Awareness Settings

The Awareness Settings tab lets you attach a default or pre-configured awareness template to your campaign.


Add an Awareness Template to your campaign

Select "New Awareness"

This displays the Awareness Template Gallery.

Use filters to find the correct awareness template. For guidance on navigating the Awareness Template Gallery, see our related article.

Search for your desired Awareness Template, select "Use Template," and specify the default language.

You can dynamically preview templates. For further instructions, see our reference article.


Awareness Template Base Settings

The base settings of the awareness template provide an opportunity to define key parameters regarding the template's behavior.

By default, the original template name will be populated, but you can change this name to apply only to the specific campaign associated with the awareness template.

Click "Save" to commit your changes.


Website

The Website tab enables administrators to define all parameters related to the landing page of the awareness training content. This includes customization options such as layout, design elements, and interactive features.

Define the base domain to which the user will be redirected to access their awareness training content. You can also specify a subdomain, which is the portion of the URL before the base domain, such as training.lucysecurity.help

Hint: Ensure that this domain is related to your company to create a sense of familiarity for the user. This is particularly important as users might be reluctant to click on links after being successfully phished.

Each edit is confined to the selected language. If the default template does not include your target language, you can add and manually translate all text into the desired language. Remember to click 'Save' to commit the changes for each language.


SSL Settings

Lucy features SSL automation that connects to GoDaddy via API to generate wildcard SSL certificates with 90-day validity in just seconds.

What is SSL?

SSL (Secure Sockets Layer) is like a protective shield. It ensures that when your targets interact with the awareness page, their data remains secure and can't be intercepted by prying eyes. It's the trusty guard that makes sure your training stays securely encrypted over the internet. Without an SSL certificate, your recipients will encounter a big red warning page, signaling that the site they're trying to access isn't secure. This could seriously affect the authenticity of your training if it's not properly set up. So, think of SSL as your trusty sidekick, keeping things legitimate, secure and encrypted.

Select the checkbox to include an "SSL Certificate"

Choose this option if you have already generated an SSL certificate on your Lucy server. This option allows you to reuse the existing certificate.

Be advised that the validity period of the existing certificates will not be extended.


Certificate

The certificate tab pertains to the recipient's completion training diploma certificate, issued when the user successfully achieves a score above the pre-configured pass threshold on the quiz.

Ensure "Create Awareness Training Diploma" is enabled on the template Base Settings.

Choose one of the ready-made Training Diplomas.

Provide a suitable title to be displayed as the subject in the email when users receive their Training Diploma attachment.

Use the "Message" section to make modifications to the content of your Training Diploma Certificate.

Certificate Variable Placeholders

In the certificate template, you can use the following variables:

  • %name% — name of the certificate recipient.

  • %awareness% — name of the awareness training.

  • %gender("MALE ADDRESSING", "FEMALE ADDRESSING", "NO GENDER")% — recipient's gender.

  • %score% — recipient's score.

  • %date% — date of the certificate.

  • %time% — time of the certificate issuance.

Please note that these variables are not available in CSS and JavaScript files.


Message

The email (Message) template is triggered if the "Send link to Awareness website automatically via Email" setting is enabled in your attack scenario.

This is your opportunity to customize the default email template to match your organization's branding, font, and voice.

Setting Up the Email

Choose the language from the "Language" dropdown, e.g., English.

Email Details

  • Fill in the "Subject" field, e.g., "Advanced course on security in the cloud".

  • Enter "Sender Name", e.g., "IT Security".

  • Provide "Sender Email", e.g., "[email protected]".

It's advisable to use a sender domain related to your company to create a sense of familiarity, especially since the user was just successfully phished.

Content Editor

Choose "Editor Type" from the dropdown to select your preferred email editor.

The Visual Editor is a WYSIWYG interface, offering an easy way for users to create content as it will appear in its final form. With a straightforward toolbar, users can format text and add multimedia without coding knowledge.

Composing the Email

Use the "Content" section for email composition.

Format text with the toolbar options (bold, italic, underline, etc.).

Insert dynamic variables into the content.

Dynamic Variables Explained

When creating email templates, you can personalize the content by using various placeholders that will be automatically replaced with specific user data when the email is sent. Below is an explanation of each variable available for use in the templates:

  • %link%: This variable represents the base URL of your site. Use it to construct absolute URLs for navigation within your emails.

  • %user-password-reset%: This placeholder is replaced with the unique URL for a password reset action.

  • %user-profile-link%: Inserts a direct link to the user's profile page in the End User Portal.

  • %user-login-url%: Provides a link to the End User Portal that utilizes SSO (OAuth 2.0) for login.

  • %name%: The full name of the email recipient.

  • %firstname%: The recipient's first name.

  • %lastname%: The recipient's last name.

  • %email%: The recipient's email address.

  • %client%: The name of the client associated with the recipient.

  • %gender("MALE ADDRESSING", "FEMALE ADDRESSING", "NO GENDER")%: This is a conditional variable that changes the greeting or addressing based on the recipient's gender.

  • %subject%: The subject line of the phishing email.

  • %sender%: The name of the sender of the phishing email.

  • %sender-email%: The email address from which the phishing email is sent.

  • %started%: The date when the related phishing campaign was started.

  • %stopped%: The date when the related phishing campaign was stopped.

  • %time(FORMAT, OFFSET, ZONE)%: A dynamic time variable where:

    • FORMAT refers to the format in which the date/time should be displayed.

    • OFFSET is the time offset from the mail send time, which can be positive or negative.

    • ZONE is the time zone to be applied.

    • Example: %time("l, H:i", "0", "Europe/Zurich")% would display the time of the email submission in the Europe/Zurich time zone.

    • Example: %time("Y/m/d H:i:s", "60")% would show a timestamp one hour ahead of the email submission time.

Note that these variables are intended for use in the HTML body of the email and are not applicable within CSS and Javascript files. They serve to customize the email content for each recipient and should be used accordingly to ensure a personalized user experience.

assetsClick "Upload File or Image" to add company branding or assets.

Add your own attachments. Keep in mind that most common email clients filter certain types of attachments, like executables, to prevent malware risks.


Mail Settings

Administrators have two choices for setting up mail delivery: globally or at the campaign level. Global settings affect all campaigns but can be overridden by campaign-specific settings, which only apply to the selected campaign. This flexibility allows for customized mail delivery preferences on a per-campaign basis:

Navigate to -> Settings -> Common System Settings -> Mail Settings Here you can choose your default method for sending emails. This setting will apply to all campaigns.


Awareness Groups

This feature is designed to automate the provisioning of multiple awareness templates based on three pre-defined goals.

  1. Group recipients into Awareness Groups and serve them training content related to their day-to-day activities

  2. Automate the sending of awareness content based on the recipient's risk level

  3. Use the Scheduler to create specific rules for different scenarios to manage selected Awareness Groups.

Last updated

Was this helpful?