2) Similarly, you can also search for the **Target Audience**, **Category,** and **Difficulty Level** ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252F45lS1gRDq134dqxS2uk7%252Fimage.png%3Falt%3Dmedia%26token%3D622e3d21-2733-45c8-8e53-7f072e7b650b&width=300&dpr=4&quality=100&sign=3b9ffea2&sv=2) Let's focus on the **ChatGPT Scenario**: Lucy's wizard is designed for efficient previewing of the Message Template and Landing page. It provides real-time dynamic access to test the template before committing it to your campaign. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FejLNrVP9JDUvE3wNNyNW%252Fimage.png%3Falt%3Dmedia%26token%3D7c9b7239-60b1-48d9-9401-db0a13368761&width=768&dpr=4&quality=100&sign=ba7f2ad8&sv=2) **2.1** Previewing the Landing Page: Select -> Preview -> Landing -> the Language you would like to view. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252Fm38BpX43BZSsykerU43L%252Fimage.png%3Falt%3Dmedia%26token%3Dcd1e396c-07c6-47c2-ba5f-87f75f6df687&width=768&dpr=4&quality=100&sign=dac0ff3e&sv=2) This action will open a new tab in your browser, enabling you to dynamically test the template's functionality. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252Fwb0ScrJtHXPMKPj0Q5uH%252Fimage.png%3Falt%3Dmedia%26token%3D37fa43f9-debe-413c-9697-f45677adf621&width=768&dpr=4&quality=100&sign=91ca5618&sv=2) **2.2** Previewing the Email Message: Similarly, you can also preview the email message ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252F9zqKMwvG9g1sR39NvePe%252Fimage.png%3Falt%3Dmedia%26token%3D4df8b7ef-f306-41cd-b5ef-5d9515ec8856&width=768&dpr=4&quality=100&sign=6bfb3a59&sv=2) After selecting the Attack template you want to use, click on 'Next' [PreviousCampaign Setup](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/campaign-setup) [NextAttack Settings](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/campaign-setup/attack-settings) Last updated 1 year ago Was this helpful? Was this helpful? --- # Campaign Setup | Lucy Awareness **1.1** On the Lucy dashboard, select "New Campaign" ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FlfUvoeMHoQc2Dyww0toH%252Fimage.png%3Falt%3Dmedia%26token%3Dd760fae2-6a37-4b9c-be57-3abda6a99160&width=768&dpr=4&quality=100&sign=c5a0a41d&sv=2) **1.2** Choose the Campaign Type: Lucy's campaign creation strategy includes three key elements: Attack Simulations, Employee Education (Awareness), and Infrastructure Tests. These components can operate individually or together. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FYvwLz5IFbJuFmbz8EbSG%252Fimage.png%3Falt%3Dmedia%26token%3D2265e041-9104-489a-839e-a461a566a734&width=768&dpr=4&quality=100&sign=3179da38&sv=2) Attack Simulation Educate Employees Infrastructure Tests To begin creating a campaign with an Attack, first select the Attack type. You can also link an Awareness training template in subsequent steps if desired. [**Data Entry Attack:**](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/data-entry-attack) The recipient will receive an email with a link that leads to a fake webpage designed to harvest credentials. A successful attack occurs when the recipient enters their data on this page. [**Hyperlink Attack:**](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/hyperlink-attack) The recipient will receive an email with a link, and the attack is deemed successful as soon as they click on this link. There is no associated landing page in this scenario. [**File Attack:**](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/file-attack) Like Data Entry Attacks, the user receives an email with two potential actions: they can click a link to visit a landing page where they download an executable file, or the executable file can be directly attached to the email itself. [**Portable Media Attack:**](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/portable-media) LUCY provides the capability to create files for use on various removable media devices, including CDs, USBs, DVDs, SD Cards, and others. The most common approach involves attacks via USB sticks. [**Smishing:**](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/smishing) Smishing, also known as SMS Phishing, is a deceptive tactic where fraudulent text messages are sent to trick recipients into revealing sensitive information such as credit card details or passwords. It's important to note that this type of attack can only be configured in [**Expert Mode**](https://wiki.lucysecurity.com/application-reference/campaigns/expert-mode) . This selection is reserved for Awareness-only campaigns, where an administrator aims to focus solely on training their users. Infrastructure tests are designed to assess your organization's defenses against common attack vectors. **Technical Malware Test**: Evaluate your technical defenses against malware by simulating a malware attack and observing whether the current security setup can detect and neutralize the threat. **Mail & Web Filter Test**: Assesses the effectiveness of your email and web filtering systems. This test sends non-malicious simulated spam and phishing emails to see if the filters can successfully block these potential threats. **Spoofing Test**: Checks the robustness of the system against email spoofing. It tests whether someone can mimic or 'spoof' an email address from your domain, which is a common tactic used in phishing and social engineering attacks. [PreviousRegister an Attack Domain](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/register-an-attack-domain) [NextSelecting an Attack](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/campaign-setup/selecting-an-attack) Last updated 1 year ago Was this helpful? Was this helpful? --- # Installing Lucy | Lucy Awareness [On-Premise vs Cloud Installation](https://wiki.lucysecurity.com/guides/installing-lucy/on-premise-vs-cloud-installation) [Architecture](https://wiki.lucysecurity.com/guides/installing-lucy/architecture) [Hardware Requirements](https://wiki.lucysecurity.com/guides/installing-lucy/hardware-requirements) [Network Communication](https://wiki.lucysecurity.com/guides/installing-lucy/network-communication) [Installing Lucy](https://wiki.lucysecurity.com/guides/installing-lucy/installing-lucy) [Post Installation](https://wiki.lucysecurity.com/guides/installing-lucy/post-installation) Last updated 1 year ago Was this helpful? Was this helpful? --- # Review | Lucy Awareness **Review your campaign** Your campaign is now configured. This page provides a detailed summary of all applied settings, letting you review and modify as needed. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FBd81SarBgriNsUz1QRr5%252Fimage.png%3Falt%3Dmedia%26token%3D225b895a-3bb3-4ac9-af69-36507c7fe25e&width=768&dpr=4&quality=100&sign=ef580c95&sv=2) If everything looks correct, click "Finish." A pop-up will appear with three selectable options: ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FUIRUPn1vA3Lsxm72FNqo%252Fimage.png%3Falt%3Dmedia%26token%3De81ad222-34fc-4919-aed0-72a6e33003a2&width=768&dpr=4&quality=100&sign=9b2346f6&sv=2) **Start Campaign** -> Begin the campaign immediately. **Initiate Test Run** -> This is a great way to test the campaign by first sending it to a specified email address, ensuring functionality and data collection are working correctly. **Go to Campaign** -> Choosing this option will take you to the campaign dashboard, where you can set advanced parameters like scheduling and IP filtering. **Important:** Before launching your campaign, ensure your Lucy server is whitelisted to prevent non-deliveries. See the next section on **Whitelisting**. [PreviousRecipients](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/campaign-setup/recipients) [NextWhitelisting](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/whitelisting) Last updated 1 year ago Was this helpful? Was this helpful? --- # On-Premise vs Cloud Installation | Lucy Awareness ### [](https://wiki.lucysecurity.com/guides/installing-lucy/on-premise-vs-cloud-installation#introduction) Introduction This article explores Lucy's adaptable architecture for on-premise and cloud-hosted setups. ### [](https://wiki.lucysecurity.com/guides/installing-lucy/on-premise-vs-cloud-installation#cloud-installation-advantages) **Cloud Installation Advantages:** VPS and Dedicated Root Server Hosting with LUCY Security AG[](https://wiki.lucysecurity.com/guides/installing-lucy/on-premise-vs-cloud-installation#vps-and-dedicated-root-server-hosting-with-lucy-security-ag) LUCY provides clients with the option to rent Virtual Private Servers (VPS) or dedicated physical servers, mainly located in Europe. There is also the flexibility to establish servers in other countries upon request. For services in Switzerland, LUCY partners with Hosttech. **EU Data Centers** LUCY Security uses Hetzner Online's data centers, a trusted provider since 1997. With data centers in Germany and Finland, Hetzner boasts DIN ISO/IEC 27001 certification for its ISMS. Their cloud servers feature AMD EPYC 2nd Gen and Intel® Xeon® Gold processors with fast NVMe SSDs. Standard Virtualized Private Server configurations include 8 vCPUs, 16 GB RAM, 240 GB SSD, and 20 TB Traffic. **US Data Center** Through Hetzner Online, LUCY Security extends its hosting services to the US, specifically to Ashburn, Virginia, within the Data Center Alley. Clients can request a VPS in this region by specifying a preference for the US zone. **High Availability** Despite efforts to maintain uninterrupted service, potential downtime risks include DDoS attacks, power failures, and compromised client servers. LUCY's infrastructure is monitored 24/7 from multiple global locations, ensuring rapid response to issues. The VPS services have a 99.9% annual availability guarantee, allowing for up to 9 hours of potential downtime per year. **Advantages of LUCY's VPS/Dedicated Servers** Opting for LUCY's VPS or dedicated server hosting provides several benefits: * **Bandwidth**: A guaranteed bandwidth of 1 Gbyte. * **Public IP Address**: Reduces the risk of your infrastructure being blacklisted. * **Dedicated Full Root Access**: With an optimized operating system for peak performance. * **DNS Management**: Creation of necessary DNS entries to mitigate SPAM issues. * **Direct Access**: Ensures servers are not blocked by pre-existing security solutions. * **Application Checks**: Comprehensive testing to ensure seamless LUCY operation. * **Reduced Attack Surface**: Placing LUCY on the internet eliminates the need to modify internal firewall settings, aligning with secure zone principles and minimizing attack vectors. * **Simplified Integration**: Cloud-based LUCY servers are quicker to set up, facing fewer integration challenges with existing email, DNS, and firewall configurations. * **Direct Access**: Hosting servers in the cloud bypasses internal security obstacles, ensuring uninterrupted access. * **Public IP Address**: A cloud server provides a public IP address outside your network range, reducing the risk of having your infrastructure blacklisted. ### [](https://wiki.lucysecurity.com/guides/installing-lucy/on-premise-vs-cloud-installation#on-premise-installation-advantages) **On-Premise Installation Advantages:** * **Enhanced Security**: Hosting LUCY internally utilizes the existing security infrastructure (IDS, firewalls, etc.) to protect sensitive data (login credentials, usernames, emails) from unauthorized access. * **Integration with Backend Systems**: LUCY seamlessly integrates with various APIs (LDAP, REST, etc.) that are secured within the internal network and not exposed to the internet. * **Compliance with Legal Requirements**: Regulations like GDPR in Europe may restrict storing sensitive data on external servers, making on-premise installations necessary. ### [](https://wiki.lucysecurity.com/guides/installing-lucy/on-premise-vs-cloud-installation#placement-in-an-on-premise-installation) **Placement in an On-Premise Installation:** For on-premise setups, LUCY can be deployed within the intranet or a secured zone (DMZ). However, granting secure access for external users (e.g., mobile devices accessing phishing simulations or e-learning modules) directly from the intranet poses security risks. A web server exposed to the internet could serve as an entry point for attackers if vulnerabilities are exploited. ### [](https://wiki.lucysecurity.com/guides/installing-lucy/on-premise-vs-cloud-installation#recommended-configuration-for-on-premise-deployment) **Recommended Configuration for On-Premise Deployment**: * **Reverse Proxy Setup**: Use a LUCY instance as a reverse proxy in the DMZ, with the main application hosted securely within the intranet as the "master instance". This setup provides an extra layer of security by managing external access while keeping the core application protected inside the internal network. * **DMZ Installation**: For better security, install LUCY in a separate, secure zone within the DMZ. This configuration reduces direct exposure to the intranet. See our platform reference article on [Master/Slave deployment](https://wiki.lucysecurity.com/application-reference/settings/common-system-settings/web-proxy) [PreviousInstalling Lucy](https://wiki.lucysecurity.com/guides/installing-lucy) [NextArchitecture](https://wiki.lucysecurity.com/guides/installing-lucy/architecture) Last updated 1 year ago Was this helpful? * [Introduction](https://wiki.lucysecurity.com/guides/installing-lucy/on-premise-vs-cloud-installation#introduction) * [Cloud Installation Advantages:](https://wiki.lucysecurity.com/guides/installing-lucy/on-premise-vs-cloud-installation#cloud-installation-advantages) * [On-Premise Installation Advantages:](https://wiki.lucysecurity.com/guides/installing-lucy/on-premise-vs-cloud-installation#on-premise-installation-advantages) * [Placement in an On-Premise Installation:](https://wiki.lucysecurity.com/guides/installing-lucy/on-premise-vs-cloud-installation#placement-in-an-on-premise-installation) * [Recommended Configuration for On-Premise Deployment:](https://wiki.lucysecurity.com/guides/installing-lucy/on-premise-vs-cloud-installation#recommended-configuration-for-on-premise-deployment) Was this helpful? --- # Whitelisting | Lucy Awareness What is Whitelisting?[](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/whitelisting#what-is-whitelisting) Whitelisting involves allowing certain IP addresses to bypass an organization's defense systems, ensuring successful phishing simulations and awareness training. This requires adding the Lucy server IP and sender domain(s) to trusted sources in email gateways, anti-virus software, and web proxies, preventing simulated phishing emails from being blocked or marked as spam. > The main objective of a Security Awareness program is to evaluate the recipients' awareness, not the strength of your network defenses. Ensure your defensive systems allow traffic from your Lucy server so it isn't blocked. Below are quick guides for **Microsoft 365 (O365)** and **Google Workspace**. For more detailed information, refer to our [advanced whitelisting guides.](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server) **Google Workspace:** 1. Log in to `admin.google.com` and navigate to "Apps" -> "Google Workspace" -> "Gmail". 2. Under "Spam, phishing, and malware", add the Lucy IPv4 to "Email Allowlist" and save. 3. In the same menu, go to "Inbound Gateway". Add Lucy IPv4, activate Message Tagging, add a symbol set to the Regular Expression field, select "Disable Gmail spam evaluation on mail from this gateway", and save. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FdTgT86eNJmNbZTGLWDqB%252Fimage.png%3Falt%3Dmedia%26token%3De3369b1a-c77d-4dc2-a7de-b52cb1ee3667&width=768&dpr=4&quality=100&sign=81bfe66e&sv=2) **Microsoft 365 (O365):** 1. Open the Microsoft 365 Defender portal -> `security.microsoft.com` 2. Go to Email & Collaboration > Policies & Rules > Threat Policies. 3. In Advanced Delivery, under Phishing Simulation, click "Edit" to add the sending domain, the IP of Lucy, and the simulation URL. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FXGPcKs5vYorbgUQhhPdC%252Fimage.png%3Falt%3Dmedia%26token%3Dd3f7050f-1789-4738-afc9-93db67b1789a&width=768&dpr=4&quality=100&sign=39a8b515&sv=2) [PreviousReview](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/campaign-setup/review) [NextInstalling Lucy](https://wiki.lucysecurity.com/guides/installing-lucy) Last updated 1 year ago Was this helpful? Was this helpful? --- # Recipients | Lucy Awareness **Adding your recipients** Lucy offers several ways to add recipients within the platform. Using the wizard, you can either choose an existing group or create a new one. For additional details on how to create existing recipient groups with import capabilities, including automatic [LDAP](https://wiki.lucysecurity.com/application-reference/settings/common-system-settings/ldap-settings) or [Azure Entra ID](https://wiki.lucysecurity.com/application-reference/settings/common-system-settings/azure-applications) integration, please refer to our section on [recipients](https://wiki.lucysecurity.com/application-reference/users/recipient-groups) . In this scenario, we will choose the "New Group" option and input the recipient's name and email address. This process can be repeated to add more recipients. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252Fca1dmAztFclGGEcPRrIQ%252Fimage.png%3Falt%3Dmedia%26token%3D8907edfa-c716-4f2f-8615-a6df8e8974f1&width=768&dpr=4&quality=100&sign=c4ce5bf6&sv=2) Click "Next" once all recipients have been added. [PreviousAwareness Settings](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/campaign-setup/awareness-settings) [NextReview](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/campaign-setup/review) Last updated 1 year ago Was this helpful? Was this helpful? --- # Awareness Settings | Lucy Awareness **3.4** **Adding an Awareness Template to Your Campaign** Select **Add Awareness Training** located beneath the attack email editor. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FDLDlvx5ymC16GqX2LyxM%252Fimage.png%3Falt%3Dmedia%26token%3D51f4bfbe-3794-432d-b627-466e0fe5fd03&width=768&dpr=4&quality=100&sign=2c334aaf&sv=2) You will be redirected to the Awareness Template Gallery, where you can search for, preview, and select templates that detail the awareness training. To complement the AI-simulated attack, find a template that focuses on the specific attack vector used. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FgPqaRKOyCNED6umn9Fzt%252Fimage.png%3Falt%3Dmedia%26token%3Df5f7695b-4c03-441f-a8d6-c60360bb31d0&width=768&dpr=4&quality=100&sign=33faf4f1&sv=2) Preview the Awareness Template[](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/campaign-setup/awareness-settings#preview-the-awareness-template) Similar to the Attack template gallery, you can dynamically preview both the email and landing page templates for your Awareness training. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FEkB5PBAeIZUlRbMOIWxZ%252Fimage.png%3Falt%3Dmedia%26token%3Dba884efc-1cdb-47b3-a651-d0ffcf02394a&width=300&dpr=4&quality=100&sign=61726bab&sv=2) **4.1** Awareness Settings: Next, define the Awareness domain and email settings. This section is found below the Attack email template editor. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FmZtuaq8feocRMsC7XNvS%252Fimage.png%3Falt%3Dmedia%26token%3D5099d1a3-4ff4-47e0-9d19-588694cc80d1&width=768&dpr=4&quality=100&sign=d357ced8&sv=2) **Domain ->** You can either use the default system domain or send the awareness from a trusted domain. Awareness Domain Hints[](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/campaign-setup/awareness-settings#awareness-domain-hints) When directing recipients to Awareness content, it's important to associate a familiar and trusted domain. Recipients, having just completed a successful phishing simulation, may be wary of clicking unfamiliar links. Using a known domain can reduce this hesitation and increase engagement with the training material. There are two methods to accomplish this: 1. You can send emails from a domain associated with your company using the internal Lucy mail server. Please make sure that all necessary DNS records are correctly configured and pointing to your Lucy server before initiating the campaign. For more details, refer to our [domain section](https://wiki.lucysecurity.com/application-reference/settings/common-system-settings/domains) . 2. You can directly authenticate to your company SMTP server to send the training directly from your internal mail server, refer to our [SMTP section](https://wiki.lucysecurity.com/application-reference/settings/common-system-settings/smtp-servers) . **4.2** Adjust the Awareness email body: Lucy comes with generic email responses. It is highly encouraged to personalize these Awareness Training emails according to your company's branding and ethos. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252Fdqua6I892CCInNOiZv2d%252Fimage.png%3Falt%3Dmedia%26token%3D88d0a784-4a57-4953-a240-34de8099a337&width=768&dpr=4&quality=100&sign=35ac534b&sv=2) **4.3** Click 'Next' [PreviousAttack Settings](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/campaign-setup/attack-settings) [NextRecipients](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/campaign-setup/recipients) Last updated 1 year ago Was this helpful? Was this helpful? --- # Architecture | Lucy Awareness ### [](https://wiki.lucysecurity.com/guides/installing-lucy/architecture#overview) Overview This document outlines the key structural elements and settings of Lucy. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FwQ2eFdjMcv1HtIJme6S6%252Fimage.png%3Falt%3Dmedia%26token%3Df59a0fb1-0b5c-4dc0-acc9-d29129f62395&width=768&dpr=4&quality=100&sign=dad49379&sv=2) "LUST" is the central licensing and content server managed by Lucy Security. ### [](https://wiki.lucysecurity.com/guides/installing-lucy/architecture#operating-system) Operating System * **Ubuntu 20.04.4 LTS**: Lucy operates on a 64-bit Ubuntu 20.04.4 LTS system, without any additional patches or hardening. Updates are managed through a self-hosted repository mirror. ### [](https://wiki.lucysecurity.com/guides/installing-lucy/architecture#web-server) Web Server * **Apache 2.4.41**: Utilizes "mod-security" and "mod-headers" for enhanced security. ### [](https://wiki.lucysecurity.com/guides/installing-lucy/architecture#database) Database * **PostgreSQL 14.8**: Stores all related data with AES-256-CBC encryption at the column level. ### [](https://wiki.lucysecurity.com/guides/installing-lucy/architecture#intermediary-storage) Intermediary Storage * **Redis 5.0.7**: Used as a task queue for passing data between users and system workers. ### [](https://wiki.lucysecurity.com/guides/installing-lucy/architecture#application) Application * **PHP v8.2.6 and Python 3.8.10**: Lucy is primarily a PHP application using the Yii Framework, with some background scripts in Python. ### [](https://wiki.lucysecurity.com/guides/installing-lucy/architecture#security) Security * **OWASP Top 10 / 2017**: Adheres to OWASP security standards. * **Firewall and SSL**: Custom [firewall rules](https://wiki.lucysecurity.com/application-reference/settings/common-system-settings/firewall) and [SSL configurations](https://wiki.lucysecurity.com/application-reference/settings/common-system-settings/ssl-settings) . * **User Accounts**: "phishing" and "support" accounts for specific functions and support purposes. ### [](https://wiki.lucysecurity.com/guides/installing-lucy/architecture#folders) Folders * **/opt/phishing**: Main directory containing system code, user files, and settings. ### [](https://wiki.lucysecurity.com/guides/installing-lucy/architecture#logs) Logs * **Apache Logs**: Located in `/var/logs/apache2`. * **Application Logs**: Located in `/opt/phishing/runtime`. ### [](https://wiki.lucysecurity.com/guides/installing-lucy/architecture#critical-services) Critical Services * **Services**: Apache2, PostgreSQL, Redis-server, and Supervisor are critical services. ### [](https://wiki.lucysecurity.com/guides/installing-lucy/architecture#installation-and-updates) Installation and Updates Docker-based installation with seamless updates via APT within the container. * Containers share the host OS kernel, enabling rapid startup and efficient RAM usage. * Uses layered filesystems for efficient disk usage and image downloads. * Ensures application isolation, running as a separate process in userspace. * Not bound to specific infrastructure, allowing operation on any computer, infrastructure, or cloud. ### [](https://wiki.lucysecurity.com/guides/installing-lucy/architecture#network-communication) Network Communication * **Outbound Communication**: Required by LUCY for license server updates, vulnerability checks, and various optional services. * **License Server (LUST)**: Updates and templates over HTTPS. * **Vulnerability Checks**: Port 80 connection to static.nvd.nist.gov for NIST CVE database. * **Update Servers**: Access to update.phishing-server.com and update1.phishing-server.com on ports 80 and 443. * **Optional Services**: DNS, URL shortening * **Inbound Communication**: Requires ports 80 and 443 for web access and port 25 for email replies. * **Malware Simulation Communication**: Uses HTTP/HTTPS for data collection during simulations. [PreviousOn-Premise vs Cloud Installation](https://wiki.lucysecurity.com/guides/installing-lucy/on-premise-vs-cloud-installation) [NextHardware Requirements](https://wiki.lucysecurity.com/guides/installing-lucy/hardware-requirements) Last updated 27 days ago Was this helpful? * [Overview](https://wiki.lucysecurity.com/guides/installing-lucy/architecture#overview) * [Operating System](https://wiki.lucysecurity.com/guides/installing-lucy/architecture#operating-system) * [Web Server](https://wiki.lucysecurity.com/guides/installing-lucy/architecture#web-server) * [Database](https://wiki.lucysecurity.com/guides/installing-lucy/architecture#database) * [Intermediary Storage](https://wiki.lucysecurity.com/guides/installing-lucy/architecture#intermediary-storage) * [Application](https://wiki.lucysecurity.com/guides/installing-lucy/architecture#application) * [Security](https://wiki.lucysecurity.com/guides/installing-lucy/architecture#security) * [Folders](https://wiki.lucysecurity.com/guides/installing-lucy/architecture#folders) * [Logs](https://wiki.lucysecurity.com/guides/installing-lucy/architecture#logs) * [Critical Services](https://wiki.lucysecurity.com/guides/installing-lucy/architecture#critical-services) * [Installation and Updates](https://wiki.lucysecurity.com/guides/installing-lucy/architecture#installation-and-updates) * [Network Communication](https://wiki.lucysecurity.com/guides/installing-lucy/architecture#network-communication) Was this helpful? --- # Microsoft O365 Whitelisting | Lucy Awareness To create, modify, or remove settings in an advanced delivery policy, you need to be a member of the specific role groups. Microsoft's new "secure by default" feature may affect your current whitelisting rules. Use Advanced Delivery Policies to whitelist emails for phishing simulations. * * * ### [](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/microsoft-o365-whitelisting#avoid-spam-issues-related-to-office-365) **Avoid Spam Issues Related to Office 365** **How are Phishing Simulation Emails Whitelisted in O365?** Microsoft has a centralized configuration for phishing campaigns in Exchange Online Protection Policies. The Advanced Delivery section allows configuring Phishing Simulations with specific domain names and senders. Since mid-2021, changes to mail flow and filtering mean exceptions in mail flow rules are optional, and security defaults are enforced, blocking 'High Confidence Phish' emails from passing through Exchange Online Rules. For more details, refer to the following resources: * [Mastering Configuration in Defender for Office 365](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/mastering-configuration-in-defender-for-office-365-part-two/ba-p/2307134) * [Configure Advanced Delivery](https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-advanced-delivery?view=o365-worldwide) * * * Navigate to the configuration via the [Microsoft 365 Defender portal](https://security.microsoft.com/) -> [security.microsoft.com](https://security.microsoft.com/) **Adding Sending Domain and Sending IP to Whitelist** * Open the Microsoft 365 Defender Portal * Navigate to "Email & Collaboration": * Go to Policies & Rules -> Threat policies. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FcjZgpEFePHgZloOc3Fei%252Fimage.png%3Falt%3Dmedia%26token%3D6eac4b25-de0f-4798-8a73-71545711fe1c&width=768&dpr=4&quality=100&sign=759f32d1&sv=2) * Select Advanced Delivery. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252F0YM8d31ufhvkZTVqLKpZ%252Fimage.png%3Falt%3Dmedia%26token%3Dda61f479-fd7c-44b7-a768-650c648ab4f1&width=768&dpr=4&quality=100&sign=7f0ce46d&sv=2) * * * **Configure Phishing Simulation:** * On the Advanced delivery page, go to the Phishing Simulation tab. Click the Edit icon or, if no phishing simulations are configured, click Add. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252F8dz8YT2UXJTW31KHFOkz%252Fimage.png%3Falt%3Dmedia%26token%3D0bde84b5-cbe4-47a3-9d84-0332d520e7d3&width=768&dpr=4&quality=100&sign=c60b5ade&sv=2) **Edit Phishing Simulation Settings:** In the Edit third-party phishing simulation modal, adjust the following settings: * **Sending Domain:** Enter at least one sending domain used as the sender email in Lucy. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FKkjAz5eblG4PzBhxQfSz%252Fimage.png%3Falt%3Dmedia%26token%3D9fa6a306-9104-4e7e-9b54-401942f4644e&width=768&dpr=4&quality=100&sign=b6a679c4&sv=2) * **Sending IP:** Enter the sending IP address of your Lucy instance. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252Fwis4pS4AUa7jkrcCpseB%252Fimage.png%3Falt%3Dmedia%26token%3D638b077f-9708-454f-85f5-d5248d21ced3&width=768&dpr=4&quality=100&sign=b85a85da&sv=2) * **Specific URLs (optional):** Enter specific URLs that are part of your phishing simulation campaign using the recommended URL syntax format: `example.com/*` ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FPWPasrSUUCQU05wbVGrn%252Fimage.png%3Falt%3Dmedia%26token%3D699e9cad-8124-45d0-a700-b96a9523d549&width=768&dpr=4&quality=100&sign=afab0ca9&sv=2) **Save Changes:** * Click Add for all options and Save **Propagation Time:** * Wait at least 30 minutes for changes to propagate before starting any phishing campaigns. [PreviousGoogle Workspace Whitelisting](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/google-workspace-whitelisting) [NextFile Attack Whitelisting](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/file-attack-whitelisting) Last updated 1 year ago Was this helpful? Was this helpful? --- # Attack Simulations | Lucy Awareness [Attack Types](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types) [Attack Template Customization](https://wiki.lucysecurity.com/guides/attack-simulations/attack-template-customization) [Firewall Protection Interval](https://wiki.lucysecurity.com/guides/attack-simulations/firewall-protection-interval) [Email Tracking Technologies](https://wiki.lucysecurity.com/guides/attack-simulations/email-tracking-technologies) [Advanced Information Gathering](https://wiki.lucysecurity.com/guides/attack-simulations/advanced-information-gathering) [Regular Expressions in Login Fields](https://wiki.lucysecurity.com/guides/attack-simulations/regular-expressions-in-login-fields) [Copy a Website](https://wiki.lucysecurity.com/guides/attack-simulations/copy-a-website) [Redirecting Users](https://wiki.lucysecurity.com/guides/attack-simulations/redirecting-users) [PreviousFile Attack Whitelisting](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/file-attack-whitelisting) [NextAttack Types](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types) Was this helpful? Was this helpful? --- # Network Communication | Lucy Awareness LUCY may initiate or require certain communication channels to servers on the internet. Below is an overview of these requirements. * * * [](https://wiki.lucysecurity.com/guides/installing-lucy/network-communication#outbound-communication) Outbound Communication --------------------------------------------------------------------------------------------------------------------------------- ### [](https://wiki.lucysecurity.com/guides/installing-lucy/network-communication#general-communication-types) General Communication Types 1. **First-Time Use**: During the first installation, LUCY connects via HTTP to obtain the workstation key and ID. No data beyond the current build version is transmitted. 2. **Updates**: LUCY connects to our update server and Ubuntu repository mirror. 3. **SSH**: When SSH is enabled via the Help menu, LUCY initiates an outbound SSH connection to our SSH Jump Host. This feature is disabled by default. 4. **Campaign Checks**: LUCY connects to fixed servers to test campaign settings and internet reachability via HTTP/HTTPS. No data is transmitted during these tests. 5. **Campaign Execution**: LUCY may communicate via SMTP (Port 25 or 465) when sending emails over the internet. 6. **Vulnerability Detection**: To enable this feature, allow Port 80 access to `static.nvd.nist.gov` (129.6.13.177) for downloading the NIST CVE database. ### [](https://wiki.lucysecurity.com/guides/installing-lucy/network-communication#outbound-ports-and-ips) Outbound Ports & IPs IP Address/Domain Function Port Protocol 162.55.130.83 (update.phishing-server.com) Update/License Server, HTTP Proxy 80/443 TCP 162.55.130.83 (update.phishing-server.com) Linux Repository 80 TCP 8.8.8.8 (or any DNS server) DNS Server 53 UDP nvd.nist.gov NIST CVE Database (Optional) 443 TCP 0.0.0.0 (Any) Mail Communication (Optional) 25 TCP 116.203.185.12 (changelog.lucysecurity.com) Fetch Update News (Optional) 80 TCP is.gd URL Shortening Service (Optional) 443 TCP api-ssl.bitly.com URL Shortening Service (Optional) 443 TCP api.authy.com Two-Factor Authentication (Optional) 443 TCP LUCY version ≥ 5.0 requires dynamic IP access to `update1.phishing-server.com`. Create an allow rule for the domain name. * * * [](https://wiki.lucysecurity.com/guides/installing-lucy/network-communication#inbound-communication) Inbound Communication ------------------------------------------------------------------------------------------------------------------------------- To access LUCY from the internet, specific ports must be open: Source IP Destination Port Protocol Comment ANY Your LUCY Server IP 80/443 (HTTP/HTTPS) TCP Required for accessing landing pages and certificate verification. ANY Your LUCY Server IP 25 (SMTP) TCP Only needed for catching email replies. * * * [](https://wiki.lucysecurity.com/guides/installing-lucy/network-communication#malware-simulation-communication) Malware Simulation Communication ----------------------------------------------------------------------------------------------------------------------------------------------------- The malware simulation tool uses the default browser (in hidden mode) to send collected data to LUCY via HTTP or HTTPS. For SSL-enabled campaigns, HTTPS is used automatically. The tool is compatible with environments requiring proxy authentication for internet access. [PreviousHardware Requirements](https://wiki.lucysecurity.com/guides/installing-lucy/hardware-requirements) [NextInstalling Lucy](https://wiki.lucysecurity.com/guides/installing-lucy/installing-lucy) Last updated 1 year ago Was this helpful? * [Outbound Communication](https://wiki.lucysecurity.com/guides/installing-lucy/network-communication#outbound-communication) * [General Communication Types](https://wiki.lucysecurity.com/guides/installing-lucy/network-communication#general-communication-types) * [Outbound Ports & IPs](https://wiki.lucysecurity.com/guides/installing-lucy/network-communication#outbound-ports-and-ips) * [Inbound Communication](https://wiki.lucysecurity.com/guides/installing-lucy/network-communication#inbound-communication) * [Malware Simulation Communication](https://wiki.lucysecurity.com/guides/installing-lucy/network-communication#malware-simulation-communication) Was this helpful? --- # Whitelisting a Lucy Server | Lucy Awareness ### [](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server#introduction) Introduction Whitelisting is vital for effective phishing simulations. By whitelisting your Lucy server in email clients, simulation emails bypass scanning or quarantine, ensuring they reach users' inboxes. This helps focus on employees' ability to recognize phishing attempts instead of testing email defenses. * * * ### [](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server#whitelisting-guides) Whitelisting Guides Below are some articles to help you implement whitelisting for your mail client: [](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/google-workspace-whitelisting) ![Cover](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FNuyUZi4rBmlAvPKSBVVR%252Fgoogle2.0.0.1441125613.jpg%3Falt%3Dmedia%26token%3Df0a623ec-e7f0-432d-a674-322c97ef1edd&width=490&dpr=4&quality=100&sign=bf868564&sv=2) **Google Workspace** [](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/microsoft-o365-whitelisting) ![Cover](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FgihoRiVtiTSvB7OmslOM%252FOffice_365-Logo.wine.png%3Falt%3Dmedia%26token%3D3c033d0e-af1c-4f13-bb83-580098fe15f2&width=490&dpr=4&quality=100&sign=681fec9&sv=2) **Microsoft O365** [](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/file-attack-whitelisting) ![Cover](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FHaUp6yPp4slW7TSFjQmS%252Fgrouppolicy.png%3Falt%3Dmedia%26token%3Dc21b7e2c-1d85-4834-b78e-9e400380f154&width=490&dpr=4&quality=100&sign=333d6f89&sv=2) **File Attack Whitelisting** * * * [PreviousManaging Google SafeBrowsing Alerts](https://wiki.lucysecurity.com/guides/manage-blacklisted-domains/managing-google-safebrowsing-alerts) [NextGoogle Workspace Whitelisting](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/google-workspace-whitelisting) Last updated 1 year ago Was this helpful? * [Introduction](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server#introduction) * [Whitelisting Guides](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server#whitelisting-guides) Was this helpful? --- # Installing Lucy | Lucy Awareness [](https://wiki.lucysecurity.com/guides/installing-lucy/installing-lucy#time-required) Time Required --------------------------------------------------------------------------------------------------------- Installation takes approximately 30-60 minutes, depending on your internet speed. * * * [](https://wiki.lucysecurity.com/guides/installing-lucy/installing-lucy#installing-with-docker) Installing with Docker --------------------------------------------------------------------------------------------------------------------------- Install the host OS, see our list of supported operating systems [here](https://wiki.lucysecurity.com/guides/installing-lucy/hardware-requirements) . Download the installation file: **For Ubuntu 20.04:** Copy wget https://download.phishing-server.com/dl/lucy-latest/install-20.04.sh **For Ubuntu 22.04:** Copy wget https://download.phishing-server.com/dl/lucy-latest/install-22.04.sh ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252Fv8gqzavxsdvpW1rvhR8f%252Fimage.png%3Falt%3Dmedia%26token%3D7a02b7bc-e539-4a50-b328-710cdad59be8&width=768&dpr=4&quality=100&sign=1659b9f6&sv=2) Overview of install\_script.sh[](https://wiki.lucysecurity.com/guides/installing-lucy/installing-lucy#overview-of-install_script.sh) This script is a comprehensive Bash installation and management script for deploying a Lucy server, which uses Docker containers. #### [](https://wiki.lucysecurity.com/guides/installing-lucy/installing-lucy#high-level-overview) High-Level Overview 1. **Pre-Installation Checks**: * Verifies system prerequisites like kernel version, system architecture, and necessary ports availability. The script uses `set -e` to exit on any error. 