Assess yourself, phish yourself, train yourself, alarm yourself.

Test, train and engage your employees. LUCY allows you to put your security to the test by simulating realistic cyber-attacks. LUCY, makes Simulated Internet Attacks available and affordable for all!


Learn how simulated social engineering attacks can help your organization.

The Solution

How can a company leverage Lucy to test security.


Leverage the power of LUCY to your security training.

Who Uses LUCY

Find out who uses LUCY and how it is applied to their environment.

LUCY - Simulated Realistic Cyber-Attacks

Schedule your demo of LUCY today!

LUCY Overview

The LUCY Phishing Awareness Training Server is used to simulate social engineering attacks and it is universally applicable from SMEs right up to very large customers. Available on-premise or as a cloud solution, LUCY is easy to learn & intuitive to use. This solution provides dozens of preconfigured, easily customizable phishing templates and training modules, which can be independently used by the end user.

With LUCY’s “Phishing Incident Plugin for MS-Outlook ©” users rapidly send and receive security alerts, whenever a phishing attack is detected. This speeds up security team responses whilst reducing workload and costs . Lucy is already installed and used in more than 3900 licenses in over 50 countries.

The Solution

How can a company leverage Lucy to test security.

Test Employees

LUCY Software runs different variations of phishing, SMiShing, malware and portable media attack simulations to measure your team’s awareness of attacks and improve how they respond to them.

Train Employees

An integrated interactive eLearning module gives you the ability to provide targeted training in different languages to teach individuals who fall victim to LUCY’s simulated attacks.

Engage Employees

Allow your employees to report suspicious mails directly to your security team as well to LUCY for a real-time threat analysis based on the mail header and body.

Expose IT Risks

Allow your IT department to perform security checks without involving other employees.  Detect malware-related risks at every level of your IT infrastructure from your network and systems to individual applications.

Measure Progress

Monitor the progress on our real-time dashboard, create business reports in various formats (PDF, Word etc.), export the data (CSV, Excel, etc.) or via REST API. Create benchmark reports and trend analysis for your organization or a single employee.

What is LUCY’s Technology Assessment?

When a simulated phishing attack is successful you can run customized client vulnerability detection routines. They check out the posture of browsers installed in the organization; it checks if there are any hooks, which can be used by attackers, and determines to what degree they could be exploited. Results are shown in the campaign reporting.

Our second technology assessment method uses LUCY’s Malware Simulation Module. After a successful infection, it starts with the client and goes through a long list of client configuration items to determine if they are set correctly. But you also can start the program manually without a phishing simulation campaign to directly determine if there are any flaws in your IT infrastructure.

In addition to the methods mentioned above, LUCY provides safe and harmless tools for manual technology assessments executed by senior assessors.

Why Lucy

LUCY Multitenant Server can be downloaded and run on-premise within your intranet so that no data is transmitted outside of your organization. As an alternative, it can be used as a cloud-based solution with restricted access for only your staff.


IT-security awareness training, people testing and education

LUCY Phishing Software makes fake phishing campaigns and IT-security awareness trainings easy! It is the best solution to maintain vigilance against malware attacks and educate your organization to recognize cyber threats.


Designed for non-technical persons

Input for best-run phishing simulations often comes from the business side of an organization rather than from its IT department. That is why one of the key benefits of LUCY is the potential for campaigns and simulations to be managed by users who are not technically-trained individuals. You do not need to go to a “hacking school” to operate LUCY!


Everything is a campaign based on a scenario

And its easy! You can choose out of 70 different best-practice templates when you create a campaign and adapt it to your own specific needs. There are all types of scenario templates available: Phishing (hyperlink, file/download, mobile storage device and even SMiShing), awareness training or technical malware templates (see below).


Educate your people and improve

…their cyber threat knowledge with predefined learning content or add your own training content.


Rerun and become safer!

Cyber threats and IT-security risks are real. Having a campaign-based view does not lead to a well-prepared workforce or a vigilant organization. Simulations and campaigns need to be run on an ongoing basis. LUCY allows you to run campaigns the whole year round!


Mixed and custom campaigns

Of course, you can mix your campaign with different scenarios and send different templates to different recipients. If you do not want to use templates you launch entirely custom-built phishing simulations.


Report, analyze, learn and improve your future simulations

Detailed state-of-the-art reporting generally fits the needs of risk management and GRC officers, or other stakeholders. LUCY’s integrated dashboard and in-depth statistics provide the data necessary for IT-security specialists to analyze past campaigns or improve future ones. The integrated campaign comparison and trend analytics functionality facilitate this work, especially for larger organizations.

Who Uses LUCY?

Run simulation campaigns containing ‘malware’ using best-practice scenarios or build on custom attacks in a fraction of the time that conventional phishing simulations require. Assess to what extent a ransomware attack is possible, without doing any damage. Perform technology assessments, run vulnerability detections, explore your browser configurations using BeEF or even challenge your IT infrastructure using the Malware Simulation Toolkit.
“How secure are we?” – Finally receive a reliable answer to this question! Using LUCY you will get your answer fast, both from your own staff and with comparable metrics. Today, executive leaders see information risk as a key aspect of keeping their organization profitable and stable. Llyods of London found that cyber risks are now considered one of the top-three business risks that companies face.
Start to challenge your perimeter security with LUCY technology assessment tools! Enlarge your service portfolio using easily manageable out-of-the-box malware awareness campaigns or phishing simulations. Discover the value of predefined best-practice campaigns and try to hack yourself without doing any harm!
Create and reuse your work with a fraction of your former efforts. Streamline all your phishing awareness campaigns and boost your productivity with a powerful multitenant platform. Use the same product for campaigns running on your customers’ infrastructure or for cloud-based installations. Create, maintain and distribute your own specialized and custom social engineering services around your employees. And last but not least, assure efficient knowledge transfer to your employees and to your customers using a single product for most of your services!
Run your malware-related social engineering campaign in ten minutes out of the box. Check your customers’ infrastructure for the most common vulnerabilities or set up your own penetration testing environment instantly!