Software service to facilitate organizational testing of employees to determine their potential susceptibility to phishing scams

US 8,484,741 B1
Filed: 01/27/2012
Issued: 07/09/2013
Est. Priority Date: 01/27/2012
Status: Active Grant

First Claim

Patent Images

1. A system for facilitating an information technology administrator of a client organization to assess potential susceptibility of employees of the client organization to phishing scams, the system comprising:

at least one processor device;

an address book manager module that is arranged and configured to facilitate input by the information technology administrator of the e-mail addresses of the group of individuals into one or more address books;

an e-mail manager module that is arranged and configured to facilitate creation by the information technology administrator of at least one phishing e-mail that includes at least a link to a web page;

a web page manager module that is arranged and configured to facilitate creation by the information technology administrator of a web page that is accessible by a recipient of the phishing e-mail by clicking on the link included in the received phishing e-mail;

a campaign manager module that is arranged and configured to facilitate customization by the information technology administrator of a campaign by allowing selection of and correlation between one or more of the address books and one or more phishing e-mails to be sent;

a message generation module that is arranged and configured to execute the campaign according to the customization established by the information technology administrator by sending the phishing e-mails to the group of individuals in the address book(s);

a monitoring module that is arranged and configured to monitor responses to the phishing e-mails sent by the message generation module, wherein the monitoring module comprises an interactive application simulator which interacts with recipients of phishing e-mails who respond by providing potentially confidential information in response to the phishing e-mails, and wherein the interactive application simulator is arranged and configured to avoid collecting potentially confidential information provided by recipients of phishing e-mails; and

a report generating module is arranged and configured to provide analysis of the responses to the phishing e-mails for review by the information technology administrator;

wherein the at least one processor device is operatively connected to at least one of the address book manager module, the e-mail manager module, the web page manager module, the campaign manager module, the message generation module, the monitoring module, and the report generating module.

View all claims

9 Assignments

Timeline View

Assignment View

2 Petitions

Accused Products

Abstract

A software system and service for facilitating organizational testing of employees in order to determine their potential susceptibility to phishing scams is disclosed to evaluate their susceptibility to e-mail and Internet cybercrimes such as phishing. The e-mail addresses of a client organization'"'"'s employees are provided to the system, a phishing e-mail is created and customized, and a phishing e-mail campaign in which the phishing e-mail message is sent and the responses to the phishing e-mail is monitored, and the results of the e-mail campaign are provided for evaluation. The phishing e-mail may optionally contain attachments and various types of probes and “call home” mechanisms.

189 Citations

41 Claims

1. A system for facilitating an information technology administrator of a client organization to assess potential susceptibility of employees of the client organization to phishing scams, the system comprising:
- at least one processor device;
  
  an address book manager module that is arranged and configured to facilitate input by the information technology administrator of the e-mail addresses of the group of individuals into one or more address books;
  
  an e-mail manager module that is arranged and configured to facilitate creation by the information technology administrator of at least one phishing e-mail that includes at least a link to a web page;
  
  a web page manager module that is arranged and configured to facilitate creation by the information technology administrator of a web page that is accessible by a recipient of the phishing e-mail by clicking on the link included in the received phishing e-mail;
  
  a campaign manager module that is arranged and configured to facilitate customization by the information technology administrator of a campaign by allowing selection of and correlation between one or more of the address books and one or more phishing e-mails to be sent;
  
  a message generation module that is arranged and configured to execute the campaign according to the customization established by the information technology administrator by sending the phishing e-mails to the group of individuals in the address book(s);
  
  a monitoring module that is arranged and configured to monitor responses to the phishing e-mails sent by the message generation module, wherein the monitoring module comprises an interactive application simulator which interacts with recipients of phishing e-mails who respond by providing potentially confidential information in response to the phishing e-mails, and wherein the interactive application simulator is arranged and configured to avoid collecting potentially confidential information provided by recipients of phishing e-mails; and
  
  a report generating module is arranged and configured to provide analysis of the responses to the phishing e-mails for review by the information technology administrator;
  
