Software service to facilitate organizational testing of employees to determine their potential susceptibility to phishing scams
First Claim
1. A system for facilitating an information technology administrator of a client organization to assess potential susceptibility of employees of the client organization to phishing scams, the system comprising:
- at least one processor device;
an address book manager module that is arranged and configured to facilitate input by the information technology administrator of the e-mail addresses of the group of individuals into one or more address books;
an e-mail manager module that is arranged and configured to facilitate creation by the information technology administrator of at least one phishing e-mail that includes at least a link to a web page;
a web page manager module that is arranged and configured to facilitate creation by the information technology administrator of a web page that is accessible by a recipient of the phishing e-mail by clicking on the link included in the received phishing e-mail;
a campaign manager module that is arranged and configured to facilitate customization by the information technology administrator of a campaign by allowing selection of and correlation between one or more of the address books and one or more phishing e-mails to be sent;
a message generation module that is arranged and configured to execute the campaign according to the customization established by the information technology administrator by sending the phishing e-mails to the group of individuals in the address book(s);
a monitoring module that is arranged and configured to monitor responses to the phishing e-mails sent by the message generation module, wherein the monitoring module comprises an interactive application simulator which interacts with recipients of phishing e-mails who respond by providing potentially confidential information in response to the phishing e-mails, and wherein the interactive application simulator is arranged and configured to avoid collecting potentially confidential information provided by recipients of phishing e-mails; and
a report generating module is arranged and configured to provide analysis of the responses to the phishing e-mails for review by the information technology administrator;
wherein the at least one processor device is operatively connected to at least one of the address book manager module, the e-mail manager module, the web page manager module, the campaign manager module, the message generation module, the monitoring module, and the report generating module.
9 Assignments
2 Petitions
Accused Products
Abstract
A software system and service for facilitating organizational testing of employees in order to determine their potential susceptibility to phishing scams is disclosed to evaluate their susceptibility to e-mail and Internet cybercrimes such as phishing. The e-mail addresses of a client organization'"'"'s employees are provided to the system, a phishing e-mail is created and customized, and a phishing e-mail campaign in which the phishing e-mail message is sent and the responses to the phishing e-mail is monitored, and the results of the e-mail campaign are provided for evaluation. The phishing e-mail may optionally contain attachments and various types of probes and “call home” mechanisms.
189 Citations
41 Claims
-
1. A system for facilitating an information technology administrator of a client organization to assess potential susceptibility of employees of the client organization to phishing scams, the system comprising:
-
at least one processor device; an address book manager module that is arranged and configured to facilitate input by the information technology administrator of the e-mail addresses of the group of individuals into one or more address books; an e-mail manager module that is arranged and configured to facilitate creation by the information technology administrator of at least one phishing e-mail that includes at least a link to a web page; a web page manager module that is arranged and configured to facilitate creation by the information technology administrator of a web page that is accessible by a recipient of the phishing e-mail by clicking on the link included in the received phishing e-mail; a campaign manager module that is arranged and configured to facilitate customization by the information technology administrator of a campaign by allowing selection of and correlation between one or more of the address books and one or more phishing e-mails to be sent; a message generation module that is arranged and configured to execute the campaign according to the customization established by the information technology administrator by sending the phishing e-mails to the group of individuals in the address book(s); a monitoring module that is arranged and configured to monitor responses to the phishing e-mails sent by the message generation module, wherein the monitoring module comprises an interactive application simulator which interacts with recipients of phishing e-mails who respond by providing potentially confidential information in response to the phishing e-mails, and wherein the interactive application simulator is arranged and configured to avoid collecting potentially confidential information provided by recipients of phishing e-mails; and a report generating module is arranged and configured to provide analysis of the responses to the phishing e-mails for review by the information technology administrator; wherein the at least one processor device is operatively connected to at least one of the address book manager module, the e-mail manager module, the web page manager module, the campaign manager module, the message generation module, the monitoring module, and the report generating module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
wherein the campaign manager module is further arranged and configured to allow the information technology administrator to select one of the e-mail servers from which the phishing e-mail is subsequently sent.
-
-
18. The system defined in claim 16, additionally comprising:
-
a web server manager module that is arranged and configured to facilitate the information technology administrator of the client organization selecting one or more web servers from which the web page that is accessible by a recipient of a phishing e-mail by clicking on the link included in the received phishing e-mail is hosted; wherein the campaign manager module is further arranged and configured to allow the information technology administrator to select one of the web servers accessible by a recipient of a phishing e-mail by clicking on the link included in the received phishing e-mail.
