Lucy Awareness
Visit our WebsiteContact Support
  • Wiki Overview
  • Guides
    • Quick Guides
      • Create Your First Campaign
        • Adding a New Client
        • Register an Attack Domain
        • Campaign Setup
          • Selecting an Attack
          • Attack Settings
          • Awareness Settings
          • Recipients
          • Review
        • Whitelisting
    • Installing Lucy
      • On-Premise vs Cloud Installation
      • Architecture
      • Hardware Requirements
      • Network Communication
      • Installing Lucy
      • Post Installation
    • Manage Blacklisted Domains
      • Managing Google SafeBrowsing Alerts
    • Whitelisting a Lucy Server
      • Google Workspace Whitelisting
      • Microsoft O365 Whitelisting
      • File Attack Whitelisting
    • Attack Simulations
      • Attack Types
        • Data Entry Attack
        • Hyperlink Attack
        • File Attack
        • Portable Media
        • Smishing
        • Lures
        • QR Codes
        • Ransomware Emulation
        • Technical Malware Test
          • Malware Toolkit Test Suite
        • Mail & Web Filter Test
        • Email Spoofing Test
      • Attack Template Customization
      • Firewall Protection Interval
      • Email Tracking Technologies
      • Advanced Information Gathering
      • Regular Expressions in Login Fields
      • Copy a Website
      • Redirecting Users
    • Awareness Training
      • Awareness Template Customization
      • Awareness Only Campaigns
        • Using Multiple Awareness Trainings
      • Use extended method of tracking the end of the quiz
    • Reporting Plugin
      • Deploying Office 365
      • Deploying Outlook Native
      • Deploying Gmail
  • Application Screens Reference
    • Statistics Dashboard
    • Campaigns Dashboards
    • Campaigns
      • New Campaign
        • Wizard Mode
          • Selecting an Attack
          • Attack Settings
          • Awareness Settings
          • Recipients
          • Review
        • Expert Mode
      • Campaign Settings
        • Configuration
          • Base Settings
          • Awareness Settings
          • Attack Settings
          • Schedule
            • Schedule Plan
          • Recipients
        • Advanced Settings
          • User Settings
          • Filters
          • Custom Fields
          • Reminders
        • Campaign Checks
        • Logs
        • Results
          • Summary
          • Statistics
          • Reports
          • Exports
    • Templates
      • Attack Templates
      • Awareness Templates
      • File Templates
      • Report Templates
      • Campaign Templates
      • Training Diploma
      • Download templates
      • Variables in Lucy
    • Users
      • Recipient Groups
      • End Users
      • End User Portal Settings
      • Administrative Users
      • Reputation Levels
    • Settings
      • Common System Settings
        • Domains
          • Supported TLDs
        • Firewall
        • Web Proxy
        • Mail Settings
        • SMTP Servers
        • SSL Settings
          • SSL for Campaigns
        • SMS Settings
        • Filter Settings
        • API Whitelist
          • API Routes
        • LDAP Servers
          • LDAP Sync Tool
        • LDAP Settings
        • Azure Applications
        • Azure AD Settings
        • SSO Configuration
      • Advanced System Settings
        • Advanced Settings
        • SSH Password
      • Submitted Email Settings
        • Custom Rules & Score Factors
        • Abuse Reports
        • Incident Autoresponder
        • Plugin Settings
      • Clients
        • Client Invoices
        • Client Invoice Settings
      • Backup and Restore
        • Backup Settings
      • Benchmark Sectors
      • Whitelabeling
      • File Browser
    • Incidents
    • Support
      • Status
        • Status
        • System Monitoring
        • System Health Check
        • Notifications
      • System Tests
        • Test Email
        • Performance Test
        • Spam Test
        • Mail Spoofing Test
        • Mail and Web Filter Test
      • System Logs
      • Manual
      • Update
      • Reboot
      • Mail Manager
      • Terms & Conditions
    • Account Settings
      • Two Factor Authentication
      • License
      • Invoices
    • Notifications
  • Release Notes
    • 5.4
    • 5.3.5
    • 5.3.4
    • 5.3.3
    • 5.3.2
    • 5.3.1
    • 5.3
    • 5.2.1
    • 5.2
    • 5.1
    • 5.0
    • Version 4
      • 4.14
      • 4.13
      • 4.12.1
      • 4.11
      • 4.10.1
      • 4.9.5
      • 4.9.2
      • 4.9.1
  • Legal
    • EULA
    • Privacy Policy
    • DPA, Customer and Partner Info
    • Service Level Agreement
    • Confidentiality of Campaign Data
  • When to Contact Us
    • Contact Technical Support
Powered by GitBook
On this page
  • Understanding the Attack
  • Checklist
  • Real-world Examples
  • User Detection Methods

Was this helpful?

  1. Guides
  2. Attack Simulations
  3. Attack Types

Hyperlink Attack

PreviousData Entry AttackNextFile Attack

Last updated 8 months ago

Was this helpful?

Understanding the Attack

Definition

A hyperlink attack involves embedding malicious URLs in emails. When users click these links, they may be redirected to phishing sites, download malware, or unintentionally disclose personal information. For Lucy, success is measured by whether the user clicks the link.


Checklist


Real-world Examples

  • An employee in the finance department receives an email that appears to be from their HR department, prompting them to complete a timesheet.

  • An employee receives an email purportedly from the HR department, containing a link to view their colleagues' performance metrics compared to their own.

  • A finance executive receives an urgent email that seems to be from the CEO, containing a payment link for an emergency account transfer.


User Detection Methods

To help employees recognize and respond to hyperlink phishing attempts effectively, the following user detection methods can be incorporated into training programs:

Email Analysis

Check Sender Details: Verify the sender's email address and domain to ensure they match the legitimate source.

Look for Red Flags: Be wary of emails with poor grammar, spelling errors, or unusual formatting.

URL Inspection

Hover Over Links: Before clicking, hover over links to view the actual URL and ensure it points to a legitimate site.

Check for HTTPS: Ensure the website URL starts with "https://" and look for a padlock symbol, indicating a secure connection.

Content Verification

Suspicious Attachments: Avoid opening unexpected attachments or downloading files from unknown sources.

Urgency and Threats: Be cautious of emails that create a sense of urgency, pressure to act quickly, or threaten negative consequences.

Link Appearance Checks

Verify Link Text: Ensure the visible text of the hyperlink matches the actual URL. For example, a link labeled as “www.lucysecurity.com” should not redirect to “www.lucysecurtiy.com.”

Type Known URLs Manually: Instead of clicking on a link, manually type the known and trusted URL into your browser to ensure you are visiting the correct site.

Communication Verification

Cross-Check Requests: If an email or message asks for sensitive information, verify the request through a separate communication channel, such as a phone call to the supposed sender.

Incident Reporting

Report Suspicious Links: Immediately report any suspicious links to the IT or security department for further analysis.


Ready to set up your Hyperlink Attack? See our platform reference article on

Use Reporting Tools: Deploy the for all users to use as a reporting tool.

Ensure the sending Domain is whitelisted
Lucy Phish Button
Register an Attack Domain
Add a Hyperlink Attack to your Campaign
Ensure "Click" is set as your Success Action
Adding an Attack to your campaign.
This is an example of a Hyperlink Attack, once clicked redirecting to awareness training