Differences

This shows you the differences between two versions of the page.

--- create_your_first_phishing_campaign [2019/02/04 15:36] – [STEP 3 - Choose Your Configuration Mode] lucy
+++ create_your_first_phishing_campaign [2019/03/01 15:40] – lucy
@@ Line 6: / Line 6: @@
   * Do you use the [[update_lucy|latest LUCY version and updated all templates]]? Did you make sure to reboot after the update?
   * Did you make sure that you have LUCY's IP or domain whitelisted at your receiving mail server?
-  * If you send the mails via LUCY: did you [[set_hostname_for_smtp_communication|set a hostname]] for LUCY's mailserver?
+  * If you send the mails via LUCY: did you [[set_hostname_for_smtp_communication|set a hostname]] for LUCY's mail server?
   * Did you already reserve a [[domain_configuration|domain]] that points to LUCY?
   * Are the [[network_communication_-_lucy_--_internet|necessary ports]] open from and to LUCY?
@@ Line 25: / Line 25: @@
 ===== STEP 2 - Select or Create a Client =====
-Create a client or choose the built in client (a client can be your own organization or the company who asked you to perform a phishing test). This is important because you can also create [[user_management|view only accounts]] which are associated with those clients.
+Create a client or choose the built-in client (a client can be your own organization or the company who asked you to perform a phishing test). This is important because you can also create [[user_management|view only accounts]] which are associated with those clients.
@@ Line 42: / Line 42: @@
 {{ setup_modesn.png?600 }}\\
-Sometimes a remote Firewall, Spam filter or Virus Filter might automatically scan all the URL's within a link. As a result you end up with false positives and LUCY will show all link clicked (success). To avoid such automatic link requests by some 3rd party application you can enable the antivirus/firewall protection and LUCY will ignore all GET requests for the first 30 or 60 seconds:
+Sometimes a remote Firewall, Spam filter or Virus Filter might automatically scan all the URL's within a link. As a result, you end up with false positives and LUCY will show all link clicked (success). To avoid such automatic link requests by some 3rd party application you can enable the antivirus/firewall protection and LUCY will ignore all GET requests for the first 30 or 60 seconds:
 {{ ignorefw1.png?600 }}
@@ Line 71: / Line 71: @@
 ===== STEP 6 - Configure the Base Settings of Your Campaign =====
-Once you have selected the scenario, you need to configure the **Base Settings** of the campaign. First give your campaign a name and then choose how your recipients will be able to access LUCY by defining the [[domain_configuration|Domain]]. Finding the appropriate domain name is a very important step for the success and it depends very much on your campaign scenario. If you plan to create a fake web mail login you might try to reserve a domain like "webmail-server365.com" and point it to LUCY.\\
+Once you have selected the scenario, you need to configure the **Base Settings** of the campaign. First, give your campaign a name and then choose how your recipients will be able to access LUCY by defining the [[domain_configuration|Domain]]. Finding the appropriate domain name is a very important step for the success and it depends very much on your campaign scenario. If you plan to create a fake web mail login you might try to reserve a domain like "webmail-server365.com" and point it to LUCY.\\
 {{ 24.jpg?direct&600 }}\\
@@ Line 77: / Line 77: @@
 **Note**: Each scenario has its own Base Settings.
-There a few **Optional Settings** that you can apply within the Base Settings. Lucy comes with certain Default Settings. You can change these setting as you like. The settings are:
+There a few **Optional Settings** that you can apply within the Base Settings. Lucy comes with certain Default Settings. You can change these settings as you like. The settings are:
   * **Setup Wizard**: You can always Unselect the Setup Wizard and continue with the Expert Mode.
   * **Use SSL**: If you decide to use SSL for the campaign (either generate a custom certificate or import a trusted certificate) you can do this via the [[ssl_configuration|SSL Wizard]].
   * **Anonymous Mode**: Use this mode to hide all "Victim" data (IP address, login details, etc.) from statistics and reports.
-  * **Success Action**: Defines what LUCY considers as an successful attack. There are [[success_actions|four options]].
+  * **Success Action**: Defines what LUCY considers as a successful attack. There are [[success_actions|four options]].
