Attack Settings

Next up is to define the Campaign settings, Attack settings, and associate the relevant Awareness training. 3.1 Campaign settings: In this section, you can specify the campaign name, associated client, and additional automation options. These options include setting an end date for the campaign and automatically generating a report template containing all campaign metrics. The report will be sent to the email address of the administrative creator upon completion of the campaign.

3.2 Attack Settings:

Next, we will define the Attack parameters. Domain -> Select the attack domain you have registered in step 2 of the Quick Guides. This will be the primary domain to use for both the email address and the associated landing page.

SSL -> Lucy is built with another efficient integration over API to the Let's Encrypt Certificate authority, which will automatically create, validate, and bind an SSL certificate to your attack domain.

What is SSL?

SSL (Secure Sockets Layer) is like a protective shield. It ensures that when your targets interact with the phishing page, their data remains secure and can't be intercepted by prying eyes. It's the trusty guard that makes sure your simulation stays safe and realistic. Without an SSL certificate, your recipients will encounter a big red warning page, signaling that the site they're trying to access isn't secure. This could seriously affect the authenticity of your simulation if it's not properly set up. So, think of SSL as your trusty sidekick, keeping things legitimate and secure.

Sender Name, Email, and Subject -> Here you will define from whom the Attack is being sent, their respective email address, and the subject.

It's recommended to use a sender email address that matches your registered attack domain. This practice enhances email deliverability by leveraging existing DNS records, reducing the risk of emails being caught by spam filters.

3.3 Editing the Email Content: The Lucy email editor is a dynamic tool that allows you to customize the email content according to your desired language and structural preferences. In most templates, you'll find variable placeholders like %name%, which automatically insert each recipient's name for personalization, enhancing the attack's relevance in a spear-phishing context. For a full list of placeholder variables, please see our dedicated section here.

In simulated attacks, the goal is to encourage users to click a link in the email. This action allows for the collection of click success statistics.

If you intend to create a new link in your email body, simply highlight the word/phrase and select the link icon, then enter the placeholder %link% in the text box:

What is %link% ?

The %link% placeholder automatically generates a URL combining your registered attack domain with a unique tracking hash for each recipient, allowing for detailed tracking.

For example, with "open-ai.net" as the domain, the recipient sees a link like "https://open-ai.net/xvcskahjry", enabling precise monitoring of individual interactions.

PreviousSelecting an Attack NextAwareness Settings

Last updated 7 months ago

Was this helpful?