  wherein the at least one processor device is operatively connected to at least one of the address book manager module, the e-mail manager module, the web page manager module, the campaign manager module, the message generation module, the monitoring module, and the report generating module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 2. The system defined in claim 1, wherein the address book manager is arranged and configured to allow the information technology administrator to upload a file containing the e-mail addresses of the group of individuals.
  - 3. The system defined in claim 1, wherein the address book manager is arranged and configured to allow the information technology administrator to create multiple address books and selectively populate each of the multiple address books with e-mail addresses of selected ones of the group of individuals.
  - 4. The system defined in claim 1, wherein the e-mail manager module comprises:
    - an e-mail template manager module that is arranged and configured to facilitate the information technology administrator of the client organization selecting a template for a phishing e-mail that is optionally subsequently populated with text and graphics.
  - 5. The system defined in claim 4, wherein the e-mail template manager module is arranged and configured to allow the information technology administrator to either select one of a plurality of available e-mail templates useable as a starting point for the phishing e-mail or to upload the information technology administrator'"'"'s template to the e-mail manager module.
  - 6. The system defined in claim 1, wherein the e-mail manager module comprises:
    - an e-mail server manager module that is arranged and configured to facilitate the information technology administrator of the client organization selecting one or more e-mail servers from which the phishing e-mail is subsequently sent by the message generation module.
  - 7. The system defined in claim 6, wherein the e-mail server manager module is arranged and configured to allow the information technology administrator to either select one of a plurality of available e-mail servers included in the system to send the phishing e-mail or to select one or more public e-mail servers to send the phishing e-mail.
  - 8. The system defined in claim 1, wherein the phishing e-mail created by the e-mail manager module has an attachment comprising one or more document types from the group consisting of a PDF document, an Excel document, a Word document, and a PowerPoint document.
  - 9. The system defined in claim 1, wherein the phishing e-mail created by the e-mail manager module contains a call-home probe macro.
  - 10. The system defined in claim 9, wherein the call-home probe macro is signed.
  - 11. The system defined in claim 9, wherein the call-home probe macro is unsigned.
  - 12. The system defined in claim 1, wherein the web page manager module comprises:
    - a web template manager module that is arranged and configured to facilitate the information technology administrator of the client organization selecting a template for the web page that is optionally subsequently populated with text and graphics.
  - 13. The system defined in claim 12, wherein the web template manager module is arranged and configured to allow the information technology administrator to either select one of a plurality of available web templates useable as a starting point for the web page or to upload the information technology administrator'"'"'s template to the web manager module.
  - 14. The system defined in claim 1, wherein the web page manager module comprises:
    - a web server manager module that is arranged and configured to facilitate the information technology administrator of the client organization selecting one or more web servers from which the web page that is accessible a recipient of a phishing e-mail by clicking on the link included in the received phishing e-mail is hosted.
  - 15. The system defined in claim 14, wherein the web server manager module is arranged and configured to allow the information technology administrator to either select one of a plurality of available web servers included in the system to host the web page or to select one or more public web servers to host the web page.
  - 16. The system defined in claim 1, wherein the campaign manager module is arranged and configured to allow the information technology administrator to select a plurality of phishing e-mails to be sent, and for each of the phishing e-mails to select one or more of the address books with each phishing e-mail to be sent to at least some of the e-mail addresses of the group of individuals in the particular address book.
  - 17. The system defined in claim 16, additionally comprising:
    - an e-mail server manager module that is arranged and configured to facilitate the information technology administrator of the client organization selecting one or more e-mail servers from which the phishing e-mail is subsequently sent by the message generation module;
18. The system defined in claim 16, additionally comprising:
- a web server manager module that is arranged and configured to facilitate the information technology administrator of the client organization selecting one or more web servers from which the web page that is accessible by a recipient of a phishing e-mail by clicking on the link included in the received phishing e-mail is hosted;
  
  wherein the campaign manager module is further arranged and configured to allow the information technology administrator to select one of the web servers accessible by a recipient of a phishing e-mail by clicking on the link included in the received phishing e-mail.
19. The system defined in claim 16, wherein the campaign manager module is further arranged and configured to allow the information technology administrator to select the schedule for when each of the phishing e-mails is subsequently sent.
20. The system defined in claim 16, wherein the campaign manager module is further arranged and configured to allow the information technology administrator to select the percentage of the e-mail addresses of the group of individuals in the particular address book that the phishing e-mail is sent to.
21. The system defined in claim 1, wherein the monitoring module is arranged and configured to monitor automatic responses to phishing e-mail including at least a received by e-mail recipient'"'"'s server response, a read by e-mail recipient response, and an out-of-office response.
22. The system defined in claim 1, wherein the report generating module is arranged and configured to provide a Common Vulnerability Scoring System (“
- CVSS”
  