2. **Docker Installation and Configuration**: * Checks for existing Docker installation and installs it if absent. * Handles specific configurations like storage types and network ports. * Manages and configures Docker containers specifically for Lucy, setting up necessary volumes and ports. 3. **Lucy Installation**: * Checks for sufficient disk space. * Pulls the Lucy Docker image and runs it with necessary parameters. * Configures system settings within the Docker container to integrate Lucy effectively. #### [](https://wiki.lucysecurity.com/guides/installing-lucy/installing-lucy#notes) Notes * This script is highly specific to systems compatible with Docker and expects certain Linux kernel versions and architectures. * It provides extensive error handling and user prompts to ensure that installations and changes are made explicitly with user consent and awareness. Make the file executable: Execute the file: ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FnpvI7ybewCkTPsAhqTVe%252Fimage.png%3Falt%3Dmedia%26token%3D11ed7700-c92d-4cdd-a72d-b6f8576516df&width=768&dpr=4&quality=100&sign=f8756a3d&sv=2) Installation completed successfully: ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FY2U3XSVNx2iLRtrhDlBM%252Fimage.png%3Falt%3Dmedia%26token%3D931c895c-02e9-401e-aec4-53078a52d6c2&width=768&dpr=4&quality=100&sign=db54483c&sv=2) Verify if your Lucy container is running: ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FlIytOV8zySiG0z5wsjMc%252Fimage.png%3Falt%3Dmedia%26token%3D9054be7f-1bee-4221-b179-8d799ca75005&width=768&dpr=4&quality=100&sign=842d66bd&sv=2) [](https://wiki.lucysecurity.com/guides/installing-lucy/installing-lucy#installing-with-vmware-or-virtualbox) Installing with VMware or Virtualbox ------------------------------------------------------------------------------------------------------------------------------------------------------- We supply preconfigured virtual images for VMware and VirtualBox. Simply download the image and deploy it in your preferred solution. ### [](https://wiki.lucysecurity.com/guides/installing-lucy/installing-lucy#vmware) VMware ESXi: [https://download.phishing-server.com/dl/phishing-5.6/esxi.ova](https://download.phishing-server.com/dl/phishing-5.6/esxi.ova) OVF: [https://download.phishing-server.com/dl/phishing-5.6/esxi\_ovf.zip](https://download.phishing-server.com/dl/phishing-5.6/esxi_ovf.zip) ### [](https://wiki.lucysecurity.com/guides/installing-lucy/installing-lucy#virtualbox) VirtualBox [https://download.phishing-server.com/dl/lucy-latest/virtualbox.zip](https://download.phishing-server.com/dl/lucy-latest/virtualbox.zip) Be sure to set the network mode to "Bridged" for all of the above VM solutions. [PreviousNetwork Communication](https://wiki.lucysecurity.com/guides/installing-lucy/network-communication) [NextPost Installation](https://wiki.lucysecurity.com/guides/installing-lucy/post-installation) Last updated 26 days ago Was this helpful? * [Time Required](https://wiki.lucysecurity.com/guides/installing-lucy/installing-lucy#time-required) * [Installing with Docker](https://wiki.lucysecurity.com/guides/installing-lucy/installing-lucy#installing-with-docker) * [Installing with VMware or Virtualbox](https://wiki.lucysecurity.com/guides/installing-lucy/installing-lucy#installing-with-vmware-or-virtualbox) * [VMware](https://wiki.lucysecurity.com/guides/installing-lucy/installing-lucy#vmware) * [VirtualBox](https://wiki.lucysecurity.com/guides/installing-lucy/installing-lucy#virtualbox) Was this helpful? Copy sudo chmod +x install.sh Copy sudo ./install.sh Copy docker ps --- # Awareness Training | Lucy Awareness [Awareness Template Customization](https://wiki.lucysecurity.com/guides/awareness-training/awareness-template-customization) [Awareness Only Campaigns](https://wiki.lucysecurity.com/guides/awareness-training/awareness-only-campaigns) [Use extended method of tracking the end of the quiz](https://wiki.lucysecurity.com/guides/awareness-training/use-extended-method-of-tracking-the-end-of-the-quiz) Was this helpful? Was this helpful? --- # Attack Types | Lucy Awareness [Data Entry Attack](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/data-entry-attack) [Hyperlink Attack](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/hyperlink-attack) [File Attack](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/file-attack) [Portable Media](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/portable-media) [Smishing](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/smishing) [Lures](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/lures) [QR Codes](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/qr-codes) [Ransomware Emulation](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/ransomware-emulation) [Technical Malware Test](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/technical-malware-test) [Mail & Web Filter Test](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/mail-and-web-filter-test) [Email Spoofing Test](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/email-spoofing-test) [PreviousAttack Simulations](https://wiki.lucysecurity.com/guides/attack-simulations) [NextData Entry Attack](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/data-entry-attack) Last updated 1 year ago Was this helpful? Was this helpful? --- # Hardware Requirements | Lucy Awareness ### [](https://wiki.lucysecurity.com/guides/installing-lucy/hardware-requirements#supported-operating-system-for-docker-installation) Supported Operating System for Docker Installation LUCY runs on Docker. Docker Engine is supported on Linux, Cloud, Windows, and OS X. What is Docker?[](https://wiki.lucysecurity.com/guides/installing-lucy/hardware-requirements#what-is-docker) [**Docker**](https://docs.docker.com/get-started/overview/) is a platform that allows developers to automate the deployment of applications inside lightweight, portable, self-sufficient containers. These containers can run on any system that has Docker installed, ensuring that the software works consistently across different environments. **Key Features of Docker:** * **Portability:** Docker containers can be run on any machine with Docker installed, making it easy to move Lucy between environments. * **Isolation:** Each Docker container runs in isolation, which means it doesn't interfere with other containers or the host system. * **Efficiency:** Containers share the host system's kernel, making them more lightweight and faster to start compared to traditional virtual machines. #### [](https://wiki.lucysecurity.com/guides/installing-lucy/hardware-requirements#how-lucy-uses-docker) How Lucy Uses Docker Using Docker, Lucy can be deployed consistently and efficiently across different systems. Here's how Docker is used in the context of Lucy: 1. **Containerization:** Lucy is packaged as a Docker container, which includes all the necessary software and dependencies. This ensures that Lucy runs the same way on any system with Docker installed. 2. **Port Management:** The installer script ensures that the necessary network ports (25, 80, and 443) are available and not used by other services. These ports, such as handling web traffic and email communications, are essential for Lucy's operations. 3. **Automated Installation:** The installer script automates setting up Docker (if it's not already installed) and configuring it to run Lucy. This reduces the complexity of installation and ensures that all necessary steps are followed correctly. 4. **Isolation and Security:** Running Lucy in a Docker container isolates it from other applications on the host system. This improves security and reduces the risk of conflicts with other software. ### [](https://wiki.lucysecurity.com/guides/installing-lucy/hardware-requirements#supported-linux-distributions) Supported Linux Distributions * **Ubuntu**: 20.04 LTS, 22.04 LTS * **Debian**: 9.x, 10.x (Legacy) * **Red Hat/CentOS**: 9.x Other Operating Systems[](https://wiki.lucysecurity.com/guides/installing-lucy/hardware-requirements#other-operating-systems) Virtualization platforms such as VMware or VirtualBox are compatible with most common operating systems. Users are encouraged to refer to their specific vendor's documentation for detailed compatibility information. **Compatibility with Operating Systems and Platforms:** Docker containers support a wide range of environments, including but not limited to: * Amazon EC2 * Arch Linux * CentOS * CRUX Linux * Fedora * FrugalWare * Gentoo * IBM SoftLayer * Install on Joyent Public Cloud * Mac OS X * Microsoft Azure platform * Oracle Linux * Rackspace Cloud * Red Hat Enterprise Linux * openSUSE and SUSE Linux Enterprise * Ubuntu * Windows ### [](https://wiki.lucysecurity.com/guides/installing-lucy/hardware-requirements#supported-browsers) Supported Browsers: LUCY's phishing and awareness templates are designed to function seamlessly across a wide range of browsers to ensure broad accessibility for users. Here’s a list of supported browsers: * **Browsers:** * Chrome (desktop and mobile) * Firefox (desktop and mobile) * Microsoft Edge (desktop and mobile) * Opera (desktop and mobile) * Safari (desktop and mobile) * * * ### [](https://wiki.lucysecurity.com/guides/installing-lucy/hardware-requirements#hardware-requirements) Hardware Requirements #### [](https://wiki.lucysecurity.com/guides/installing-lucy/hardware-requirements#small-campaigns-up-to-2000-recipients) Small Campaigns (up to 2000 recipients) * **RAM**: 8 GB * **CPU**: 4 Core * **Hard Disk**: 100 GB #### [](https://wiki.lucysecurity.com/guides/installing-lucy/hardware-requirements#medium-campaigns-up-to-50-000-recipients) Medium Campaigns (up to 50,000 recipients) * **RAM**: 16 GB * **CPU**: 8 Core * **Hard Disk**: 300 GB #### [](https://wiki.lucysecurity.com/guides/installing-lucy/hardware-requirements#large-campaigns-up-to-100-000-recipients) Large Campaigns (up to 100,000 recipients) * **RAM**: 32 GB * **CPU**: 16 Core * **Hard Disk**: 500 GB Hardware **Recommendations**[](https://wiki.lucysecurity.com/guides/installing-lucy/hardware-requirements#hardware-recommendations) * **Initial Setup:** Ensure that your initial hardware setup meets the minimum requirements for your expected campaign size. It's better to allocate more resources upfront to avoid performance bottlenecks. * **Storage Planning:** Given the potential need for additional templates and the data generated by campaigns, planning for ample storage from the beginning is wise. Consider future expansion when selecting your hard disk size. * **Use Built-in Tools:** Regularly utilize LUCY's [performance testing](https://wiki.lucysecurity.com/application-reference/support/system-tests/performance-test) and [monitoring tools](https://wiki.lucysecurity.com/application-reference/support/status/system-monitoring) to keep your system running efficiently. These tools can provide valuable insights into how well your hardware is coping with the demands of your campaigns. * **Flexible Scaling:** If you are hosting your LUCY instance on a VPS, take advantage of the ability to scale your resources as needed. This can be particularly useful for handling peak loads during large campaigns. **VPS Hosting** For users opting for a Virtual Private Server (VPS) hosted by LUCY: * **Dynamic Resource Scaling.** LUCY provides the capability to automatically scale computing resources, including CPU and RAM, to meet the demands of your campaign. This feature ensures optimal performance of campaigns by adjusting resources in real time, eliminating the need for manual adjustments. In case of hardware limitations, users are encouraged to contact the [support department](https://wiki.lucysecurity.com/contact-us) for assistance in scaling their Virtual Private Server (VPS). [PreviousArchitecture](https://wiki.lucysecurity.com/guides/installing-lucy/architecture) [NextNetwork Communication](https://wiki.lucysecurity.com/guides/installing-lucy/network-communication) Last updated 8 months ago Was this helpful? * [Supported Operating System for Docker Installation](https://wiki.lucysecurity.com/guides/installing-lucy/hardware-requirements#supported-operating-system-for-docker-installation) * [Supported Linux Distributions](https://wiki.lucysecurity.com/guides/installing-lucy/hardware-requirements#supported-linux-distributions) * [Hardware Requirements](https://wiki.lucysecurity.com/guides/installing-lucy/hardware-requirements#hardware-requirements) Was this helpful? --- # Firewall Protection Interval | Lucy Awareness [PreviousAttack Template Customization](https://wiki.lucysecurity.com/guides/attack-simulations/attack-template-customization) [NextEmail Tracking Technologies](https://wiki.lucysecurity.com/guides/attack-simulations/email-tracking-technologies) Was this helpful? Was this helpful? --- # Email Tracking Technologies | Lucy Awareness ### [](https://wiki.lucysecurity.com/guides/attack-simulations/email-tracking-technologies#introduction) Introduction Tracking email opens can be achieved through various technologies: **Read-receipts:** Employed by applications like Microsoft Office Outlook and Mozilla Thunderbird, this technology allows senders to request a notification when an email is opened. However, it is not supported by web-based mail clients or mobile devices, and users can disable this feature or ignore the requests. **Tracking Images (Tracking Pixels):** These are tiny (often 1x1 pixel) GIF files embedded in emails, known as beacons. When the email is opened, the pixel loads the GIF from a server, logging an event that indicates the email has been opened. However, if the mail client has disabled automatic image loading, the tracking will not work. **Link Tracking:** This involves embedding unique identifiers in links within the email. When a recipient clicks on a link, the event is logged, providing reliable data on user engagement. ### [](https://wiki.lucysecurity.com/guides/attack-simulations/email-tracking-technologies#lucys-approach-to-tracking-opened-emails) **LUCY's approach to Tracking opened emails** LUCY employs tracking images and link tracking but avoids read-receipts due to their limited reliability and perceived intrusiveness. Link tracking is highly effective as it automatically provides data based on link interactions. It is enabled by default and requires no manual setup. ### [](https://wiki.lucysecurity.com/guides/attack-simulations/email-tracking-technologies#challenges-with-tracking-pixels) **Challenges with Tracking Pixels** * **Automatic Image Loading Disabled:** If the recipient's email client has disabled automatic image loading, the tracking pixel will not load, and no open event will be logged. * **Preliminary Image Downloading:** Some email clients may download external content preemptively for caching or security, which might falsely indicate an email as opened. ### [](https://wiki.lucysecurity.com/guides/attack-simulations/email-tracking-technologies#configuration) **Configuration** Email tracking settings can be adjusted within the [scenario settings of a campaign](https://wiki.lucysecurity.com/application-reference/campaigns/campaign-settings/main-settings/attack-simulation#advanced-tracking) , allowing for tailored tracking strategies based on campaign goals and the technology's limitations. [PreviousFirewall Protection Interval](https://wiki.lucysecurity.com/guides/attack-simulations/firewall-protection-interval) [NextAdvanced Information Gathering](https://wiki.lucysecurity.com/guides/attack-simulations/advanced-information-gathering) Last updated 1 year ago Was this helpful? * [Introduction](https://wiki.lucysecurity.com/guides/attack-simulations/email-tracking-technologies#introduction) * [LUCY's approach to Tracking opened emails](https://wiki.lucysecurity.com/guides/attack-simulations/email-tracking-technologies#lucys-approach-to-tracking-opened-emails) * [Challenges with Tracking Pixels](https://wiki.lucysecurity.com/guides/attack-simulations/email-tracking-technologies#challenges-with-tracking-pixels) * [Configuration](https://wiki.lucysecurity.com/guides/attack-simulations/email-tracking-technologies#configuration) Was this helpful? --- # Google Workspace Whitelisting | Lucy Awareness Several options in Google Workspace can be adjusted to improve the phishing simulation experience with Lucy. Follow the steps below to whitelist emails and ensure they are not flagged as spam. * * * ### [](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/google-workspace-whitelisting#whitelisting-emails-from-lucy) **Whitelisting Emails from Lucy** **Log into Google Admin Console:** * Go to [admin.google.com](https://admin.google.com/) . * Navigate to "Apps". * Navigate to Google Workspace * Click on "Gmail". ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FztM8FcuRQfbrI93KkzNI%252Fimage.png%3Falt%3Dmedia%26token%3Dcf0e50f8-586b-403a-a3e6-626847f332da&width=768&dpr=4&quality=100&sign=2f4cb0a3&sv=2) * Scroll to the bottom and select "Spam, phishing, and malware". ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FghGEbizLDPbHZK4m4gHg%252Fimage.png%3Falt%3Dmedia%26token%3D0dba0bea-289d-4876-b9c9-74aad284eb6a&width=768&dpr=4&quality=100&sign=d7a5a0a7&sv=2) * Add Lucy's IPv4 address to the "Email Allowlist". * Click "Save". ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252Fh5nWMexv4WGtWq5MqOTR%252Fimage.png%3Falt%3Dmedia%26token%3D39dc0263-c753-4d90-809a-b7aceddd1ef8&width=768&dpr=4&quality=100&sign=c53d04d7&sv=2) * * * ### [](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/google-workspace-whitelisting#bypassing-spam-by-email-header) **Bypassing Spam by Email Header** To ensure emails from Lucy are not flagged as spam, configure Google Workspace to bypass spam detection based on specific email headers. If you whitelist using this method, [test emails](https://wiki.lucysecurity.com/application-reference/support/system-tests/test-email) will still not arrive because it will not contain these campaign headers. **Compliance Settings:** * Go back to -> Google Workspace -> Gmail - Scroll to the bottom and select "Compliance". ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FFVNYLYpyNvPX7Q1Eb85e%252Fimage.png%3Falt%3Dmedia%26token%3D1942bcf1-0622-4d7a-a315-aea28489f948&width=768&dpr=4&quality=100&sign=97fbd53c&sv=2) Scroll down to "Content Compliance" * Click "Configure". ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FWgYd5nEuUJfxcFv64PXI%252Fimage.png%3Falt%3Dmedia%26token%3D45f95cab-1928-4b1f-b846-df6966ba9e3a&width=768&dpr=4&quality=100&sign=e4fa23bd&sv=2) **Add Compliance Rule:** * Add a description (e.g., "Lucy Email Phishing"). * Check "Inbound" and "Internal - receiving". * Select "If ANY of the following match the message". ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FHvGCdOoSMy3V3t72q03o%252Fimage.png%3Falt%3Dmedia%26token%3D7c9e841a-5f6d-43e1-919e-d9fc7b7aaad5&width=768&dpr=4&quality=100&sign=ec3725e7&sv=2) * Click "Add" → Advanced content match → Headers + Body → Contains text. * In "Content", input your Lucy X-Mailer Header (default is "X-Lucy-VictimUrl") and click "Save". ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FecWYC3dXDkuQBTG8uYDD%252Fimage.png%3Falt%3Dmedia%26token%3D4e469a5a-f11d-49c2-91be-433f7c23bbb4&width=768&dpr=4&quality=100&sign=bf644015&sv=2) * Scroll down to the "Spam" section and activate "Bypass spam filter for this message". * Click "Save". ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FJimKNFOb102pPML74K6r%252Fimage.png%3Falt%3Dmedia%26token%3Dd1f00752-19fe-43b4-ad88-1052938e54b6&width=768&dpr=4&quality=100&sign=4e360e9e&sv=2) * * * ### [](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/google-workspace-whitelisting#addressing-suspicious-link-issues) **Addressing Suspicious Link Issues** Sometimes, a warning pop-up window appears when trying to open a link from a Lucy email. To mitigate this: **Enable SSL in Lucy Campaign:** * Ensure SSL is enabled in your Lucy campaign. Refer to our platform reference article on [campaign SSL settings.](https://wiki.lucysecurity.com/application-reference/campaigns/campaign-settings/main-settings/attack-simulation#ssl-settings) **Consider a Paid Certificate:** * If the Let's Encrypt certificate is not sufficient, consider obtaining a paid certificate. Contact any SSL vendor you prefer and [upload your SSL certificate](https://wiki.lucysecurity.com/application-reference/campaigns/campaign-settings/main-settings/attack-simulation#generate-or-upload) to the campaign. * * * ### [](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/google-workspace-whitelisting#disable-warning-prompts) **Disable Warning Prompts:** If issues persist, you can disable the warning prompt for links to untrusted domains in Google Workspace. Follow these steps: * Log into [admin.google.com](https://admin.google.com/) . * Navigate to "Apps". * Select "Google Workspace". * Go to "Gmail". * Select "Safety". * Go to "Links and external images". * Deactivate "Show warning prompt for any click on links to untrusted domains". * Click "Save". [PreviousWhitelisting a Lucy Server](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server) [NextMicrosoft O365 Whitelisting](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/microsoft-o365-whitelisting) Last updated 1 year ago Was this helpful? * [Whitelisting Emails from Lucy](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/google-workspace-whitelisting#whitelisting-emails-from-lucy) * [Bypassing Spam by Email Header](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/google-workspace-whitelisting#bypassing-spam-by-email-header) * [Addressing Suspicious Link Issues](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/google-workspace-whitelisting#addressing-suspicious-link-issues) * [Disable Warning Prompts:](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/google-workspace-whitelisting#disable-warning-prompts) Was this helpful? --- # Application Reference | Lucy Awareness [Notifications](https://wiki.lucysecurity.com/application-reference/notifications) [Statistics Dashboard](https://wiki.lucysecurity.com/application-reference/statistics-dashboard) [Campaigns Dashboards](https://wiki.lucysecurity.com/application-reference/campaigns-dashboards) [Campaigns](https://wiki.lucysecurity.com/application-reference/campaigns) [Templates](https://wiki.lucysecurity.com/application-reference/templates) [Users](https://wiki.lucysecurity.com/application-reference/users) [Settings](https://wiki.lucysecurity.com/application-reference/settings) [Incidents](https://wiki.lucysecurity.com/application-reference/incidents) [Support](https://wiki.lucysecurity.com/application-reference/support) [Account Settings](https://wiki.lucysecurity.com/application-reference/account-settings) Last updated 1 year ago Was this helpful? Was this helpful? --- # Post Installation | Lucy Awareness [](https://wiki.lucysecurity.com/guides/installing-lucy/post-installation#using-the-setup-script) Using the setup script ----------------------------------------------------------------------------------------------------------------------------- Access your Lucy container and execute the setup script: Lucy version 5.2.1 and below: Copy docker exec -it lucy python /opt/phishing/current/tools/setup/setup.py Lucy version 5.3 and above: Copy docker exec -it lucy python3 /opt/phishing/current/tools/setup/setup.py The default name for the container is `lucy`. If you named it something else, use that name in the command above. You can also run the setup script at any time from within the container using: Copy sudo python /opt/phishing/current/tools/setup/setup.py OR sudo python3 /opt/phishing/current/tools/setup/setup.py The script starts with this menu: ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FEsjUgMbDhQM32YWQ43L0%252Fimage.png%3Falt%3Dmedia%26token%3Dacac7ce6-0759-4555-bd6c-4bd369b8192d&width=768&dpr=4&quality=100&sign=739e9ade&sv=2) ### [](https://wiki.lucysecurity.com/guides/installing-lucy/post-installation#create-an-administrative-user) Create an Administrative user Select **Users** (6), then select **Add User** (2). ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FzQc96TOeKw3BYzJXwUia%252Fimage.png%3Falt%3Dmedia%26token%3D0b938aab-295e-4873-b479-f6bd445a8c05&width=768&dpr=4&quality=100&sign=b31bace0&sv=2) ### [](https://wiki.lucysecurity.com/guides/installing-lucy/post-installation#configure-the-administrative-domain) Configure the administrative domain Select **Base Task** (5) and enter a domain you own. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FssmEdYpvHjD2aOrSUcew%252Fimage.png%3Falt%3Dmedia%26token%3Db8237e15-ec2e-474b-a519-9fe5bf020f5a&width=768&dpr=4&quality=100&sign=7f4dc072&sv=2) Ensure all relevant [DNS records](https://wiki.lucysecurity.com/application-reference/settings/common-system-settings/domains#dns-records-explained) are pointing to your Lucy server. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252Fp4O6wiigg1vSd43cjcgq%252Fimage.png%3Falt%3Dmedia%26token%3D9fc43437-2e6b-4022-9a8c-4c10ed48b9b1&width=768&dpr=4&quality=100&sign=752d0185&sv=2) * * * ### [](https://wiki.lucysecurity.com/guides/installing-lucy/post-installation#get-your-server-licensed) Get your server licensed Licensing restrictions currently limit some configuration options on your Lucy server. To start the licensing process, please contact your Account Manager and provide your Lucy [workstation ID](https://wiki.lucysecurity.com/application-reference/account-settings/license#workstation-id) . Once a license has been assigned to your workstation, you can sync the details by going to **Support -> Update** and clicking **Check Update**. * * * ### [](https://wiki.lucysecurity.com/guides/installing-lucy/post-installation#initial-lucy-configuration) Initial Lucy configuration * [Configure mail delivery.](https://wiki.lucysecurity.com/application-reference/settings/common-system-settings/mail-settings) * [Set up a domain for phishing simulations or the e-learning portal.](https://wiki.lucysecurity.com/application-reference/settings/common-system-settings/domains) * [Create a trusted SSL certificate.](https://wiki.lucysecurity.com/application-reference/settings/common-system-settings/ssl-settings) * [Create administrator users.](https://wiki.lucysecurity.com/application-reference/users/administrative-users) * [Download the latest templates.](https://wiki.lucysecurity.com/application-reference/templates/download-templates) * [Implement additional security layers.](https://wiki.lucysecurity.com/application-reference/settings/common-system-settings/firewall) * [Customize portal branding and 404 pages.](https://wiki.lucysecurity.com/application-reference/settings/whitelabeling) * [Set up your first campaign.](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign) * * * ### [](https://wiki.lucysecurity.com/guides/installing-lucy/post-installation#uninstall-lucy) Uninstall LUCY 1. **Legacy Installation (Debian OS, Lucy <= v4.8.7):** * List installed packages: * Remove packages accordingly. 1. **Docker Installation:** * Stop the container: * Remove the container: * * * ### [](https://wiki.lucysecurity.com/guides/installing-lucy/post-installation#support) Support For installation assistance, please get in touch with our [Technical Support](https://wiki.lucysecurity.com/contact-us) team. [PreviousInstalling Lucy](https://wiki.lucysecurity.com/guides/installing-lucy/installing-lucy) [NextManage Blacklisted Domains](https://wiki.lucysecurity.com/guides/manage-blacklisted-domains) Last updated 10 months ago Was this helpful? * [Using the setup script](https://wiki.lucysecurity.com/guides/installing-lucy/post-installation#using-the-setup-script) * [Create an Administrative user](https://wiki.lucysecurity.com/guides/installing-lucy/post-installation#create-an-administrative-user) * [Configure the administrative domain](https://wiki.lucysecurity.com/guides/installing-lucy/post-installation#configure-the-administrative-domain) * [Get your server licensed](https://wiki.lucysecurity.com/guides/installing-lucy/post-installation#get-your-server-licensed) * [Initial Lucy configuration](https://wiki.lucysecurity.com/guides/installing-lucy/post-installation#initial-lucy-configuration) * [Uninstall LUCY](https://wiki.lucysecurity.com/guides/installing-lucy/post-installation#uninstall-lucy) * [Support](https://wiki.lucysecurity.com/guides/installing-lucy/post-installation#support) Was this helpful? Copy awk '/^Selecting/ {gsub(/\./,""); print $5}' /var/log/apt/term.log Copy docker stop lucy Copy docker container rm lucy --- # Campaigns | Lucy Awareness A campaign is a structured program designed to assess and improve employees' understanding and response to cybersecurity threats. It typically includes simulated attacks, such as phishing, and educational content about best practices in cybersecurity. These campaigns serve as benchmarks for an organization's security awareness level, helping to identify areas of risk and plan for future training to mitigate these risks. Refer to our platform reference article for an overview of the [Campaigns Dashboard](https://wiki.lucysecurity.com/application-reference/campaigns-dashboards) **New Campaign** [](https://wiki.lucysecurity.com/application-reference/campaigns/campaign-settings) **Campaign Settings** Last updated 2 months ago Was this helpful? Was this helpful? --- # Ransomware Emulation | Lucy Awareness > ### > > [](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/ransomware-emulation#page-under-construction) > > Page Under Construction [PreviousQR Codes](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/qr-codes) [NextTechnical Malware Test](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/technical-malware-test) Last updated 1 year ago Was this helpful? Was this helpful? --- # Managing Google SafeBrowsing Alerts | Lucy Awareness If your domain is blacklisted by Google, it will display a "Deceptive site ahead" warning, adversely affecting your phishing simulation campaigns. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FLDNSDT4s6hGSBejs67AY%252Fimage.png%3Falt%3Dmedia%26token%3D08e98dca-8514-4dfd-9760-042be9c648da&width=768&dpr=4&quality=100&sign=747c201d&sv=2) Why did Google SafeBrowsing blacklist my domain?[](https://wiki.lucysecurity.com/guides/manage-blacklisted-domains/managing-google-safebrowsing-alerts#why-did-google-safebrowsing-blacklist-my-domain) 1. **Spoofed Brands:** * Domains mimicking well-known brands (e.g., Google, Facebook, Microsoft) can be flagged. Google’s algorithms detect visual and structural similarities to known brands to prevent phishing. 2. **Phishing Indicators:** * If the domain hosts landing pages that solicit login credentials, personal information, or payment details, it can be flagged as a phishing site. Google analyzes the content for common phishing tactics and deceptive practices. 3. **New or Untrusted Domains:** * Newly registered domains often lack a reputation. If these domains are used for phishing simulations, they are more likely to be blacklisted. Google evaluates the age and trustworthiness of a domain. 4. **Domain Configuration:** * The setup of SPF, MX, and A records pointing to the Lucy server is scrutinized. Misconfigurations or anomalies in these records can trigger blacklisting. Google checks for alignment with typical usage patterns and legitimate email configurations. 5. **SSL Certificates:** * Even with valid SSL certificates, if the domain shows signs of misuse or if the certificates are not from well-known Certificate Authorities, the domain can be flagged. Google inspects the validity and trustworthiness of the SSL certificates. 6. **Malware Distribution:** * If the domain inadvertently hosts or distributes malware (e.g., through attachments or linked downloads), it will be blacklisted. Google scans for malicious software and scripts. 7. **Deceptive Content:** * Google looks for content that is intentionally deceptive or misleading, designed to trick users into performing unsafe actions. This includes fake warnings, alerts, and instructions. 8. **Suspicious Behavior Patterns:** * High volumes of emails sent from the domain, especially those resembling phishing emails, can raise red flags. Google monitors sending patterns and email content for suspicious activities. 9. **User Reports:** * If users report the domain as suspicious or harmful, Google will take these reports into consideration. High numbers of user complaints can lead to a domain being blacklisted. 10. **Embedded Links and Redirects:** * Google checks for suspicious links and redirects within the domain. If the site redirects to known malicious or phishing sites, it can be flagged. What can I do to prevent Blacklisting?[](https://wiki.lucysecurity.com/guides/manage-blacklisted-domains/managing-google-safebrowsing-alerts#what-can-i-do-to-prevent-blacklisting) ### [](https://wiki.lucysecurity.com/guides/manage-blacklisted-domains/managing-google-safebrowsing-alerts#choose-reputable-domain-providers) **Choose Reputable Domain Providers:** * Register your domains with well-known and reputable domain providers. This helps establish initial trust. You can use the built-in [Domain wizard](https://wiki.lucysecurity.com/application-reference/settings/common-system-settings/domains#register) for registration with GoDaddy. ### [](https://wiki.lucysecurity.com/guides/manage-blacklisted-domains/managing-google-safebrowsing-alerts#set-up-proper-dns-records) **Set Up Proper DNS Records:** * Ensure your SPF, DKIM, and DMARC records are correctly configured to authenticate your emails. * [Example SPF record:](https://wiki.lucysecurity.com/application-reference/settings/common-system-settings/domains#dns-records-explained) * [Example DKIM record:](https://wiki.lucysecurity.com/application-reference/campaigns/campaign-settings/main-settings/attack-simulation#dkim-support) * Example DMARC record: See our platform reference article on [DNS records](https://wiki.lucysecurity.com/application-reference/settings/common-system-settings/domains#add-a-domain) ### [](https://wiki.lucysecurity.com/guides/manage-blacklisted-domains/managing-google-safebrowsing-alerts#implement-https) **Implement HTTPS:** * Use SSL/TLS certificates from reputable Certificate Authorities (CAs) to secure your domains. Use the built-in [Let's Encrypt certificate generator](https://wiki.lucysecurity.com/application-reference/settings/common-system-settings/ssl-settings) for your domains. ### [](https://wiki.lucysecurity.com/guides/manage-blacklisted-domains/managing-google-safebrowsing-alerts#regularly-update-your-dns-records) **Regularly Update Your DNS Records:** * Keep your DNS records up-to-date and ensure there are no misconfigurations. ### [](https://wiki.lucysecurity.com/guides/manage-blacklisted-domains/managing-google-safebrowsing-alerts#content-and-email-practices) **Content and Email Practices:** **Avoid Exact Brand Imitation:** * Do not exactly replicate the appearance of Google, Facebook, or Microsoft emails and pages. Add slight variations to avoid detection by algorithms. **Use Clear Disclaimers:** * Include disclaimers in your emails and landing pages stating that they are part of a security awareness program. **Limit Email Volume:** * Send your phishing simulation emails in small batches to avoid triggering spam filters. Use the built-in [Scheduler](https://wiki.lucysecurity.com/application-reference/campaigns/campaign-settings/optional-settings/schedule) to achieve this. **Monitor Email Content:** * Ensure your emails do not contain elements commonly associated with spam or phishing, such as excessive links or suspicious attachments. **Test Content with Spam Checkers:** * Use tools like Mail-Tester or Litmus to test your emails for spammy elements before sending them out. ### [](https://wiki.lucysecurity.com/guides/manage-blacklisted-domains/managing-google-safebrowsing-alerts#domain-management-and-monitoring) **Domain Management and Monitoring:** **Warm-Up Your Domain:** * Gradually increase your email sending volume to establish a good sending reputation. Use the built-in [Scheduler](https://wiki.lucysecurity.com/application-reference/campaigns/campaign-settings/optional-settings/schedule) to achieve this. **Monitor Domain Health:** * Use tools like [Google Search Console](https://search.google.com/search-console/about) to monitor your domain’s health and address any issues promptly. **Engage in Regular Clean-Up:** * Periodically review and clean your email lists to ensure you are sending to valid addresses. Use [Lucy's built-in automation](https://wiki.lucysecurity.com/application-reference/settings/common-system-settings/ldap-settings#action-for-new-users) to automatically keep your users up to date with your organization's directory. **Utilize Subdomains:** * Consider using subdomains specifically for simulations to isolate potential issues from your main domain. ### [](https://wiki.lucysecurity.com/guides/manage-blacklisted-domains/managing-google-safebrowsing-alerts#google-safe-browsing-and-user-reports) **Google Safe Browsing and User Reports:** **Regularly Check for Blacklisting:** * Periodically check your domains using tools like Google Safe Browsing to ensure they are not blacklisted. **Promptly Address User Reports:** * Respond quickly to any user reports of suspicious activity related to your domains. **Verify and Whitelist Your Domain:** * Verify your domain ownership with Google Search Console and request reviews if blacklisting occurs. ### [](https://wiki.lucysecurity.com/guides/manage-blacklisted-domains/managing-google-safebrowsing-alerts#legal-and-ethical-considerations) **Legal and Ethical Considerations:** **Stay Within Legal Boundaries:** * Ensure your simulations comply with local laws and regulations regarding email communications and data privacy. **Communicate with Stakeholders:** * Inform relevant stakeholders within your organization about the phishing simulations to avoid misunderstandings and false reports to Google. * * * ### [](https://wiki.lucysecurity.com/guides/manage-blacklisted-domains/managing-google-safebrowsing-alerts#domain-verification-and-ownership-proof) **Domain Verification and Ownership Proof** **Verify Domain Ownership:** * Go to [Google Search Console Security Issues](https://www.google.com/webmasters/tools/security-issues) and click "Add property now". ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FjVyZaxtZmMNVt7oJMPwo%252Fimage.png%3Falt%3Dmedia%26token%3D34b95260-e661-4e61-ab2e-951ccacbe2aa&width=768&dpr=4&quality=100&sign=b6b494ac&sv=2) * Enter the URL of the property you want to verify and click "Continue". ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FLY86KHM9RKIJ0Nkwfscw%252Fimage.png%3Falt%3Dmedia%26token%3D7440fdee-813a-463e-9882-85a88798c3b0&width=768&dpr=4&quality=100&sign=4ab2378c&sv=2) **Domain Name Provider Verification:** * Choose your domain provider from the dropdown menu or select "Any DNS provider" for the TXT record method. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FqEhkydxiMEmNYhs0HWlT%252Fimage.png%3Falt%3Dmedia%26token%3Dbc95e941-4e1f-42ad-bd81-c510635a6a23&width=768&dpr=4&quality=100&sign=de671789&sv=2) * Sign in to your domain name provider and add a TXT record as instructed. > In this example, we will add the Google provided TXT record to my domains DNS panel in GoDaddy. This procedure should be similar for all Domain registration panels. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252Fo4QmsjpFKMrPIBVh77tv%252Fimage.png%3Falt%3Dmedia%26token%3D23a00ccb-a5fc-4607-9714-e11944aa7582&width=768&dpr=4&quality=100&sign=80cdfee2&sv=2) * Go back to Google Search Console and click Verify ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FsebruReuFuOzMdngaTbx%252Fimage.png%3Falt%3Dmedia%26token%3Ddd075a7b-c2d9-4680-89c2-74a7cd0a4f97&width=768&dpr=4&quality=100&sign=a04247ff&sv=2) Sometimes DNS changes can take a while to appear. Please wait a few hours, then reopen your property in Search Console. If verification fails again, try adding a different DNS TXT record. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FyPBUsGFdpo1Ih3OdeQay%252Fimage.png%3Falt%3Dmedia%26token%3D830bacd0-9ca3-4896-9f97-8781bc65d8ee&width=768&dpr=4&quality=100&sign=abdb2854&sv=2) * * * ### [](https://wiki.lucysecurity.com/guides/manage-blacklisted-domains/managing-google-safebrowsing-alerts#what-is-next) What is next? After verifying domain ownership, Google may take 48 to 72 hours to whitelist it. Updates and notifications will be sent to the registered email in Google Search Console. [PreviousManage Blacklisted Domains](https://wiki.lucysecurity.com/guides/manage-blacklisted-domains) [NextWhitelisting a Lucy Server](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server) Last updated 1 year ago Was this helpful? * [Domain Verification and Ownership Proof](https://wiki.lucysecurity.com/guides/manage-blacklisted-domains/managing-google-safebrowsing-alerts#domain-verification-and-ownership-proof) * [What is next?](https://wiki.lucysecurity.com/guides/manage-blacklisted-domains/managing-google-safebrowsing-alerts#what-is-next) Was this helpful? Copy v=spf1 ip4:{your_lucy_ip_address} ~all Copy default._domainkey IN TXT "v=DKIM1; k=rsa; p=" Copy _dmarc IN TXT "v=DMARC1; p=none; rua=mailto:[email protected]" --- # Copy a Website | Lucy Awareness Real phishing content often attempts to copy the appearance of a legitimate web page, and you may want to do the same with your simulated attacks. To assist with this, attack templates have a copy feature for quickly inserting existing web content into your template. Navigate to **Attack Templates -> Edit Template -> Landing Page Template** This feature works best with a blank template. * * * [](https://wiki.lucysecurity.com/guides/attack-simulations/copy-a-website#preparing-the-template) Preparing the template ----------------------------------------------------------------------------------------------------------------------------- Since we are copying a whole webpage, starting with a blank template is best. Make a copy of one of the blank templates: ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252Fm2yyjRBEtNBCPYQd19yh%252Fimage.png%3Falt%3Dmedia%26token%3Dcd2d8e62-224e-4d40-8b42-c8db9a9b18ae&width=768&dpr=4&quality=100&sign=17ae1fc8&sv=2) Now select the copy and make the necessary changes to the template details like name, description, languages, etc. When you're ready go to the **Landing Page Template** for the next steps. * * * [](https://wiki.lucysecurity.com/guides/attack-simulations/copy-a-website#copying-index.html) Copying index.html --------------------------------------------------------------------------------------------------------------------- In this example we'll be copying the Lucy login page: Switch the **Language** field to your desired language, then select **Copy Webpage**. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252Fh0HOjxIa3zUCzjbNvULl%252Fimage.png%3Falt%3Dmedia%26token%3D52487884-11d7-4d89-851a-67af936ce2ca&width=768&dpr=4&quality=100&sign=c19c381e&sv=2) Fill out the details of your target web page, select `index.html` as the file, and click **Start** when ready. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FsCCOUvJAgOeGoMoQRfzN%252Fimage.png%3Falt%3Dmedia%26token%3D0c65d012-5ba6-4306-aff3-46224291011c&width=768&dpr=4&quality=100&sign=c7b92273&sv=2) Once the copy is finished you can return to the template editor to see your content loaded in to the file. You can also click **Preview** to check the appearance in your browser. * * * [](https://wiki.lucysecurity.com/guides/attack-simulations/copy-a-website#copying-other-pages) Copying other pages ----------------------------------------------------------------------------------------------------------------------- To copy a webpage to a new file follow the same steps as above and select **New File** instead of `index.html`. Let's copy the password reset page to go along with our login page. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FDsnxGyTnl8B5pl8jPu2F%252Fimage.png%3Falt%3Dmedia%26token%3Df7c2e1b9-50b6-40dd-9aea-b3639678dea5&width=768&dpr=4&quality=100&sign=cbf1ca0&sv=2) ### [](https://wiki.lucysecurity.com/guides/attack-simulations/copy-a-website#configuring-links-and-other-elements) Configuring links and other elements Since we're copying these pages from their source, links and other elements on the page still point to the real URLs from the website we copied. For example, the **Forgot Password?** button will still take the user to the real password recovery page. These links need to be adjusted to work with your template. If you are linking to another page in your template, simply use the filename as the URL: ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FcQwnApWo9Beq3CiiWnZu%252Fimage.png%3Falt%3Dmedia%26token%3Dc66912b9-1f63-4c9c-afe1-deb95dfec584&width=768&dpr=4&quality=100&sign=ed6dd101&sv=2) Similarly, the login form will need to be adjusted to work with a Lucy simulation by setting the form action to `?login`. Be sure to create a file named `account.html` with a simple error message or other content for the user. Since this is an attack template it makes sense to just set every link to the `%link%` variable. [PreviousRegular Expressions in Login Fields](https://wiki.lucysecurity.com/guides/attack-simulations/regular-expressions-in-login-fields) [NextRedirecting Users](https://wiki.lucysecurity.com/guides/attack-simulations/redirecting-users) Last updated 1 year ago Was this helpful? * [Preparing the template](https://wiki.lucysecurity.com/guides/attack-simulations/copy-a-website#preparing-the-template) * [Copying index.html](https://wiki.lucysecurity.com/guides/attack-simulations/copy-a-website#copying-index.html) * [Copying other pages](https://wiki.lucysecurity.com/guides/attack-simulations/copy-a-website#copying-other-pages) * [Configuring links and other elements](https://wiki.lucysecurity.com/guides/attack-simulations/copy-a-website#configuring-links-and-other-elements) Was this helpful? Copy https://.com/admin/login --- # Using Multiple Awareness Trainings | Lucy Awareness [](https://wiki.lucysecurity.com/guides/awareness-training/awareness-only-campaigns/using-multiple-awareness-trainings#use-cases) Use Cases ------------------------------------------------------------------------------------------------------------------------------------------------ * You want to send specific training content based on the recipient's department, skill level, or other natural grouping, and these recipients are already grouped accordingly (e.g. a recipient group for each department has already been created). * You want to send specific training content to each recipient based on their [risk level](https://wiki.lucysecurity.com/application-reference/campaigns/campaign-settings/main-settings/awareness-education#awareness-template-base-settings) , and these recipients are all in the same group. * * * [](https://wiki.lucysecurity.com/guides/awareness-training/awareness-only-campaigns/using-multiple-awareness-trainings#using-awareness-groups) Using Awareness Groups -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- In this method we will add multiple recipient groups to a campaign and send them all different trainings by binding each recipient group to an awareness group. ### [](https://wiki.lucysecurity.com/guides/awareness-training/awareness-only-campaigns/using-multiple-awareness-trainings#add-trainings) Add Trainings Add each awareness training to the campaign: ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FQpeTxMYloD6c8ztLmCgu%252Fimage.png%3Falt%3Dmedia%26token%3D47de023a-3c0b-42ba-9109-0a05277e2ace&width=768&dpr=4&quality=100&sign=1bacd8fa&sv=2) ### [](https://wiki.lucysecurity.com/guides/awareness-training/awareness-only-campaigns/using-multiple-awareness-trainings#create-awareness-groups) Create Awareness Groups Select **Awareness Groups** from the campaign configuration menu and create one group per training: ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FEtrEvXjw5ftVZCRnLdlb%252Fimage.png%3Falt%3Dmedia%26token%3Dd84f7b78-3d5d-4e68-8a9e-80b5ef6ce826&width=768&dpr=4&quality=100&sign=928fc23d&sv=2) By default a group called **Default Group** already exists. You cannot delete the only awareness group in a campaign, so you must create at least one other group first and then delete the default. ### [](https://wiki.lucysecurity.com/guides/awareness-training/awareness-only-campaigns/using-multiple-awareness-trainings#assign-awareness-groups) Assign Awareness Groups Return to the **Awareness Settings** and select a training. Go to the **Awareness Groups** tab and assign the awareness group you created for that training: ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FAMfd7FTPi67506ioyN0Z%252Fimage.png%3Falt%3Dmedia%26token%3D069a4cc3-4cd8-4be2-af24-addc5988e7b0&width=768&dpr=4&quality=100&sign=4e5f616f&sv=2) To assign an awareness group select it from the menu and click **Bind**. Repeat this step for every training scenario, until each one is bound to a different group: ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FKdVC9ARUeZ4zxGA2CC1f%252Fimage.png%3Falt%3Dmedia%26token%3D5a249ddf-8832-4c87-8eac-00c529563590&width=768&dpr=4&quality=100&sign=f6e1e16f&sv=2) ### [](https://wiki.lucysecurity.com/guides/awareness-training/awareness-only-campaigns/using-multiple-awareness-trainings#add-recipients) Add Recipients Go the **Recipients** page and select **Add Group**. Select your recipients and at the bottom of the page select an awareness group to bind it to those recipients: ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FizLodiz2CHdVf8NQRsmP%252Fimage.png%3Falt%3Dmedia%26token%3D1c827f4f-6943-4aaa-8963-1c6194d1a00c&width=768&dpr=4&quality=100&sign=541c87b0&sv=2) **Save** to continue and repeat this step for each awareness group. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252Foq6qLFLmoixETwMHXbR3%252Fimage.png%3Falt%3Dmedia%26token%3D0ef09411-d91c-4a31-a720-731842bf73f7&width=768&dpr=4&quality=100&sign=4f601608&sv=2) You can use the same group multiple times and bind recipients to multiple awareness groups. If a recipient is bound to multiple awareness groups they will receive each training bound to them. * * * [](https://wiki.lucysecurity.com/guides/awareness-training/awareness-only-campaigns/using-multiple-awareness-trainings#using-risk-levels) Using Risk Levels ---------------------------------------------------------------------------------------------------------------------------------------------------------------- In this method we will add one recipient group to a campaign and send the users in that group different trainings depending on their [reputation level](https://wiki.lucysecurity.com/application-reference/users/risk-score) (also called risk score or risk level). ### [](https://wiki.lucysecurity.com/guides/awareness-training/awareness-only-campaigns/using-multiple-awareness-trainings#add-trainings-1) Add Trainings Add each awareness training to the campaign: ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FIjL8wn3i1M2mbWDtU3zD%252Fimage.png%3Falt%3Dmedia%26token%3D2f2f3865-a70e-4fc6-8ee8-a93346539335&width=768&dpr=4&quality=100&sign=af2b7578&sv=2) Note the auto-incrementing **Risk Level** for each training. You can adjust these levels by using the `+` and `-` buttons. Trainings may not have the same Risk Level. #### [](https://wiki.lucysecurity.com/guides/awareness-training/awareness-only-campaigns/using-multiple-awareness-trainings#rename-the-awareness-group) Rename the Awareness Group By default, the lone awareness group is named after the first training that was added. For clarity's sake you should rename the group to something like "Default" or another descriptive name. Whatever you name the Awareness Group, just make sure you have only one - we will use this group in the next step when we add recipients. ### [](https://wiki.lucysecurity.com/guides/awareness-training/awareness-only-campaigns/using-multiple-awareness-trainings#add-recipients-1) Add Recipients Add all of your recipients and select the lone awareness group under **Scenarios**. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FgJFNStrINyubnv6BabJp%252Fimage.png%3Falt%3Dmedia%26token%3Db29db089-8dcc-47d4-9707-d411be9ea04c&width=768&dpr=4&quality=100&sign=d68eccdf&sv=2) Once complete, your awareness settings should look like this: ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252Fe6siWuQXOPBJsMXR6ABV%252Fimage.png%3Falt%3Dmedia%26token%3D7b3f4106-257f-4b6b-8c28-f33f241e707a&width=768&dpr=4&quality=100&sign=dd44003f&sv=2) [PreviousAwareness Only Campaigns](https://wiki.lucysecurity.com/guides/awareness-training/awareness-only-campaigns) [NextUse extended method of tracking the end of the quiz](https://wiki.lucysecurity.com/guides/awareness-training/use-extended-method-of-tracking-the-end-of-the-quiz) Last updated 1 year ago Was this helpful? * [Use Cases](https://wiki.lucysecurity.com/guides/awareness-training/awareness-only-campaigns/using-multiple-awareness-trainings#use-cases) * [Using Awareness Groups](https://wiki.lucysecurity.com/guides/awareness-training/awareness-only-campaigns/using-multiple-awareness-trainings#using-awareness-groups) * [Add Trainings](https://wiki.lucysecurity.com/guides/awareness-training/awareness-only-campaigns/using-multiple-awareness-trainings#add-trainings) * [Create Awareness Groups](https://wiki.lucysecurity.com/guides/awareness-training/awareness-only-campaigns/using-multiple-awareness-trainings#create-awareness-groups) * [Assign Awareness Groups](https://wiki.lucysecurity.com/guides/awareness-training/awareness-only-campaigns/using-multiple-awareness-trainings#assign-awareness-groups) * [Add Recipients](https://wiki.lucysecurity.com/guides/awareness-training/awareness-only-campaigns/using-multiple-awareness-trainings#add-recipients) * [Using Risk Levels](https://wiki.lucysecurity.com/guides/awareness-training/awareness-only-campaigns/using-multiple-awareness-trainings#using-risk-levels) * [Add Trainings](https://wiki.lucysecurity.com/guides/awareness-training/awareness-only-campaigns/using-multiple-awareness-trainings#add-trainings-1) * [Add Recipients](https://wiki.lucysecurity.com/guides/awareness-training/awareness-only-campaigns/using-multiple-awareness-trainings#add-recipients-1) Was this helpful? --- # Notifications | Lucy Awareness [](https://wiki.lucysecurity.com/application-reference/notifications#introduction) Introduction ---------------------------------------------------------------------------------------------------- The **Notifications** page provides administrative users with a centralized view of all system alerts and messages. These notifications help you stay informed about: * System errors or warnings * New templates available for download * Software updates * Other important system events Navigate to **System Status > Notifications** or click the notification bell in the top-right corner. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2Flh7-rt.googleusercontent.com%2Fdocsz%2FAD_4nXdiKo5RibRNAMQgm-qanJhVYdXQTJX89iZMt-Bxz4ilaFZQz-9zJxRUmv0Jqz8grp1aX4oN3YL6CHCvrmegnJj4vz-jbc136torT5l_zDPhNly9vMt1zbxHt_tCVEJFQ5axKo6ujg%3Fkey%3DU-ZQepnaDUgS8hdfPu71VejB&width=768&dpr=4&quality=100&sign=e2b2f5d3&sv=2) * * * [](https://wiki.lucysecurity.com/application-reference/notifications#managing-notifications) Managing Notifications ------------------------------------------------------------------------------------------------------------------------ * **Expand for Details**: Click on a notification to view more information and any available actions. * **Delete**: To remove a notification, click the **trash icon** on the right side of the message. [PreviousApplication Reference](https://wiki.lucysecurity.com/application-reference) [NextStatistics Dashboard](https://wiki.lucysecurity.com/application-reference/statistics-dashboard) Last updated 8 months ago Was this helpful? * [Introduction](https://wiki.lucysecurity.com/application-reference/notifications#introduction) * [Managing Notifications](https://wiki.lucysecurity.com/application-reference/notifications#managing-notifications) Was this helpful? --- # Regular Expressions in Login Fields | Lucy Awareness ### [](https://wiki.lucysecurity.com/guides/attack-simulations/regular-expressions-in-login-fields#introduction) Introduction Lucy can create phishing scenarios where users are prompted to [login on a landing web page](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/data-entry-attack) . To ensure that only valid logins are counted as successful attacks, Lucy allows you to define regular expressions within the login field, which serve as filters for login criteria. These criteria can include requirements such as: * Passwords containing at least two alphanumeric characters. * Usernames containing a specific domain name, among others. ### [](https://wiki.lucysecurity.com/guides/attack-simulations/regular-expressions-in-login-fields#configuration) Configuration For Lucy to apply regular expressions in a login field, the login form must use a POST method with the login action set to "**?login**". Additionally, the name of the login field should be "**login**" and the name of the password field should be "**password**". A valid login field in Lucy might resemble the following HTML snippet: Copy You can configure login filters [under scenario settings](https://wiki.lucysecurity.com/application-reference/campaigns/campaign-settings/main-settings/attack-simulation#regexp) once you've set up the login fields with the correct naming convention. Lucy will then be able to apply the filter mechanism. You can choose from a list of existing filter examples in the dropdown menu, or apply any POSIX regular expression filter within the input fields. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FKqGf4QqN2vGkG2phblXe%252Fimage.png%3Falt%3Dmedia%26token%3Da6a2eb92-d295-416e-b0d6-83d6980cdf66&width=768&dpr=4&quality=100&sign=2f912732&sv=2) Additionally, Lucy supports JavaScript-based login filters. An example of such a function verifies if the username starts with certain letters and checks if the password is complex. If both conditions are met, the script sends fake login data to Lucy for admin verification. Make sure to download the corresponding JavaScript libraries and include them in your campaign template (landing page). 34KB [scripts.zip](https://3536856424-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FVYPsDfg76rUuy4DWfSsJ%2Fuploads%2FcCeFE2pWILapltv4GLyk%2Fscripts.zip?alt=media&token=c4686b76-337a-4eb5-875c-7d8767053193) archive Download[Open](https://3536856424-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FVYPsDfg76rUuy4DWfSsJ%2Fuploads%2FcCeFE2pWILapltv4GLyk%2Fscripts.zip?alt=media&token=c4686b76-337a-4eb5-875c-7d8767053193) [PreviousAdvanced Information Gathering](https://wiki.lucysecurity.com/guides/attack-simulations/advanced-information-gathering) [NextCopy a Website](https://wiki.lucysecurity.com/guides/attack-simulations/copy-a-website) Last updated 1 year ago Was this helpful? * [Introduction](https://wiki.lucysecurity.com/guides/attack-simulations/regular-expressions-in-login-fields#introduction) * [Configuration](https://wiki.lucysecurity.com/guides/attack-simulations/regular-expressions-in-login-fields#configuration) Was this helpful? Copy
