Lucy Awareness
Visit our WebsiteContact Support
  • Wiki Overview
  • Guides
    • Quick Guides
      • Create Your First Campaign
        • Adding a New Client
        • Register an Attack Domain
        • Campaign Setup
          • Selecting an Attack
          • Attack Settings
          • Awareness Settings
          • Recipients
          • Review
        • Whitelisting
    • Installing Lucy
      • On-Premise vs Cloud Installation
      • Architecture
      • Hardware Requirements
      • Network Communication
      • Installing Lucy
      • Post Installation
    • Manage Blacklisted Domains
      • Managing Google SafeBrowsing Alerts
    • Whitelisting a Lucy Server
      • Google Workspace Whitelisting
      • Microsoft O365 Whitelisting
      • File Attack Whitelisting
    • Attack Simulations
      • Attack Types
        • Data Entry Attack
        • Hyperlink Attack
        • File Attack
        • Portable Media
        • Smishing
        • Lures
        • QR Codes
        • Ransomware Emulation
        • Technical Malware Test
          • Malware Toolkit Test Suite
        • Mail & Web Filter Test
        • Email Spoofing Test
      • Attack Template Customization
      • Firewall Protection Interval
      • Email Tracking Technologies
      • Advanced Information Gathering
      • Regular Expressions in Login Fields
      • Copy a Website
      • Redirecting Users
    • Awareness Training
      • Awareness Template Customization
      • Awareness Only Campaigns
        • Using Multiple Awareness Trainings
      • Use extended method of tracking the end of the quiz
    • Reporting Plugin
      • Deploying Office 365
      • Deploying Outlook Native
      • Deploying Gmail
  • Application Screens Reference
    • Statistics Dashboard
    • Campaigns Dashboards
    • Campaigns
      • New Campaign
        • Wizard Mode
          • Selecting an Attack
          • Attack Settings
          • Awareness Settings
          • Recipients
          • Review
        • Expert Mode
      • Campaign Settings
        • Configuration
          • Base Settings
          • Awareness Settings
          • Attack Settings
          • Schedule
            • Schedule Plan
          • Recipients
        • Advanced Settings
          • User Settings
          • Filters
          • Custom Fields
          • Reminders
        • Campaign Checks
        • Logs
        • Results
          • Summary
          • Statistics
          • Reports
          • Exports
    • Templates
      • Attack Templates
      • Awareness Templates
      • File Templates
      • Report Templates
      • Campaign Templates
      • Training Diploma
      • Download templates
      • Variables in Lucy
    • Users
      • Recipient Groups
      • End Users
      • End User Portal Settings
      • Administrative Users
      • Reputation Levels
    • Settings
      • Common System Settings
        • Domains
          • Supported TLDs
        • Firewall
        • Web Proxy
        • Mail Settings
        • SMTP Servers
        • SSL Settings
          • SSL for Campaigns
        • SMS Settings
        • Filter Settings
        • API Whitelist
          • API Routes
        • LDAP Servers
          • LDAP Sync Tool
        • LDAP Settings
        • Azure Applications
        • Azure AD Settings
        • SSO Configuration
      • Advanced System Settings
        • Advanced Settings
        • SSH Password
      • Submitted Email Settings
        • Custom Rules & Score Factors
        • Abuse Reports
        • Incident Autoresponder
        • Plugin Settings
      • Clients
        • Client Invoices
        • Client Invoice Settings
      • Backup and Restore
        • Backup Settings
      • Benchmark Sectors
      • Whitelabeling
      • File Browser
    • Incidents
    • Support
      • Status
        • Status
        • System Monitoring
        • System Health Check
        • Notifications
      • System Tests
        • Test Email
        • Performance Test
        • Spam Test
        • Mail Spoofing Test
        • Mail and Web Filter Test
      • System Logs
      • Manual
      • Update
      • Reboot
      • Mail Manager
      • Terms & Conditions
    • Account Settings
      • Two Factor Authentication
      • License
      • Invoices
    • Notifications
  • Release Notes
    • 5.4
    • 5.3.5
    • 5.3.4
    • 5.3.3
    • 5.3.2
    • 5.3.1
    • 5.3
    • 5.2.1
    • 5.2
    • 5.1
    • 5.0
    • Version 4
      • 4.14
      • 4.13
      • 4.12.1
      • 4.11
      • 4.10.1
      • 4.9.5
      • 4.9.2
      • 4.9.1
  • Legal
    • EULA
    • Privacy Policy
    • DPA, Customer and Partner Info
    • Service Level Agreement
    • Confidentiality of Campaign Data
  • When to Contact Us
    • Contact Technical Support
Powered by GitBook
On this page
  • Introduction
  • Technical Details
  • Features

Was this helpful?

  1. Application Screens Reference
  2. Settings
  3. Submitted Email Settings

Plugin Settings

PreviousIncident AutoresponderNextClients

Last updated 1 month ago

Was this helpful?