  ) analysis.
23. The system defined in claim 1, wherein the report generating module is arranged and configured to provide an outbound analysis for each phishing e-mail scheduled for sending by the campaign manager module, the outbound analysis indicating whether the phishing e-mail is Queued, Sending, Sent, or Late.
24. The system defined in claim 23, wherein the report generating module is additionally arranged and configured to indicate whether a response has been received for the phishing e-mail indicating that it has been bounced, indicating that the phishing e-mail was undeliverable.
25. The system defined in claim 23, wherein the report generating module is additionally arranged and configured to indicate whether a response has been received for the phishing e-mail indicating that the recipient of the phishing e-mail is out-of-office.
26. The system defined in claim 23, wherein the report generating module is additionally arranged and configured to indicate whether a response has been received to the phishing e-mail from the recipient of the phishing e-mail.
27. The system defined in claim 1, wherein the report generating module is arranged and configured to provide an inbound analysis for each phishing e-mail sent, the inbound analysis indicating the e-mail address of the responding e-mail, a size of the responding e-mail, and its time stamp.
28. The system defined in claim 1, wherein the report generating module is arranged and configured to provide a number of web activities, or “
- hits,”
  
  that were each caused by the recipient of the phishing e-mail having one access to a web page resource by a browser or e-mail client responding to the phishing e-mail.
29. The system defined in claim 1, wherein the report generating module is arranged and configured to provide an indication of whether the recipient of the phishing e-mail opened a web page or submitted a web form in response to the phishing e-mail.
30. The system defined in claim 1, wherein the report generating module is arranged and configured to provide an indication of whether the recipient of the phishing e-mail requested an individual image, downloaded a file, or uploaded a form in response to the phishing e-mail.
31. The system defined in claim 1, wherein the report generating module is arranged and configured to provide an indication of whether the recipient of the phishing e-mail submitted a login form, a non-blank password on a login form, or a feedback form.
32. The system defined in claim 1, wherein the report generating module is arranged and configured to provide an indication of whether the recipient of the phishing e-mail viewed a web page containing an action captcha request or submitted a value in a Captcha form field.
33. The system defined in claim 1, wherein the potentially confidential information provided by recipients of phishing e-mails comprise at least one of the activities from the group consisting of clicking on a link included in a received phishing e-mail, submitting data in a web form in response to the phishing e-mail, uploading a file in response to the phishing e-mail, submitting a login form, submitting a non-blank password on a login form, submitting a value in a Captcha form field, or providing another response to a received phishing e-mail.
34. The system defined in claim 1, wherein the interactive application simulator is arranged and configured to take a cryptographic hash of potentially confidential information provided by recipients of phishing e-mails and discard the potentially confidential information.
35. The system defined in claim 1, wherein the interactive application simulator is arranged and configured to profile potentially confidential information provided by recipients of phishing e-mails rather than collecting the actual information and discard the potentially confidential information.
36. The system defined in claim 1, wherein the interactive application simulator is arranged and configured to encrypt responses provided by recipients of phishing e-mails and data obtained in response to the phishing e-mails.

37. A method for facilitating an information technology administrator of a client organization to assess the potential susceptibility of employees of the client organization to phishing scams, comprising:
- providing an appliance comprising at least one processor device that is accessible by the information technology administrator of a client organization to set up a phishing e-mail campaign by performing the steps of;
  
  entering the e-mail addresses of a group of individuals into one or more address books;
  
  creating a phishing e-mail that includes at least one link;
  
  creating a web page that is accessible by a recipient of the phishing e-mail by clicking on the link included in the phishing e-mail; and
  
  setting up a campaign by selecting and correlating one or more of the address books and one or more phishing e-mails to be sent;
  
  wherein the appliance executes the campaign according to a customization established by the information technology administrator by sending the phishing e-mails to the group of individuals in the address books, monitoring responses to the phishing e-mails sent by a message generation module, and providing analysis of responses to the phishing e-mails for review by the information technology administrator; and
  
  wherein the monitoring step comprises interacting with recipients of phishing e-mails who respond by providing potentially confidential information in response to the phishing e-mails with an interactive application simulator which is arranged and configured to avoid collecting potentially confidential information provided by recipients of phishing e-mails.
- View Dependent Claims (38, 39)
- - 38. The method defined in claim 37, additionally comprising:
    - selecting an e-mail server to be used to send the phishing e-mail.
  - 39. The method defined in claim 37, additionally comprising:
    - selecting a web server to be used to host the web page.