--- # Deploying Gmail | Lucy Awareness Navigate to Incidents -> Download Plugin -> Gmail Addon * * * ### [](https://wiki.lucysecurity.com/guides/reporting-plugin/deploying-gmail#id-1.-download-plugin-files) 1\. Download plugin files Navigate to **Incidents** and click the **Download Plugin** button, then select the "Gmail Addon" option. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FN89h523OHYZWopzjrgeg%252Fimage.png%3Falt%3Dmedia%26token%3De8fc990f-59c6-46f7-9a2e-05c942bbf8a8&width=768&dpr=4&quality=100&sign=11b95259&sv=2) The addon will be deployed as a Google App, so the download contains two files in an archive: 1. `code.js` - The plugin's runtime code. 2. `appsscript.json` - The plugin's metadata. * * * ### [](https://wiki.lucysecurity.com/guides/reporting-plugin/deploying-gmail#id-2.-create-a-new-google-project) 2\. Create a new Google project Go to [https://script.google.com/](https://script.google.com/) and create a **New Project**. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FDQqylyBJThEVXwiBfI9W%252Fimage.png%3Falt%3Dmedia%26token%3D45732c6d-db0b-40c6-b2d3-55cd4e7ee7d9&width=768&dpr=4&quality=100&sign=e4b8a2a7&sv=2) * * * ### [](https://wiki.lucysecurity.com/guides/reporting-plugin/deploying-gmail#id-3.-edit-code.gs) 3\. Edit Code.gs When the project opens, copy the contents of `code.js` into the workspace and click the **Save** icon. If there is any code in the workspace file before you paste, remove it first. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FFhHJRuVP24bX5TfnCFul%252Fimage.png%3Falt%3Dmedia%26token%3D8b441849-2469-4b05-bbc6-28dc3789133b&width=768&dpr=4&quality=100&sign=11292eb6&sv=2) The file is named Code.gs by default * * * ### [](https://wiki.lucysecurity.com/guides/reporting-plugin/deploying-gmail#id-4.-edit-appsscript.json) 4\. Edit appsscript.json Next, select the **Project Settings** icon from the options on the left and enable the option for "Show 'appsscript.json' metadata in editor". You should also select your time zone here. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FSXhZAesHrZkjYRp0D8Z5%252Fimage.png%3Falt%3Dmedia%26token%3Da63c6e36-7981-40c0-8dc4-8796f0ad1bd1&width=768&dpr=4&quality=100&sign=c3050bde&sv=2) Return to the code editor and paste the contents of the `appscript.json` file that you downloaded into the `appscript.json` file in the editor. If there is any code in the workspace file before you paste, remove it first. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252Fkh8xdBHQ8EAiLBoYMBoa%252Fimage.png%3Falt%3Dmedia%26token%3D29d60e94-a0ae-43b5-8b18-50a7ab191689&width=768&dpr=4&quality=100&sign=a38a8915&sv=2) #### [](https://wiki.lucysecurity.com/guides/reporting-plugin/deploying-gmail#metadata-options) Metadata Options Most of the fields in this object should be left alone, but there are a few worth checking before you deploy this project. **Name:** The name of the add-on in your mail client. This name appears when you hover the mouse over the button. **Logo URL:** A link to the button's image. The default is an image hosted by us, but you can host your own image and link to it here. **Primary and Secondary Color:** Customize the color scheme. This field accepts hex codes, use a [hex code tool of your choice](https://www.google.com/search?q=color+hex+code+tool) to find the colors you like. * * * ### [](https://wiki.lucysecurity.com/guides/reporting-plugin/deploying-gmail#id-5.-deploy-the-project) 5\. Deploy the project Click **Deploy** and select "New Deployment". Make sure the addon type is both **Add-on** and **Web App**, and the options shown below for Web App are selected. When everything looks right, click **Deploy** and then click "Done". ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252F5Pxz2nryjCSneAQpm4Mf%252Fimage.png%3Falt%3Dmedia%26token%3D8251be23-a52e-44df-8246-2cd6fe39ad82&width=768&dpr=4&quality=100&sign=208a4ba3&sv=2) * * * ### [](https://wiki.lucysecurity.com/guides/reporting-plugin/deploying-gmail#id-6.-install-the-addon) 6\. Install the addon Click **Deploy** again and this time select "Test Deployments", then select "Install". ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252F35TqVPArut2W7Q5AGBOL%252Fimage.png%3Falt%3Dmedia%26token%3Dbf04352e-ee0a-4345-b6d9-73c8a5cc378a&width=768&dpr=4&quality=100&sign=6d5ddc93&sv=2) [PreviousDeploying Outlook Native (Deprecated)](https://wiki.lucysecurity.com/guides/reporting-plugin/deploying-outlook-native-deprecated) [NextApplication Reference](https://wiki.lucysecurity.com/application-reference) Last updated 1 year ago Was this helpful? * [1\. Download plugin files](https://wiki.lucysecurity.com/guides/reporting-plugin/deploying-gmail#id-1.-download-plugin-files) * [2\. Create a new Google project](https://wiki.lucysecurity.com/guides/reporting-plugin/deploying-gmail#id-2.-create-a-new-google-project) * [3\. Edit Code.gs](https://wiki.lucysecurity.com/guides/reporting-plugin/deploying-gmail#id-3.-edit-code.gs) * [4\. Edit appsscript.json](https://wiki.lucysecurity.com/guides/reporting-plugin/deploying-gmail#id-4.-edit-appsscript.json) * [5\. Deploy the project](https://wiki.lucysecurity.com/guides/reporting-plugin/deploying-gmail#id-5.-deploy-the-project) * [6\. Install the addon](https://wiki.lucysecurity.com/guides/reporting-plugin/deploying-gmail#id-6.-install-the-addon) Was this helpful? --- # Use extended method of tracking the end of the quiz | Lucy Awareness ### [](https://wiki.lucysecurity.com/guides/awareness-training/use-extended-method-of-tracking-the-end-of-the-quiz#introduction) Introduction "Use extended method of tracking the end of the quiz" is available to monitor when users complete a quiz at a pre-defined placeholder within the Awareness template. This option can be found on the Awareness Template editing page. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252F05H7kLrWd14aVRHwjKLh%252Fimage.png%3Falt%3Dmedia%26token%3D24eaf08b-5c57-483c-8c26-3b64b5223bae&width=768&dpr=4&quality=100&sign=a062c290&sv=2) ### [](https://wiki.lucysecurity.com/guides/awareness-training/use-extended-method-of-tracking-the-end-of-the-quiz#configuration) Configuration The default state of this feature is disabled. To activate this method, add a call to the additional function `lucyQuizEnd()` without any parameters. Call this function after the user answers the last question in your desired quiz. Enabling this option without calling the `lucyQuizEnd()` function will prevent recipients from being marked as "trained". By default, Lucy marks each recipient as "Trained" after receiving the first answer to the quiz. Enabling the "Use extended method of tracking the end of the quiz" option and calling the `lucyQuizEnd()` function allows you to set the "Trained" status at the appropriate moment. Using the awareness template "**Internet Security**" as an example: Navigate to **Templates -> Awareness Templates** Select "Edit Template" ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FKJQ1eOCiOxyjCs3NLs10%252Fimage.png%3Falt%3Dmedia%26token%3D7c63d120-3ec6-4c57-b59e-4c48a67d3d81&width=768&dpr=4&quality=100&sign=993c073a&sv=2) Select "**Content Template**" ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FxxDxdKAhktdoEMKLZMqi%252Fimage.png%3Falt%3Dmedia%26token%3Da20e63ae-01df-4d38-b0b2-2358eb571c4e&width=768&dpr=4&quality=100&sign=4206701f&sv=2) To enhance the "**Internet Security**" template, integrate the `lucyQuizEnd()` function into the source code to process quiz answers. The quiz consists of 9 questions, aiming to identify users who correctly answer at least 5. Activate the "**Use extended method of tracking the end of the quiz**" option in the Website section of the Awareness Settings for the campaign. Use your "**File**" drop-down to navigate to the correct file javascript file `game.js` This file might vary depending on the template. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FI1gkitdwD1UravpGGrkX%252Fimage.png%3Falt%3Dmedia%26token%3D53875d43-1e09-4a99-9fd8-463461e3282f&width=768&dpr=4&quality=100&sign=5e7a39e8&sv=2) 1. Add a new variable `correctAnswerCount` to keep track of the number of correct answers: ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252F2MqRjGcDcxj6HdEiQxTn%252Fimage.png%3Falt%3Dmedia%26token%3D13f3d774-8a23-4f49-90ac-8aeacccd1630&width=768&dpr=4&quality=100&sign=3c4f16bd&sv=2) 1. Find the place in the code where the function `lucyQuizAnswer()` is called and insert a call to the function `lucyQuizEnd()` after it with the condition as shown below: ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252F9fkvKoCw0H0eslI3UXNa%252Fimage.png%3Falt%3Dmedia%26token%3D6dda8749-33fe-4439-b292-140bc023505d&width=768&dpr=4&quality=100&sign=faad3e7a&sv=2) 1. Save the template and run the campaign. After 5 quiz questions are answered correctly, the recipient will be marked as "**Trained**". Using the function `lucyQuizEnd()` together with the option "**Ignore repeated answers in awareness**" should be avoided, as this function disregards the restrictions set by that option. ### [](https://wiki.lucysecurity.com/guides/awareness-training/use-extended-method-of-tracking-the-end-of-the-quiz#advanced-functions) Advanced Functions * `lucyQuizStart(quizNumber, countQuestions, errorHandler)` Starts a quiz for the current user and tracks the time when the quiz started. Useful for templates with randomly sorted questions and a variable number of questions. * `lucySetVariable(varName, varValue, errorHandler)` Permanently saves text data for the current user. * `lucyGetVariable(varName, successHandler, errorHandler)` Retrieves previously saved variables by name. ### [](https://wiki.lucysecurity.com/guides/awareness-training/use-extended-method-of-tracking-the-end-of-the-quiz#troubleshooting) Troubleshooting Issue: Lucy marks recipients as 'Trained' without any quiz answers given. Solution: Enable the "Quiz" option within the Website section of the Awareness Settings in the campaign. Issue: Lucy does not mark recipients as 'Trained' despite receiving positive quiz answers. Solution: Disable the "Extended method of tracking the end of the quiz" option within the Website section of the Awareness Settings in the campaign, or adjust your awareness template accordingly. [PreviousUsing Multiple Awareness Trainings](https://wiki.lucysecurity.com/guides/awareness-training/awareness-only-campaigns/using-multiple-awareness-trainings) [NextReporting Plugin](https://wiki.lucysecurity.com/guides/reporting-plugin) Last updated 1 year ago Was this helpful? * [Introduction](https://wiki.lucysecurity.com/guides/awareness-training/use-extended-method-of-tracking-the-end-of-the-quiz#introduction) * [Configuration](https://wiki.lucysecurity.com/guides/awareness-training/use-extended-method-of-tracking-the-end-of-the-quiz#configuration) * [Advanced Functions](https://wiki.lucysecurity.com/guides/awareness-training/use-extended-method-of-tracking-the-end-of-the-quiz#advanced-functions) * [Troubleshooting](https://wiki.lucysecurity.com/guides/awareness-training/use-extended-method-of-tracking-the-end-of-the-quiz#troubleshooting) Was this helpful? --- # Lures | Lucy Awareness [](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/lures#understanding-the-attack) Understanding the Attack ------------------------------------------------------------------------------------------------------------------------------------- A lure is not an attack on its own, but most attack types can have a lure attached to them in the Attack Settings. Lures prepare the targets of a phishing campaign for the phishing email, lowering the user's guard and tricking them into believing that the email is real. [](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/lures#checklist) Checklist ------------------------------------------------------------------------------------------------------- * [Register an attack domain](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/register-an-attack-domain) * Enable **Double Barrel Attack** in the Attack Settings and set a delay * Design a Lure email (see below) [](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/lures#lure-emails) Lure Emails ----------------------------------------------------------------------------------------------------------- First enable the **Double Barrel Attack** setting, set a delay, and save: ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FtK7dnsxsuauwmHaAs1yH%252Fimage.png%3Falt%3Dmedia%26token%3D41fb54cb-1e86-4fc6-bc95-ae2b6f527519&width=768&dpr=4&quality=100&sign=702376c0&sv=2) The delay is in seconds, so 1800 seconds is 30 minutes between the lure and the attack. Then go to the **Lure Template** tab and create a lure email: ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FhWpWjolvRwg79JW1bUgR%252Fimage.png%3Falt%3Dmedia%26token%3D0cdda16f-b3f2-41af-8e90-3fbbefce6cde&width=768&dpr=4&quality=100&sign=c138cc79&sv=2) You are now ready to use lures in your campaign. [PreviousSmishing](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/smishing) [NextQR Codes](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/qr-codes) Last updated 1 year ago Was this helpful? * [Understanding the Attack](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/lures#understanding-the-attack) * [Checklist](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/lures#checklist) * [Lure Emails](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/lures#lure-emails) Was this helpful? --- # File Attack Whitelisting | Lucy Awareness ![Page cover](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FHaUp6yPp4slW7TSFjQmS%252Fgrouppolicy.png%3Falt%3Dmedia%26token%3Dc21b7e2c-1d85-4834-b78e-9e400380f154&width=1248&dpr=4&quality=100&sign=333d6f89&sv=2) ### [](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/file-attack-whitelisting#introduction) **Introduction** To simulate file-based malware attacks with Microsoft Defender, you need to configure Active Directory (AD) Group Policy Object (GPO) settings to exclude specific files from being scanned. This guide provides step-by-step instructions for whitelisting files by path using GPOs. * * * ### [](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/file-attack-whitelisting#important-considerations) **Important Considerations** **Whitelisting Lucy IP:** * Ensure that Lucy's IP is whitelisted at the mail gateway level to guarantee email delivery. * Refer to the following links for detailed instructions: * [O365 Whitelisting](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/microsoft-o365-whitelisting) * [Google Workspace Whitelisting](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/google-workspace-whitelisting) * * * **Additional Security Measures:** * This guide covers GPO settings for AD. If your organization uses additional antivirus software or firewall protection, equivalent whitelisting must be configured accordingly. **Macro-Related Attacks:** * For macro-related attacks, users will still need to enable editing and macros in Office documents. Design the attack scenario to prompt users to perform these actions. * * * ### [](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/file-attack-whitelisting#scenario-example) **Scenario Example** **Scenario:** * Successful Attack = Data Submit / File Data Received * Attack Vector: Mixed Attack (Harvest credentials via user login on a web-hosted page + download and execute payload). **Idea:** * The user receives an email from the CEO with a link to a list of top clients. * The user logs in to a landing page, completing phase 1 (credential harvesting). * The user downloads an Excel file, which is excluded from virus scanning. * Upon opening the file and enabling editing and macros, the script runs, completing phase 2 (data submission). * * * Below is the process for adding a file to the exclusion list at the machine level: 1. **Open Windows Security:** * Go to Start -> Settings -> Update & Security -> Windows Security -> Virus & Threat Protection. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FSvseEvEbqgysWJfHIREE%252Fimage.png%3Falt%3Dmedia%26token%3D049d27aa-1bd1-4cdc-beb2-6bf5e8b2f899&width=768&dpr=4&quality=100&sign=d49b11da&sv=2) **Add Exclusion:** * Under Virus & Threat Protection settings, select Manage Settings. * Scroll down to Exclusions and select Add or Remove Exclusions. * Click Add an Exclusion and choose File. * Select the file to be excluded. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FM7zDrEGRWQuGWPjk8aME%252Fimage.png%3Falt%3Dmedia%26token%3D774f185c-4460-44fe-9957-97d25e517c44&width=768&dpr=4&quality=100&sign=1b757fc3&sv=2) ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FpynvDNyXSHnUnKEGkveb%252Fimage.png%3Falt%3Dmedia%26token%3De6175090-b583-48f4-8308-945ec7eed610&width=768&dpr=4&quality=100&sign=6fff0f69&sv=2) This workflow demonstrates the process at an individual level, but for organizational-scale implementation, the Network Administrator will perform these steps via AD GPO. * * * ### [](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/file-attack-whitelisting#excluding-a-file-path-in-active-directory-via-gpo) **Excluding a File Path in Active Directory via GPO:** **Open Group Policy Management:** * Navigate to Tools -> Group Policy Management. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FrS85GuVOAkWHucQvBX4e%252Fimage.png%3Falt%3Dmedia%26token%3D3143f67a-5901-477b-b2c3-a61198ee71ec&width=768&dpr=4&quality=100&sign=dbbc66ec&sv=2) **Create or Edit a GPO:** * Select the domain associated with the end users. * Right-click on the policy and select Edit. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FjgKE9u6kf2lC0VL85YrA%252Fimage.png%3Falt%3Dmedia%26token%3D0009de31-8843-422a-a95b-409815bef500&width=768&dpr=4&quality=100&sign=62769392&sv=2) **Navigate to Windows Defender Settings:** * Go to Policies > Administrative Templates. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FLptrkcOWUtswFdXYvPBE%252Fimage.png%3Falt%3Dmedia%26token%3D2f4a9fc6-961a-4fc5-a86b-2802f7b26097&width=768&dpr=4&quality=100&sign=e8d42f11&sv=2) * Click on Windows Components. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FFnZwklKIa3mOZiuhNy2p%252Fimage.png%3Falt%3Dmedia%26token%3Da7e4cc4d-536e-4367-8342-33becc0503b1&width=768&dpr=4&quality=100&sign=9487afc&sv=2) * Scroll down to Microsoft Defender Antivirus. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FD1qMc3XIpya8O2X9lqaz%252Fimage.png%3Falt%3Dmedia%26token%3Da96e935c-8e71-4bf3-849a-33cd8a103af9&width=768&dpr=4&quality=100&sign=4a187e6d&sv=2) * Click on Exclusions. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252F93wxjNwblQV2MKDp4GVs%252Fimage.png%3Falt%3Dmedia%26token%3D528365ad-b337-4541-82a1-cd8671fcf57b&width=768&dpr=4&quality=100&sign=22eac66&sv=2) **Define Path Exclusion:** * Select Path Exclusions. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252Fv5iLLmxVFuuSUlEVcsZd%252Fimage.png%3Falt%3Dmedia%26token%3Df5089f96-5094-40b3-be3f-e2d026c79307&width=768&dpr=4&quality=100&sign=b866ea14&sv=2) * Click Enable and then Show. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252F7PBHomfVQ0sDqRvTA5pE%252Fimage.png%3Falt%3Dmedia%26token%3Ddabdf2e9-cab7-4248-bf40-06ce9342b19a&width=768&dpr=4&quality=100&sign=432e0a92&sv=2) * Enter the file path, e.g., `C:\Users\local.user\Downloads\List of Top clients V2.xls`. * Set the value to 0. * Click OK and Apply. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FQwCsTtvACchqd39JrhjS%252Fimage.png%3Falt%3Dmedia%26token%3Df8b45158-59bd-4abd-819a-51149df8dfc7&width=768&dpr=4&quality=100&sign=b6bb0b22&sv=2) **Enforce the Policy:** * Right-click on the policy in Group Policy Management and select Enforce. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FMUEiNjZiNN6pIBr5UL7v%252Fimage.png%3Falt%3Dmedia%26token%3Db819c723-d1dd-4fb4-875a-c99502835299&width=768&dpr=4&quality=100&sign=bc7bedfa&sv=2) * Run `gpupdate /force` to update the policy for all users. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FYvUy9GqO3UT3vzCvFYLT%252Fimage.png%3Falt%3Dmedia%26token%3D172a6a30-340c-4fa6-b566-bdcc6e9301ba&width=768&dpr=4&quality=100&sign=2e5cb6d8&sv=2) * * * ### [](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/file-attack-whitelisting#enabling-editing-and-content-in-excel) **Enabling Editing and Content in Excel:** **Enable Editing:** * When the file is opened, click Enable Editing. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FWaVfNU2xu4pFqM3fb2jj%252Fimage.png%3Falt%3Dmedia%26token%3Df0f9fb1f-d594-44ba-97d2-9c100db31277&width=768&dpr=4&quality=100&sign=7361e6ad&sv=2) **Enable Content:** * Click Enable Content to allow macros to run. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252F19FgD0cbPcTokCpji5Eq%252Fimage.png%3Falt%3Dmedia%26token%3D8e43148d-daef-41a3-886f-3ebaf58b1196&width=768&dpr=4&quality=100&sign=dff5b531&sv=2) By following these steps, you can ensure that Defender does not block the file download and execution, allowing the simulation to proceed as intended. **References** * [Configure Extension File Exclusions in Microsoft Defender Antivirus](https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus?view=o365-worldwide) [PreviousMicrosoft O365 Whitelisting](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/microsoft-o365-whitelisting) [NextAttack Simulations](https://wiki.lucysecurity.com/guides/attack-simulations) Last updated 1 year ago Was this helpful? * [Introduction](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/file-attack-whitelisting#introduction) * [Important Considerations](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/file-attack-whitelisting#important-considerations) * [Scenario Example](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/file-attack-whitelisting#scenario-example) * [Excluding a File Path in Active Directory via GPO:](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/file-attack-whitelisting#excluding-a-file-path-in-active-directory-via-gpo) * [Enabling Editing and Content in Excel:](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server/file-attack-whitelisting#enabling-editing-and-content-in-excel) Was this helpful? --- # Hyperlink Attack | Lucy Awareness ### [](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/hyperlink-attack#understanding-the-attack) **Understanding the Attack** **Definition** A hyperlink attack involves embedding malicious URLs in emails. When users click these links, they may be redirected to phishing sites, download malware, or unintentionally disclose personal information. For Lucy, success is measured by whether the user clicks the link. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252Frm2Ck9VDSEPf8Jgms6B8%252Fvmware_iq5PxlFR0d.gif%3Falt%3Dmedia%26token%3Dcca29e18-b75f-426b-bbd5-e6ff7530245c&width=768&dpr=4&quality=100&sign=34be4cd8&sv=2) This is an example of a Hyperlink Attack, once clicked redirecting to awareness training * * * ### [](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/hyperlink-attack#checklist) **Checklist** * [Register an Attack Domain](https://wiki.lucysecurity.com/application-reference/settings/common-system-settings/domains#register-a-domain-via-the-domain-registration-wizard) * [Add a Hyperlink Attack to your Campaign](https://wiki.lucysecurity.com/application-reference/campaigns/campaign-settings/main-settings/attack-simulation#add-an-attack-template-to-your-campaign) * [Ensure "Click" is set as your Success Action](https://wiki.lucysecurity.com/application-reference/campaigns/campaign-settings/main-settings/attack-simulation#success-action) * [Ensure the sending Domain is whitelisted](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server) * * * ### [](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/hyperlink-attack#real-world-examples) **Real-world Examples** * An employee in the finance department receives an email that appears to be from their HR department, prompting them to complete a timesheet. * An employee receives an email purportedly from the HR department, containing a link to view their colleagues' performance metrics compared to their own. * A finance executive receives an urgent email that seems to be from the CEO, containing a payment link for an emergency account transfer. Ready to set up your Hyperlink Attack? See our platform reference article on [Adding an Attack to your campaign.](https://wiki.lucysecurity.com/application-reference/campaigns/campaign-settings/main-settings/attack-simulation#add-an-attack-template-to-your-campaign) * * * ### [](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/hyperlink-attack#user-detection-methods) **User Detection Methods** To help employees recognize and respond to hyperlink phishing attempts effectively, the following user detection methods can be incorporated into training programs: #### [](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/hyperlink-attack#email-analysis) Email Analysis **Check Sender Details:** Verify the sender's email address and domain to ensure they match the legitimate source. **Look for Red Flags:** Be wary of emails with poor grammar, spelling errors, or unusual formatting. #### [](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/hyperlink-attack#url-inspection) URL Inspection **Hover Over Links:** Before clicking, hover over links to view the actual URL and ensure it points to a legitimate site. **Check for HTTPS:** Ensure the website URL starts with "https://" and look for a padlock symbol, indicating a secure connection. #### [](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/hyperlink-attack#content-verification) Content Verification **Suspicious Attachments:** Avoid opening unexpected attachments or downloading files from unknown sources. **Urgency and Threats:** Be cautious of emails that create a sense of urgency, pressure to act quickly, or threaten negative consequences. #### [](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/hyperlink-attack#link-appearance-checks) Link Appearance Checks **Verify Link Text:** Ensure the visible text of the hyperlink matches the actual URL. For example, a link labeled as “www.lucysecurity.com” should not redirect to “www.lucysecurtiy.com.” **Type Known URLs Manually:** Instead of clicking on a link, manually type the known and trusted URL into your browser to ensure you are visiting the correct site. #### [](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/hyperlink-attack#communication-verification) Communication Verification **Cross-Check Requests:** If an email or message asks for sensitive information, verify the request through a separate communication channel, such as a phone call to the supposed sender. #### [](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/hyperlink-attack#incident-reporting) Incident Reporting **Report Suspicious Links:** Immediately report any suspicious links to the IT or security department for further analysis. **Use Reporting Tools:** Deploy the [Lucy Phish Button](https://wiki.lucysecurity.com/application-reference/settings/submitted-email-settings) for all users to use as a reporting tool. * * * [PreviousData Entry Attack](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/data-entry-attack) [NextFile Attack](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/file-attack) Last updated 1 year ago Was this helpful? * [Understanding the Attack](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/hyperlink-attack#understanding-the-attack) * [Checklist](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/hyperlink-attack#checklist) * [Real-world Examples](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/hyperlink-attack#real-world-examples) * [User Detection Methods](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/hyperlink-attack#user-detection-methods) Was this helpful? --- # Advanced Information Gathering | Lucy Awareness ### [](https://wiki.lucysecurity.com/guides/attack-simulations/advanced-information-gathering#introduction) **Introduction** LUCY helps organizations run phishing simulations to identify vulnerable users. However, ensuring a user's browser is safely configured, especially when accessing corporate email from personal devices, remains a challenge. ### [](https://wiki.lucysecurity.com/guides/attack-simulations/advanced-information-gathering#advanced-information-gathering-framework) **Advanced Information Gathering Framework** LUCY's Advanced Information Gathering (AIG) tool enhances user awareness training by mimicking drive-by malware attacks to test internal security. AIG targets vulnerabilities in web browsers, the primary entry point for many security threats. AIG can safely expose web and browser-based vulnerabilities, such as cross-site scripting (XSS), using client-side attack vectors. If a user clicks on a link embedded by AIG, their browser connects to the AIG server integrated into LUCY. This connection allows AIG to perform various actions on the browser, such as redirecting the user, changing URLs, or generating dialogue boxes. ### [](https://wiki.lucysecurity.com/guides/attack-simulations/advanced-information-gathering#purpose-of-advanced-information-gathering) **Purpose of Advanced Information Gathering** With AIG integrated into LUCY, companies can assess two critical security questions: 1. Would an employee potentially fall for a phishing attack? 2. If they did, would their browser's security settings prevent further damage from browser-exploitation malware? ### [](https://wiki.lucysecurity.com/guides/attack-simulations/advanced-information-gathering#what-information-is-gathered) What Information is Gathered? **Browser Details:** Tracks specific browser information like type, version, and extensions. This helps identify security weaknesses or confirm if the browser is up-to-date with best practices. **Firebug Information:** Firebug is a popular web development tool. If a user has Firebug installed, it could potentially be used to debug or modify webpages. Tracking whether Firebug or similar tools are present can reveal if there's an increased risk of web-based threats or attacks. **Popup Blocker:** This checks if the user’s browser is configured to block popup windows. Popups are often used in phishing attacks to deliver malicious content, so knowing whether popup blockers are active can be indicative of the user's level of vulnerability. **Geo Location:** By determining the geographic location of the user, the organization can assess if there are access patterns from unusual locations that could indicate compromised credentials or other security issues. **Social Network:** This feature checks for active connections to social networks from the user’s browser. Given that social networks can be platforms for phishing and malware distribution, awareness of such activity can be crucial for understanding the social media risk landscape. **Proxy:** Identifying whether the user is connected to the internet via a proxy can be important for security. Proxy usage can obscure the true IP address, which could either be a legitimate privacy measure or a method to hide malicious activity. ### [](https://wiki.lucysecurity.com/guides/attack-simulations/advanced-information-gathering#setting-up-advanced-information-gathering-in-lucy) **Setting Up Advanced Information Gathering in LUCY** Advanced Information Gathering runs in the background of a phishing campaign's landing page. It is operational only in scenarios where a user-accessible landing page is active. For detailed setup instructions, please consult our platform reference article on [Advanced Information Gathering](https://wiki.lucysecurity.com/application-reference/campaigns/campaign-settings/main-settings/attack-simulation#advanced-information-gathering) . ### [](https://wiki.lucysecurity.com/guides/attack-simulations/advanced-information-gathering#advance-information-gathering-statistics) Advance Information Gathering Statistics After completing the attack, the Advanced Information Gathering (AIG) statistics will be accessible in multiple locations. Initially, an administrator can quickly view these by navigating to the [Recipient Statistics](https://wiki.lucysecurity.com/application-reference/campaigns/campaign-settings/results/statistics#recipients) within the campaign, where the report can be directly evaluated in the user interface. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FOYOyF5IxzvFE2vniLYlV%252Fimage.png%3Falt%3Dmedia%26token%3Ded7e4c8f-4f6c-48bb-a650-5838ad6a4446&width=768&dpr=4&quality=100&sign=5de2c814&sv=2) Once the recipient's profile is selected, scroll down to view the Advance Information Gathering tab: ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FM7wk04Bm82o7nF94VzUf%252Fimage.png%3Falt%3Dmedia%26token%3D9a9af9ee-d83f-4833-bfa1-63280f7fb78c&width=768&dpr=4&quality=100&sign=fd99f641&sv=2) Exporting the campaign results to a CSV or XML file will provide detailed information, including the operating system (OS), IP address, browser type, plugins, Proxy-IP and Geo-Location of the user in the report: ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FkI7M61kAoUr3A6mXWUVO%252Fimage.png%3Falt%3Dmedia%26token%3De47c94fa-446c-4f89-8a26-84ee47a16940&width=768&dpr=4&quality=100&sign=c5aa86dd&sv=2) Refer to our platform reference article on [Campaign Exports](https://wiki.lucysecurity.com/application-reference/campaigns/campaign-settings/results/exports) [PreviousEmail Tracking Technologies](https://wiki.lucysecurity.com/guides/attack-simulations/email-tracking-technologies) [NextRegular Expressions in Login Fields](https://wiki.lucysecurity.com/guides/attack-simulations/regular-expressions-in-login-fields) Last updated 1 year ago Was this helpful? * [Introduction](https://wiki.lucysecurity.com/guides/attack-simulations/advanced-information-gathering#introduction) * [Advanced Information Gathering Framework](https://wiki.lucysecurity.com/guides/attack-simulations/advanced-information-gathering#advanced-information-gathering-framework) * [Purpose of Advanced Information Gathering](https://wiki.lucysecurity.com/guides/attack-simulations/advanced-information-gathering#purpose-of-advanced-information-gathering) * [What Information is Gathered?](https://wiki.lucysecurity.com/guides/attack-simulations/advanced-information-gathering#what-information-is-gathered) * [Setting Up Advanced Information Gathering in LUCY](https://wiki.lucysecurity.com/guides/attack-simulations/advanced-information-gathering#setting-up-advanced-information-gathering-in-lucy) * [Advance Information Gathering Statistics](https://wiki.lucysecurity.com/guides/attack-simulations/advanced-information-gathering#advance-information-gathering-statistics) Was this helpful? --- # Email Spoofing Test | Lucy Awareness [](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/email-spoofing-test#overview) Overview ------------------------------------------------------------------------------------------------------------------- Email spoofing is the forgery of an email header, making it appear as though the message originated from someone or somewhere other than its actual source. This tactic is commonly used in phishing and spam campaigns, as individuals are more likely to open emails they believe have been sent by a legitimate source. The goal of email spoofing is to entice recipients to open the email and potentially respond to the solicitation. [](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/email-spoofing-test#checklist) Checklist --------------------------------------------------------------------------------------------------------------------- * [Register the domain](https://wiki.lucysecurity.com/application-reference/settings/common-system-settings/domains#register-a-domain-via-the-domain-registration-wizard) * Create a recipient on the domain * [Create a mail spoofing campaign in the wizard](https://wiki.lucysecurity.com/application-reference/campaigns/wizard-mode) [](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/email-spoofing-test#run-the-test) Run the Test --------------------------------------------------------------------------------------------------------------------------- To run the mail spoofing test simply enter the domain and recipient in the wizard and click **Start Test**. [PreviousMail & Web Filter Test](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/mail-and-web-filter-test) [NextAttack Template Customization](https://wiki.lucysecurity.com/guides/attack-simulations/attack-template-customization) Last updated 1 year ago Was this helpful? * [Overview](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/email-spoofing-test#overview) * [Checklist](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/email-spoofing-test#checklist) * [Run the Test](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/email-spoofing-test#run-the-test) Was this helpful? --- # Deploying Office 365 | Lucy Awareness ### [](https://wiki.lucysecurity.com/guides/reporting-plugin/deploying-office-365#introduction) Introduction The Office 365 plugin is dynamic - the plugin reads the settings from your Lucy server, so if you update those settings you do not need to re-deploy the plugin. * * * ### [](https://wiki.lucysecurity.com/guides/reporting-plugin/deploying-office-365#azure-entra-id-settings) Azure (Entra ID) settings 1. Login to your [Azure portal](https://portal.azure.com/) and navigate to Microsoft Entra ID (formerly Azure AD). 