-  * **Track Opened Emails**: Inserts an invisible image into outgoing emails to track if users opened the message. Use this feature carefully as some email servers may put such emails into the Spam Folder. Also some email clients (like Outlook) block the automatic downloading of images in the Preview window.
+  * **Track Opened Emails**: Inserts an invisible image into outgoing emails to track if users opened the message. Use this feature carefully as some email servers may put such emails into the Spam Folder. Also, some email clients (like Outlook) block the automatic downloading of images in the Preview window.
-  * **Send Link to Awareness Website Automatically**: Send a link to the [[awareness_e-learning_settings|Awareness Website]] after user has been successfully attacked. Please note that the Awareness Website should be published for this feature to work.
+  * **Send Link to Awareness Website Automatically**: Send a link to the [[awareness_e-learning_settings|Awareness Website]] after a user has been successfully attacked. Please note that the Awareness Website should be published for this feature to work.
   * **Advanced Information Gathering** : Check this option to enable information gathering. This helps LUCY collect advanced information about your users. More background info can be found [[beef_integration|here]].
   * **Collect Data**: Choose "Full" if you want to record all entered logins and passwords, "Partial" to record only the first 3 letters (remaining letters will be masked with asterisks) or "No" to skip user data collection.
-  * **Double Barrel Attack**: When using Double Barrel Attack, the system first sends a "Lure" email containing some teaser text. After that the system waits for a while (you can configure that time in settings below) and sends an actual phishing email. The "Lure" delay defines, in seconds, the time frame between the Lure and the attack emails for a Double-Barrel Attack.
+  * **Double Barrel Attack**: When using Double Barrel Attack, the system first sends a "Lure" email containing some teaser text. After that, the system waits for a while (you can configure that time in settings below) and sends an actual phishing email. The "Lure" delay defines, in seconds, the time frame between the Lure and the attack emails for a Double-Barrel Attack.
   * **Login Regexp**: Another option is to define some login filters to only catch valid logins (you could define the Domain Name in the User Name field or say that the Password has to be at least 8 characters to be accepted from LUCY). Example: This filter here ^(?=.*\d)(?=.*[A-Za-z])[A-Za-z0-9].{8,}$ would only allow logins with minimum 1 alphabetic character, minimum 1 digit & minimum length 8.
   * **Redirect URL**: This is used for [[create_a_phishing_campaign_with_only_a_hyperlink_in_mail_no_landing_page|hyperlink based scenarios]] or within a landing page to redirect to an awareness page.
@@ Line 95: / Line 95: @@
 ===== STEP 7 - Edit your Landing Web Page within Your Campaign =====
-After saving the Base Settings, you can now [[Edit_Landing_Page|Edit the Landing Page]], [[Upload_Your_Web_Page|Upload Your Own Webpage]] or simply [[copy_web_page|copy any website on the internet]]. The Landing Page is the webpage that the users will see when they click on the link in the email they receive. First select the drop-down menu at the top the page where you want to edit. Please note that the same landing page may be available in different languages. So make sure you [[dealing_with_multiple_languages_in_your_recipient_group|edit the correct language]].
+After saving the Base Settings, you can now [[Edit_Landing_Page|Edit the Landing Page]], [[Upload_Your_Web_Page|Upload Your Own Webpage]] or simply [[copy_web_page|copy any website on the internet]]. The Landing Page is the webpage that the users will see when they click on the link in the email they receive. First, select the drop-down menu at the top the page where you want to edit. Please note that the same landing page may be available in different languages. So make sure you [[dealing_with_multiple_languages_in_your_recipient_group|edit the correct language]].
 {{ 33.jpg?direct&600 }}
@@ Line 113: / Line 113: @@
-  * **Step 8a:** Choose your** sender's name, email address and subject** (**Note**: The most common reason for emails not arriving at your Recipient's Inbox are SPAM filters. When using a known email domain like test@microsoft.com or a non-existing email domain like test@nonexistant.com, your email might get deleted by SPAM filters. Some public email providers are very restrictive and might not even forward emails to your Recipient's SPAM folder. To verify this you can use LUCY's built in [[Spam_Check|SPAM Checker]]).