Navigate to Settings > Submitted Email Settings > Plugin Settings

Introduction

LUCY includes a "Phish Alert" plugin for various mail clients and browsers, enabling users to safely report suspicious emails with one click. The reported emails are analyzed by LUCY’s Threat Analyzer, enhancing the organization’s security by involving employees in proactive threat reporting.

The plugin has two main purposes:

  1. Forwarding Suspicious Emails:

    • Users can forward emails to a predefined address (e.g., security team).

    • A appears to the user post-reporting.

  2. Reporting to LUCY:

    • Suspicious emails can be sent back to LUCY for .

    • LUCY-generated emails are processed in campaign statistics.


Technical Details

  • The plugin is an unsigned MSI file programmed as a C++/COM object and bundled with Microsoft Visual C++ 2015 Redistributable. Loading time is around 10ms.

  • The Office 365 version always uses the system's built-in web browser to send data to LUCY.

  • Both the XML (Office 365) and MSI (Outlook) versions can utilize system proxy settings (if present) without additional setup.

Supported clients

  • Office 365 (Desktop, Web, Mobile)

  • Outlook 2016, 2019

  • Outlook for Mac (2016, 2019)

  • Gmail


Features

Category
Setting
Description

UI

Default Language

Set the plugin's default language.

Email

This setting defines the email address where suspected phishing emails are forwarded. Multiple email addresses can be used, separated by a semicolon symbol (;).

Inline Message Forwarding

If enabled, the plugin will clear the body of the email before forwarding.

Deeper Analysis Request

If enabled, the plugin will ask the reporter if they'd like the security team to analyze the email.

Deeper Analysis Comment

If enabled, the plugin will add a comment field to the report UI.

Attachment Format

Reported message will be forwarded in .eml format (instead of .msg).

Disable Autoresponder

If enabled, LUCY will not send any automatic response to reporters.

HTTP

Send Reports Over HTTP

If enabled, the plugin will send incident reports to LUCY over HTTP(s).

Never report simulations

If enabled, the plugin will not forward simulation emails over HTTP(s).

Enable O365/MSI Plugin authentication

You can optionally enable user authentication in your reporting workflow. See here for more details.

SMTP

Send reports over SMTP

If enabled, the plugin will send incident reports via SMTP.

Use SMTP for receiving

Never report simulations

If enabled, the plugin will not forward simulation emails over SMTP.

Send simulations over HTTP

If enabled, the plugin will forward simulation emails over HTTP(s). Use this option if you want to ignore simulation emails in your incidents dashboard, but still want the report to be included in campaign stats.

Use X-Headers

If enabled, the plugin will add a header to the forwarded email: X-CI-Report: True It will also add this HTML to the body of the message: <p>X-CI-Report: True</p>

Actions

Delete reported email

Select this action and the plugin will delete the original message after reporting.

Move reported email to folder

Select this action and the plugin will move the original message to the configured location after reporting.

Move reported email to junk

Select this action and the plugin will move the original message to the user's junk folder after reporting.

Notify of expired incidents

Enable this to receive email notifications about reports more than 30 days old that have not been categorized.

Category
Setting
Description
Outlook/O365/Gmail

UI

Language

Choose the language preset to configure it specifically for the needed language.

Ribbon Label

The name of the area in the ribbon where the button appears.

Success Message

Success Message Body

The body of the message displayed after successfully reporting an email.

Success Message Title

The title of the message displayed after successfully reporting an email.

Success Message Button

The text displayed on the button after successfully reporting an email.

Success message body For <Software Name> Emails

The body of the message displayed after successfully reporting an email.

Report Button

Report Button Text

The text displayed on the report button.

Report Button Sub-Text

The sub-text displayed on the report button.

Report Title

The title of the message displayed after clicking the report button.

Errors

Error Title

The title of the message displayed when any error occurs.

Send Error Message

The message displayed when an issue with sending the report occurs.

Analysis Request

User Request Message

The message displayed after marking a suspected phishing email and clicking the report button.

Deeper Analysis Request Message

The message displayed after clicking the report button for deeper analysis.

Deeper Analysis Request Title

The title of the message displayed after clicking the report button for deeper analysis.

Subject

The subject of the forwarded email message when sending a report over SMTP.

For "Yes" Action

Set the action for "Yes" in the Deeper Analysis Request.

For "No" Action

Set the action for "No" in the Deeper Analysis Request.

Using "Send reports over SMTP" and "Use SMTP for receiving incident reports" will cause LUCY to intercept all emails to the reporter domain. In other words, recipients on the same domain as the reporter email will no longer receive any emails from LUCY.

//

//

//

//

//

//

//

//

//

//

//

//

//

//

//

//

//

custom message
analysis
✅
✅
✅
✅
❌
❌
✅
✅
❌
✅
✅
❌
✅
✅
❌
✅
✅
❌
✅
❌
❌
✅
❌
❌
✅
✅
❌
✅
✅
❌
✅
❌
❌
✅
✅
❌
✅
✅
❌
✅
✅
❌
✅
❌
✅
✅
✅
❌
✅
✅
❌