2. Navigate to **App Registrations** and create a **New Registration**. 3. Give the application a name. 4. For the organization type select **Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant)**. 5. Define a **Web** redirect URI like so: `https://./oauth` 6. Click **Register**. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FeTcwJqzJ5R6C77s7CQGX%252Fimage.png%3Falt%3Dmedia%26token%3Dcc386723-9aa8-4bd0-a0ef-80d57a641660&width=768&dpr=4&quality=100&sign=6a6c5ed9&sv=2) * In the application overview, click the **Redirect URIs** option then select **Add a platform**. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FCfVzDabsfjpPNmNJAr6t%252Fimage.png%3Falt%3Dmedia%26token%3Dbde37e6e-ba57-4d8a-b390-cb1043d522f3&width=768&dpr=4&quality=100&sign=4965a081&sv=2) * Select the **Single-page Application** option and add the following two redirects: 1. `https://./login/login.html` 2. `https://./new-o365/dist/index.html` * Navigate to **Certificates & secrets** and create a **new client secret**. Give the secret a name and expiration date, then click **Add**. * Copy the **Secret Value**. Then navigate to the **Overview** and copy the **Application (client) ID** and **Directory (tenant) ID** as well. You will need all three values for the next steps. Be sure to copy the secret value, once you navigate away from the page you will not be able to see or copy it again. ### [](https://wiki.lucysecurity.com/guides/reporting-plugin/deploying-office-365#deploying-the-plugin) Deploying the plugin For an individual For an organization 1. [Configure and download the plugin.](https://wiki.lucysecurity.com/guides/reporting-plugin) 2. Sign in to your Office 365 account: [https://outlook.live.com/owa/](https://outlook.live.com/owa/) 3. Select an email from your inbox and click the "Apps" button. Then, select "Get add-ins": ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FcYdWOSszRVc7znpeoCio%252Fimage.png%3Falt%3Dmedia%26token%3Defd48126-4dfd-4393-94f0-a6118762ef34&width=768&dpr=4&quality=100&sign=34c053f3&sv=2) 4. Select **My add-ins** and scroll to "Custom Add-ins", then click "Add a custom add-in" and "Add from file..." ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FLKP316sijAR3bsCLMUJ5%252Fimage.png%3Falt%3Dmedia%26token%3Dd57c4edc-93e2-4ea1-87b5-148e60ac6cc8&width=768&dpr=4&quality=100&sign=a8eda07f&sv=2) 5. Upload the XML file from Step 1 and refresh the page. Now when you click the "Apps" button the Lucy plugin should be present: ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FsL9WIvqQUGKwqPUgKAk6%252Fimage.png%3Falt%3Dmedia%26token%3D255595a7-c1dc-4297-9830-c89309016b00&width=768&dpr=4&quality=100&sign=2de30837&sv=2) 1. The first time you use the plugin you must authorize it: ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252Feh5Mf5LI1YIcGS3rJZEf%252Fimage.png%3Falt%3Dmedia%26token%3D79e0396c-01c3-45a2-9d8b-5e348cd1395b&width=768&dpr=4&quality=100&sign=fea29ff3&sv=2) This type of deployment requires administrator privileges in your O365 environment. 1. [Configure and download the plugin.](https://wiki.lucysecurity.com/guides/reporting-plugin) 2. Go to your [Office 365 admin center](https://go.microsoft.com/fwlink/p/?linkid=2024339) . 3. Navigate to **Settings > Integrated Apps**. 4. Select "Upload custom apps" to open the wizard. 5. Choose "Office Add-in" for the **App type** and then "Upload manifest file (.xml) from device". Select the XML file you downloaded from Step 1, then click **Next**. 6. Under **Assign users** select "Entire Organization", then click **Next**. 7. Accept the required permissions for the plugin and click **Next**, then click **Finish Deployment**. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FjN9hlvj3ZI4HO9paLMxA%252Fimage.png%3Falt%3Dmedia%26token%3D951ad752-5eae-444a-a173-47fb35e463e4&width=768&dpr=4&quality=100&sign=d1550403&sv=2) 8. Once the plugin finishes deployment click **Done.** ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FkCvfg0htbvkOySWdURzx%252Fimage.png%3Falt%3Dmedia%26token%3Df1b71aff-7d3c-43a7-b93e-b76fccf39b33&width=768&dpr=4&quality=100&sign=9683248b&sv=2) * * * ### [](https://wiki.lucysecurity.com/guides/reporting-plugin/deploying-office-365#mac-and-mobile-compatibility) Mac and mobile compatibility The organization-wide deployment is compatible with Mac and mobile devices. Mobile devices that are part of the organization should require no additional setup. For Apple computers, the user must be logged in through Microsoft's [Office for Mac](https://www.microsoft.com/en-us/microsoft-365/mac/microsoft-365-for-mac) product. [PreviousReporting Plugin](https://wiki.lucysecurity.com/guides/reporting-plugin) [NextDeploying Outlook Native (Deprecated)](https://wiki.lucysecurity.com/guides/reporting-plugin/deploying-outlook-native-deprecated) Last updated 9 months ago Was this helpful? * [Introduction](https://wiki.lucysecurity.com/guides/reporting-plugin/deploying-office-365#introduction) * [Azure (Entra ID) settings](https://wiki.lucysecurity.com/guides/reporting-plugin/deploying-office-365#azure-entra-id-settings) * [Deploying the plugin](https://wiki.lucysecurity.com/guides/reporting-plugin/deploying-office-365#deploying-the-plugin) * [Mac and mobile compatibility](https://wiki.lucysecurity.com/guides/reporting-plugin/deploying-office-365#mac-and-mobile-compatibility) Was this helpful? --- # Data Entry Attack | Lucy Awareness [](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/data-entry-attack#understanding-the-attack) Understanding the Attack ------------------------------------------------------------------------------------------------------------------------------------------------- A data entry attack is a targeted effort where attackers deceive victims into entering their login credentials on a fake website. These attacks often leverage email spoofing, creating a sense of urgency or trust to compel the victim to act quickly. ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FYi1MEcD6V331dreWAObz%252Fvmware_orfVEQ4vCE.gif%3Falt%3Dmedia%26token%3Dbd5669ec-428b-4d64-a9f2-8dfd8e5963f8&width=768&dpr=4&quality=100&sign=44820fe9&sv=2) This is an example of a Data Entry Attack, once clicked the user is directed to a fake landing page * * * [](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/data-entry-attack#checklist) Checklist ------------------------------------------------------------------------------------------------------------------- * [Register an Attack Domain](https://wiki.lucysecurity.com/application-reference/settings/common-system-settings/domains#register-a-domain-via-the-domain-registration-wizard) * [Add a Data Entry Attack to your Campaign](https://wiki.lucysecurity.com/application-reference/campaigns/campaign-settings/main-settings/attack-simulation#add-an-attack-template-to-your-campaign) * [Ensure "Data Submit" is set as your Success Action](https://wiki.lucysecurity.com/application-reference/campaigns/campaign-settings/main-settings/attack-simulation#success-action) * [Ensure the sending Domain is whitelisted](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server) * * * [](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/data-entry-attack#real-world-examples) Real-world Examples --------------------------------------------------------------------------------------------------------------------------------------- * A corporate employee receives an email that appears to be from the IT department, instructing them to update their password on a fake company portal. * A user gets a notification from a popular social media platform about unusual activity and is redirected to a fake social media site to log in. * A recipient is notified that they are running late for a Teams or Zoom meeting and receives an email with a link to join the meeting. In their haste, they click the link and are prompted to log in on a fake Teams or Zoom login page, unknowingly entering their credentials. Ready to set up your Data Entry Attack? See our platform reference article on [Adding an Attack to your campaign.](https://wiki.lucysecurity.com/application-reference/campaigns/campaign-settings/main-settings/attack-simulation) * * * [](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/data-entry-attack#user-detection-methods) User Detection Methods --------------------------------------------------------------------------------------------------------------------------------------------- To help employees recognize and respond to Data Entry phishing attempts effectively, the following user detection methods can be incorporated into training programs: **Email Analysis** * **Check Sender Details:** Verify the sender's email address and domain to ensure they match the legitimate source. * **Look for Red Flags:** Be wary of emails with poor grammar, spelling errors, or unusual formatting. **URL Inspection** * **Hover Over Links:** Before clicking, hover over links to view the actual URL and ensure it points to a legitimate site. * **Check for HTTPS:** Ensure the website URL starts with "https://" and look for a padlock symbol, indicating a secure connection. **Content Verification** * **Suspicious Attachments:** Avoid opening unexpected attachments or downloading files from unknown sources. * **Urgency and Threats:** Be cautious of emails that create a sense of urgency, pressure to act quickly, or threaten negative consequences. **Login Page Checks** * **Website Appearance:** Verify that the login page looks exactly as expected. Fake sites often have slight visual discrepancies. * **Double-Check URLs:** Manually type the known URL of the website into your browser instead of clicking on links in emails. **Communication Verification** * **Cross-Check Requests:** If an email asks for sensitive information, verify the request through a separate communication channel, such as a phone call to the supposed sender. **Incident Reporting** * **Report Suspicious Emails:** Immediately report any suspicious emails to the IT or security department for further analysis. * **Use Reporting Tools:** Deploy the [Lucy Phish Button](https://wiki.lucysecurity.com/application-reference/settings/submitted-email-settings) for all users to use as a reporting tool. * * * [PreviousAttack Types](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types) [NextHyperlink Attack](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/hyperlink-attack) Last updated 1 year ago Was this helpful? * [Understanding the Attack](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/data-entry-attack#understanding-the-attack) * [Checklist](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/data-entry-attack#checklist) * [Real-world Examples](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/data-entry-attack#real-world-examples) * [User Detection Methods](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/data-entry-attack#user-detection-methods) Was this helpful? --- # QR Codes | Lucy Awareness [](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/qr-codes#understanding-the-attack) Understanding the Attack ---------------------------------------------------------------------------------------------------------------------------------------- A QR-code phishing attack involves embedding a malicious URL within a QR code. When victims scan the QR code, they are directed to a fake website designed to steal sensitive information, such as login credentials or personal data. [](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/qr-codes#checklist) Checklist ---------------------------------------------------------------------------------------------------------- * [Register an Attack Domain](https://wiki.lucysecurity.com/application-reference/settings/common-system-settings/domains#register-a-domain-via-the-domain-registration-wizard) * [Add a QR-code template to your campaign](https://wiki.lucysecurity.com/application-reference/campaigns/campaign-settings/main-settings/attack-simulation#add-an-attack-template-to-your-campaign) * [Set the success action](https://wiki.lucysecurity.com/guides/quick-guides/create-your-first-campaign/campaign-setup/attack-settings) * If the QR code links to a data-entry page, select **Data Submit**. * If the QR code redirects to an awareness training or other page, select **Click**. * [Ensure the sending Domain is whitelisted](https://wiki.lucysecurity.com/guides/whitelisting-a-lucy-server) [](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/qr-codes#real-world-examples) Real-world Examples ------------------------------------------------------------------------------------------------------------------------------ * At a conference, attackers place fake QR codes near registration, leading attendees to a phishing site to steal login credentials. Victims think they're logging into the event portal. * Attackers replace parking meter QR codes with fake ones, tricking users into entering credit card details on a fraudulent payment page. The stolen data is used for financial theft. * Diners scan fake QR codes on restaurant tables, leading to phishing sites that steal personal information. They believe they’re accessing the digital menu. [](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/qr-codes#user-detection-methods) User Detection Methods ------------------------------------------------------------------------------------------------------------------------------------ **Avoid Scanning from Unverified Sources**: Be cautious about scanning codes from posters, emails, social media, or ads that seem suspicious, especially in public places or unexpected messages. **Look for Tampering**: Malicious actors sometimes overlay a fraudulent QR code on top of a legitimate one (on posters, signs, or printed materials). If a QR code looks like it’s been altered or pasted over something else, avoid scanning it. **Check the Link Before Opening**: Many QR scanning apps and smartphones offer a feature that displays the URL before visiting the site. Review the link carefully for suspicious or misspelled URLs. **Avoid Shortened URLs**: Phishers often use URL shorteners to disguise malicious links. If the previewed link is a shortened URL (e.g., bit.ly), proceed with caution, or use a service to expand the link and check where it leads. [PreviousLures](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/lures) [NextRansomware Emulation](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/ransomware-emulation) Last updated 1 year ago Was this helpful? * [Understanding the Attack](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/qr-codes#understanding-the-attack) * [Checklist](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/qr-codes#checklist) * [Real-world Examples](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/qr-codes#real-world-examples) * [User Detection Methods](https://wiki.lucysecurity.com/guides/attack-simulations/attack-types/qr-codes#user-detection-methods) Was this helpful? --- # Redirecting Users | Lucy Awareness [](https://wiki.lucysecurity.com/guides/attack-simulations/redirecting-users#redirecting-with-a-hyperlink-template) Redirecting with a hyperlink template -------------------------------------------------------------------------------------------------------------------------------------------------------------- If you are using a hyperlink template you can configure the redirect behavior directly in the **Scenario Settings**. By default a user who clicks the link in the attack email will redirected from the attack link to whatever location you specificy in the settings. ### [](https://wiki.lucysecurity.com/guides/attack-simulations/redirecting-users#redirect-url) Redirect URL To specify the user’s destination after clicking the link, just fill out the **Redirect URL** field in the scenario settings. You can specify any valid URL in this field. To guide users directly to the corresponding awareness scenario within the campaign, simply enter the `%awareness%` variable in the redirect URL field. ### [](https://wiki.lucysecurity.com/guides/attack-simulations/redirecting-users#redirect-message) Redirect Message Optionally insert a text message that will be displayed to the user while they are being redirected. ### [](https://wiki.lucysecurity.com/guides/attack-simulations/redirecting-users#redirect-delay) Redirect Delay Time between the page loading and the redirect, measured in milliseconds. For example, a setting of 5000 = 5 seconds ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FVIyjHmcz3HONqxaK5Xmk%252Fimage.png%3Falt%3Dmedia%26token%3D4a0c04d2-2d9f-4530-966c-0cc43270a5c2&width=768&dpr=4&quality=100&sign=8282cd96&sv=2) [](https://wiki.lucysecurity.com/guides/attack-simulations/redirecting-users#redirecting-from-a-web-based-template) Redirecting from a web-based template -------------------------------------------------------------------------------------------------------------------------------------------------------------- You can redirect users from web-based templates by adding a simple redirect script to the `account.html` page. Like normal, set the form action on the landing page to `?login`: Then on the `account.html` page insert the redirect script using the **Insert Redirect** button in the WYSIWYG editor: ![](https://wiki.lucysecurity.com/~gitbook/image?url=https%3A%2F%2F3536856424-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FVYPsDfg76rUuy4DWfSsJ%252Fuploads%252FO8aiCHQoFhRUCK6fupO1%252Fimage.png%3Falt%3Dmedia%26token%3D62a495be-c4c5-4d8d-9d90-4717b78800ce&width=768&dpr=4&quality=100&sign=c4d2d95d&sv=2) This inserts a small JavaScript snippet to the page. To remove the redirect behavior simply delete this line from the code. Like with the hyperlink redirect, the time value is counted in milliseconds. Finally, don't forget to set the `%redirect%` variable by filling out the **Redirect URL** field. You can use any valid URL or the `%awareness%` variable. ### [](https://wiki.lucysecurity.com/guides/attack-simulations/redirecting-users#redirecting-before-the-user-submits-the-form) Redirecting before the user submits the form To trigger the redirect before the user submits the form, you can add JavaScript like so: In order for the above code to work you must include [jQuery](https://jquery.com/) in the template. See [this page](https://wiki.lucysecurity.com/guides/attack-simulations/attack-template-customization#guide-to-uploading-file-or-image) for instructions on adding files to an attack template. If you prefer not to use jQuery here is a native version of the same script: [PreviousCopy a Website](https://wiki.lucysecurity.com/guides/attack-simulations/copy-a-website) [NextAwareness Training](https://wiki.lucysecurity.com/guides/awareness-training) Last updated 1 year ago Was this helpful? * [Redirecting with a hyperlink template](https://wiki.lucysecurity.com/guides/attack-simulations/redirecting-users#redirecting-with-a-hyperlink-template) * [Redirect URL](https://wiki.lucysecurity.com/guides/attack-simulations/redirecting-users#redirect-url) * [Redirect Message](https://wiki.lucysecurity.com/guides/attack-simulations/redirecting-users#redirect-message) * [Redirect Delay](https://wiki.lucysecurity.com/guides/attack-simulations/redirecting-users#redirect-delay) * [Redirecting from a web-based template](https://wiki.lucysecurity.com/guides/attack-simulations/redirecting-users#redirecting-from-a-web-based-template) * [Redirecting before the user submits the form](https://wiki.lucysecurity.com/guides/attack-simulations/redirecting-users#redirecting-before-the-user-submits-the-form) Was this helpful? Copy