Attack Settings
The Attack Settings tab lets you attach a default or pre-configured attack template to your campaign.
Add an Attack Template to your campaign
Select "New Scenario"

This displays the Attack Template Gallery.

Search for your desired Attack Template, select "Use Template," and specify the default language.

Attack Template Base Settings
The base settings of the attack template provide an opportunity to define key parameters regarding the template's behavior.

Template
By default, the original template name will be populated as a direct link to the template location on your server.
Name Provide a suitable name for your attack scenario in the context of this campaign.
Click "Save" to commit your changes.
Mail Settings
Administrators have two choices for setting up mail delivery: globally or at the campaign level. Global settings affect all campaigns but can be overridden by campaign-specific settings, which only apply to the selected campaign. This flexibility allows for customized mail delivery preferences on a per-campaign basis:
Navigate to -> Settings -> Common System Settings -> Mail Settings Here you can choose your default method for sending emails. This setting will apply to all campaigns.
SSL Settings
Lucy features SSL automation that connects to GoDaddy via API to generate wildcard SSL certificates with 90-day validity in just seconds.
Select the checkbox to include an "SSL Certificate"

Choose this option if you have already generated an SSL certificate on your Lucy server. This option allows you to reuse the existing certificate.
See our platform reference article "SSL Settings" for more information.
Bound Awareness Scenarios
Lucy enhances the effectiveness of educational campaigns by allowing for a targeted approach, focusing on individual user performance across different simulated attack scenarios. This personalized method not only makes the training more relevant but also more engaging for users.
Scenario-Based Training Customization:
Specific Attack Recognition: Consider a campaign that includes various types of phishing attacks such as data entry, hyperlink, and file download attacks. Lucy allows you to monitor how each user responds to these different scenarios.
Customized Learning Experiences: If a user fails in one scenario but performs well in others, Lucy enables you to tailor the training specifically to their needs. For example, a user who mistakenly downloads malware thinking it is a legitimate document does not necessarily need a broad phishing course. Instead, they can benefit from a focused session on identifying and avoiding file-based threats.
Efficient and Effective Training: By providing training specific to the user's vulnerabilities, Lucy ensures that the learning is both efficient and directly applicable. This targeted education approach helps in reinforcing the correct practices without overloading the user with unnecessary information.
Configuration
Bound Awareness Scenarios can only be configured directly on the Awareness Scenario. In your current campaign, navigate to Configuration -> Awareness Settings -> Select your Awareness Scenario, then navigate to the tab "Bound Attack Scenarios":

Here, you can specifically link each awareness scenario with the corresponding attack simulation that aligns with the training material.
This capability allows you to provide targeted and efficient awareness training that addresses users' specific needs based on their performance in different attack scenarios.
Landing Page Template
The "Landing Page Template" tab in Lucy is a powerful tool for creating and managing phishing simulation landing pages.
Configuring Your Landing Page

Restore the template to its default settings before editing.
Language Selection: Choose the language for your landing page from the dropdown menu to ensure it matches the target audience's language.

Languages are not automatically translated; all adaptations must be applied to each selected language.
Editor Type: Select the type of editor you prefer to use. The default setting is the "Visual Editor", which provides a user-friendly interface for designing web pages.

Editing Content

Lucy's Attack templates will always include two files, index.html and account.html.
Index.html
Purpose: Serves as the initial landing page for the simulated attack. When users click a link in the attack email, they are directed to this page.
Function: Mainly used for credential harvesting, this page typically prompts users to enter login details or other personal information.
Account.html
Post-Attack Redirection: After data is submitted on index.html, users are redirected to account.html.
Function: This page facilitates the conclusion of the attack. It may:
Automatically redirect users to the associated awareness training in the campaign.
Display a fake notification, such as "Your VPN was successfully authenticated."
Show a blank page that redirects immediately to awareness training with no delay, following the data exploitation on index.html.
The first page the user accesses should be named index.html
.

Content Editing:
Use the editor toolbar to add or modify text, insert images, and adjust formatting.

Incorporate dynamic elements:
Login forms

Downloadable content

"Trojan Download: is only available for file-based and mixed attacks.
Editing Account.html
account.html
can be seen as the conclusion to a successful attack initiated through index.html
. This page can serve various purposes; by default, it acts as a confirmation of the attack with messages like "Error Occurred attempting to set the password."

Leaving the user on this page without further action could prompt them to contact the IT team, potentially creating an unnecessary bottleneck. To avoid this, Lucy allows you to insert a redirect and specify the delay in milliseconds before the redirect takes effect.

The redirect places a script in the source code with a default redirect time of 5000 milliseconds.

You can change the redirect time by adjusting the millisecond value to eg. 2sec -> 2000

Finally, you need to specify the destination for the redirect. For instance, you might want to direct the user to your internal Learning Management System (LMS); in this case, you can add a fully qualified domain name.

Alternatively, you can use the 'awareness' placeholder variable to redirect the user to the associated awareness training in the campaign.

Editing a template within a campaign should be campaign-specific, indicating that the modifications are exclusive to that campaign and not intended for reuse in future campaigns.
Preview and Adjustments
Preview: Utilize the "Preview" button to view how the landing page looks in real-time, allowing for adjustments before deployment.

Finalizing the Landing Page
Save Changes: Always remember to save your changes to ensure all modifications are updated and stored correctly.
Restore Defaults: If needed, you can restore the settings to their default state at any stage.
Message Template
This is your opportunity to customize the default email template to match your organization's branding, font, and voice.
Setting Up the Email
Choose the language from the "Language" dropdown, e.g., English.
Languages are not automatically translated; all adaptations must be applied to each selected language.
Email Details
Fill in the "Subject" field, e.g., "Your password expired!".
Enter "Sender Name", e.g., "Discord Notifications".
Provide "Sender Email", e.g., "[email protected]".

Content Editor
Choose "Editor Type" from the dropdown to select your preferred email editor.
The Visual Editor is a WYSIWYG interface, offering an easy way for users to create content as it will appear in its final form. With a straightforward toolbar, users can format text and add multimedia without coding knowledge.
Composing the Email
Use the "Content" section for email composition.
Format text with the toolbar options (bold, italic, underline, etc.).

Insert dynamic variables into the content.

"Upload File or Image" to add company branding or assets.

Add your own attachments. Keep in mind that most common email clients filter certain types of attachments, like executables, to prevent malware risks.
Last updated
Was this helpful?