40. A system for facilitating an information technology administrator of a client organization to assess the potential susceptibility of employees of the client organization to phishing scams, the system comprising:
- at least one processor device;
  
  an address book manager module that is arranged and configured to facilitate the input by the information technology administrator of e-mail addresses of the group of individuals into one or more address books;
  
  an e-mail manager module that is arranged and configured to facilitate creation by the information technology administrator of at least one phishing e-mail that includes at least a link to a web page;
  
  a web page manager module that is arranged and configured to facilitate creation by the information technology administrator of a web page that is accessible by a recipient of the phishing e-mail by clicking on the link included in the received phishing e-mail;
  
  a campaign manager module that is arranged and configured to facilitate customization by the information technology administrator of a campaign by allowing selection of and correlation between one or more of the address books and one or more phishing e-mails to be sent;
  
  a message generation module that is arranged and configured to execute the campaign according to the customization established by the information technology administrator by sending the phishing e-mails to the group of individuals in the address book(s);
  
  a monitoring module that is arranged and configured to monitor responses to the phishing e-mails sent by the message generation module, wherein the monitoring module comprises an interactive application simulator which interacts with recipients of phishing e-mails who respond by providing potentially confidential information in response to the phishing e-mails, wherein the potentially confidential information provided by recipients of phishing e-mails comprise at least one of the activities from the group consisting of clicking on a link included in a received phishing e-mail, submitting data in a web form in response to the phishing e-mail, uploading a file in response to the phishing e-mail, submitting a login form, submitting a non-blank password on a login form, submitting a value in a Captcha form field, or providing another response to a received phishing e-mail; and
  
  a report generating module is arranged and configured to provide analysis of the responses to the phishing e-mails for review by the information technology administrator;
  
  wherein the at least one processor device is operatively connected to at least one of the address book manager module, the e-mail manager module, the web page manager module, the campaign manager module, the message generation module, the monitoring module, and the report generating module.

41. A system for facilitating an information technology administrator of a client organization to assess the potential susceptibility of employees of the client organization to phishing scams, the system comprising:
- at least one processor device;
  
  an address book manager module that is arranged and configured to facilitate the input by the information technology administrator of e-mail addresses of the group of individuals into one or more address books;
  
  an e-mail manager module that is arranged and configured to facilitate creation by the information technology administrator of at least one phishing e-mail that includes at least a link to a web page;
  
  a web page manager module that is arranged and configured to facilitate creation by the information technology administrator of a web page that is accessible by a recipient of the phishing e-mail by clicking on the link included in the received phishing e-mail;
  
  a campaign manager module that is arranged and configured to facilitate customization by the information technology administrator of a campaign by allowing selection of and correlation between one or more of the address books and one or more phishing e-mails to be sent;
  
  a message generation module that is arranged and configured to execute the campaign according to the customization established by the information technology administrator by sending the phishing e-mails to the group of individuals in the address book(s);
  
  a monitoring module that is arranged and configured to monitor responses to the phishing e-mails sent by the message generation module, wherein the monitoring module comprises an interactive application simulator which interacts with recipients of phishing e-mails who may respond by providing potentially confidential information in response to the phishing e-mails, wherein the interactive application simulator is arranged and configured to encrypt responses provided by recipients of phishing e-mails and data obtained in response to the phishing e-mails; and
  
  a report generating module is arranged and configured to provide analysis of the responses to the phishing e-mails for review by the information technology administrator;
  
  wherein the at least one processor device is operatively connected to at least one of the address book manager module, the e-mail manager module, the web page manager module, the campaign manager module, the message generation module, the monitoring module, and the report generating module.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Barracuda Networks Incorporated
Original Assignee
Chapman Technology Group Incorporated
Inventors
Chapman, Mark T.
Primary Examiner(s)
Gergiso, Techane

Application Number

US13/360,420
Publication Number

US 20130198846A1
Time in Patent Office

529 Days
Field of Search

726/25, 709/206
US Class Current

726/25
CPC Class Codes

G06Q 10/0635   Risk analysis of enterprise...

G06Q 10/107   Computer-aided management o...

H04L 63/1433   Vulnerability analysis

H04L 63/1483   service impersonation, e.g....

Software service to facilitate organizational testing of employees to determine their potential susceptibility to phishing scams

First Claim

9 Assignments

2 Petitions

Accused Products

Abstract

189 Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

Software service to facilitate organizational testing of employees to determine their potential susceptibility to phishing scams

First Claim

9 Assignments

Subscription Required

Subscription Required

2 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

189 Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links