+  * **Step 8a:** Choose your** sender's name, email address and subject** (**Note**: The most common reason for emails not arriving at your Recipient's Inbox are SPAM filters. When using a known email domain like test@microsoft.com or a non-existing email domain like test@nonexistant.com, your email might get deleted by SPAM filters. Some public email providers are very restrictive and might not even forward emails to your Recipient's SPAM folder. To verify this you can use LUCY's built-in [[Spam_Check|SPAM Checker]]).
   * **Step 8b**: Please also **choose the language** for each group. If you configured an English landing page, then select English also within that recipient group. If you have different groups with different languages within your company you can simply create a group and select a language for each recipient. LUCY then will direct each user to an individual landing page that [[dealing_with_multiple_languages_in_your_recipient_group|matches that language]].
@@ Line 121: / Line 121: @@
 {{select_link.png?600}}
-Please make sure the link variable is set in the HTML code, if you hide it behind another Link. If you type a hyperlink instead a word, the editor will automatically detect that, and create the link in the code. But this link will be wrong: If you type http://www.example.com in the editor, LUCY will automatically create a hyperlink to http://www.example.com in the HTML code (1) and underline the URL. But if you want http://www.example.com pointing to your LUCY URL, please remove the link pointing to http://www.example.com in the source code directly, or remove it by clicking on the "unlink" symbol (2), and then select the text "http://www.example.com" and click on the link symbol again and insert %link% in the HTML code (3).
+Please make sure the link variable is set in the HTML code, if you hide it behind another Link. If you type a hyperlink instead of a word, the editor will automatically detect that, and create the link in the code. But this link will be wrong: If you type http://www.example.com in the editor, LUCY will automatically create a hyperlink to http://www.example.com in the HTML code (1) and underline the URL. But if you want http://www.example.com pointing to your LUCY URL, please remove the link pointing to http://www.example.com in the source code directly, or remove it by clicking on the "unlink" symbol (2), and then select the text "http://www.example.com" and click on the link symbol again and insert %link% in the HTML code (3).
 {{ link_behind_l.png?600 }}
@@ Line 131: / Line 131: @@
 ===== STEP 9 - Configure the Mail Delivery Method =====
-You can define the mail delivery method on a globally within the settings menu. If you do so, it will overwrite all individual settings in a campaign. The second possibility is to configure the delivery methods within a campaign:
+You can define the mail delivery method globally within the settings menu. If you do so, it will overwrite all individual settings in a campaign. The second possibility is to configure the delivery methods within a campaign:
 {{ message_campaign.png?600 }}
-In LUCY the default delivery method for mails is using the build-in Postfix mail server. As many SPAM filters will block mails coming from an new IP-address that has no reputation, the administrator can decide to configure an external mail relay.
+In LUCY the default delivery method for mails is using the build-in Postfix mail server. As many SPAM filters will block mails coming from a new IP-address that has no reputation, the administrator can decide to configure an external mail relay.
 \\
 \\
@@ Line 160: / Line 160: @@
 You have the ability to provide the user with some awareness training in case he fails the phishing simulation. A failure to pass the phishing simulation is considered as a successful attack in LUCY. Therefore, it is very important that you define what you consider as an [[success_actions|successful attack]] (because only those who have been successfully tested, will receive an awareness training). The awareness training can be done in two ways:
-  * **Send the eLearning via Mail**: There is the option to have LUCY automatically send some e-learning content to all users or only users who have failed the phishing test. This configuration setting is part of an [[Awareness_E-learning_Settings|Separate Chapter (E-learning).]] If you want the users to get an e-mail with a link to the awareness content, you need make sure that in "STEP 7 - Configure Basic Settings" the checkbox "Send Link to Awareness Website Automatically" is selected and you configured an awareness template (mail and optional landing page).
+  * **Send the eLearning via Mail**: There is the option to have LUCY automatically send some e-learning content to all users or only users who have failed the phishing test. This configuration setting is part of an [[Awareness_E-learning_Settings|Separate Chapter (E-learning).]] If you want the users to get an e-mail with a link to the awareness content, you need to make sure that in "STEP 7 - Configure Basic Settings" the checkbox "Send Link to Awareness Website Automatically" is selected and you configured an awareness template (mail and optional landing page).
 {{ send_elearning.png?600 }}