-
-
19. The system defined in claim 16, wherein the campaign manager module is further arranged and configured to allow the information technology administrator to select the schedule for when each of the phishing e-mails is subsequently sent.
-
20. The system defined in claim 16, wherein the campaign manager module is further arranged and configured to allow the information technology administrator to select the percentage of the e-mail addresses of the group of individuals in the particular address book that the phishing e-mail is sent to.
-
21. The system defined in claim 1, wherein the monitoring module is arranged and configured to monitor automatic responses to phishing e-mail including at least a received by e-mail recipient'"'"'s server response, a read by e-mail recipient response, and an out-of-office response.
-
22. The system defined in claim 1, wherein the report generating module is arranged and configured to provide a Common Vulnerability Scoring System (“
- CVSS”
) analysis.
- CVSS”
-
23. The system defined in claim 1, wherein the report generating module is arranged and configured to provide an outbound analysis for each phishing e-mail scheduled for sending by the campaign manager module, the outbound analysis indicating whether the phishing e-mail is Queued, Sending, Sent, or Late.
-
24. The system defined in claim 23, wherein the report generating module is additionally arranged and configured to indicate whether a response has been received for the phishing e-mail indicating that it has been bounced, indicating that the phishing e-mail was undeliverable.
-
25. The system defined in claim 23, wherein the report generating module is additionally arranged and configured to indicate whether a response has been received for the phishing e-mail indicating that the recipient of the phishing e-mail is out-of-office.
-
26. The system defined in claim 23, wherein the report generating module is additionally arranged and configured to indicate whether a response has been received to the phishing e-mail from the recipient of the phishing e-mail.
-
27. The system defined in claim 1, wherein the report generating module is arranged and configured to provide an inbound analysis for each phishing e-mail sent, the inbound analysis indicating the e-mail address of the responding e-mail, a size of the responding e-mail, and its time stamp.
-
28. The system defined in claim 1, wherein the report generating module is arranged and configured to provide a number of web activities, or “
- hits,”
that were each caused by the recipient of the phishing e-mail having one access to a web page resource by a browser or e-mail client responding to the phishing e-mail.
- hits,”
-
29. The system defined in claim 1, wherein the report generating module is arranged and configured to provide an indication of whether the recipient of the phishing e-mail opened a web page or submitted a web form in response to the phishing e-mail.
-
30. The system defined in claim 1, wherein the report generating module is arranged and configured to provide an indication of whether the recipient of the phishing e-mail requested an individual image, downloaded a file, or uploaded a form in response to the phishing e-mail.
-
31. The system defined in claim 1, wherein the report generating module is arranged and configured to provide an indication of whether the recipient of the phishing e-mail submitted a login form, a non-blank password on a login form, or a feedback form.
-
32. The system defined in claim 1, wherein the report generating module is arranged and configured to provide an indication of whether the recipient of the phishing e-mail viewed a web page containing an action captcha request or submitted a value in a Captcha form field.
-
33. The system defined in claim 1, wherein the potentially confidential information provided by recipients of phishing e-mails comprise at least one of the activities from the group consisting of clicking on a link included in a received phishing e-mail, submitting data in a web form in response to the phishing e-mail, uploading a file in response to the phishing e-mail, submitting a login form, submitting a non-blank password on a login form, submitting a value in a Captcha form field, or providing another response to a received phishing e-mail.
-
34. The system defined in claim 1, wherein the interactive application simulator is arranged and configured to take a cryptographic hash of potentially confidential information provided by recipients of phishing e-mails and discard the potentially confidential information.
-
35. The system defined in claim 1, wherein the interactive application simulator is arranged and configured to profile potentially confidential information provided by recipients of phishing e-mails rather than collecting the actual information and discard the potentially confidential information.
-
36. The system defined in claim 1, wherein the interactive application simulator is arranged and configured to encrypt responses provided by recipients of phishing e-mails and data obtained in response to the phishing e-mails.
-
37. A method for facilitating an information technology administrator of a client organization to assess the potential susceptibility of employees of the client organization to phishing scams, comprising:
-
providing an appliance comprising at least one processor device that is accessible by the information technology administrator of a client organization to set up a phishing e-mail campaign by performing the steps of; entering the e-mail addresses of a group of individuals into one or more address books; creating a phishing e-mail that includes at least one link; creating a web page that is accessible by a recipient of the phishing e-mail by clicking on the link included in the phishing e-mail; and setting up a campaign by selecting and correlating one or more of the address books and one or more phishing e-mails to be sent; wherein the appliance executes the campaign according to a customization established by the information technology administrator by sending the phishing e-mails to the group of individuals in the address books, monitoring responses to the phishing e-mails sent by a message generation module, and providing analysis of responses to the phishing e-mails for review by the information technology administrator; and wherein the monitoring step comprises interacting with recipients of phishing e-mails who respond by providing potentially confidential information in response to the phishing e-mails with an interactive application simulator which is arranged and configured to avoid collecting potentially confidential information provided by recipients of phishing e-mails. - View Dependent Claims (38, 39)
-
-
40. A system for facilitating an information technology administrator of a client organization to assess the potential susceptibility of employees of the client organization to phishing scams, the system comprising:
-
at least one processor device; an address book manager module that is arranged and configured to facilitate the input by the information technology administrator of e-mail addresses of the group of individuals into one or more address books; an e-mail manager module that is arranged and configured to facilitate creation by the information technology administrator of at least one phishing e-mail that includes at least a link to a web page; a web page manager module that is arranged and configured to facilitate creation by the information technology administrator of a web page that is accessible by a recipient of the phishing e-mail by clicking on the link included in the received phishing e-mail; a campaign manager module that is arranged and configured to facilitate customization by the information technology administrator of a campaign by allowing selection of and correlation between one or more of the address books and one or more phishing e-mails to be sent; a message generation module that is arranged and configured to execute the campaign according to the customization established by the information technology administrator by sending the phishing e-mails to the group of individuals in the address book(s); a monitoring module that is arranged and configured to monitor responses to the phishing e-mails sent by the message generation module, wherein the monitoring module comprises an interactive application simulator which interacts with recipients of phishing e-mails who respond by providing potentially confidential information in response to the phishing e-mails, wherein the potentially confidential information provided by recipients of phishing e-mails comprise at least one of the activities from the group consisting of clicking on a link included in a received phishing e-mail, submitting data in a web form in response to the phishing e-mail, uploading a file in response to the phishing e-mail, submitting a login form, submitting a non-blank password on a login form, submitting a value in a Captcha form field, or providing another response to a received phishing e-mail; and a report generating module is arranged and configured to provide analysis of the responses to the phishing e-mails for review by the information technology administrator;
wherein the at least one processor device is operatively connected to at least one of the address book manager module, the e-mail manager module, the web page manager module, the campaign manager module, the message generation module, the monitoring module, and the report generating module.
-
-
41. A system for facilitating an information technology administrator of a client organization to assess the potential susceptibility of employees of the client organization to phishing scams, the system comprising:
-
at least one processor device; an address book manager module that is arranged and configured to facilitate the input by the information technology administrator of e-mail addresses of the group of individuals into one or more address books; an e-mail manager module that is arranged and configured to facilitate creation by the information technology administrator of at least one phishing e-mail that includes at least a link to a web page; a web page manager module that is arranged and configured to facilitate creation by the information technology administrator of a web page that is accessible by a recipient of the phishing e-mail by clicking on the link included in the received phishing e-mail; a campaign manager module that is arranged and configured to facilitate customization by the information technology administrator of a campaign by allowing selection of and correlation between one or more of the address books and one or more phishing e-mails to be sent; a message generation module that is arranged and configured to execute the campaign according to the customization established by the information technology administrator by sending the phishing e-mails to the group of individuals in the address book(s); a monitoring module that is arranged and configured to monitor responses to the phishing e-mails sent by the message generation module, wherein the monitoring module comprises an interactive application simulator which interacts with recipients of phishing e-mails who may respond by providing potentially confidential information in response to the phishing e-mails, wherein the interactive application simulator is arranged and configured to encrypt responses provided by recipients of phishing e-mails and data obtained in response to the phishing e-mails; and a report generating module is arranged and configured to provide analysis of the responses to the phishing e-mails for review by the information technology administrator;
wherein the at least one processor device is operatively connected to at least one of the address book manager module, the e-mail manager module, the web page manager module, the campaign manager module, the message generation module, the monitoring module, and the report generating module.
-
Specification