Simulated phishing attack with sequential messages
First Claim
1. A method, comprising:
- conducting a simulated phishing attack, the simulated attack comprising;
transmitting a first message to at least one of one or more computing devices of an individual, the first message being disguised as originating from at least one of one or more trustworthy contacts of the individual and notifying the individual that the individual should expect to receive a second message; and
after transmitting the first message, transmitting the second message to at least one of the one or more computing devices of the individual, the second message also being disguised as originating from at least one of the one or more trustworthy contacts of the individual and attempting to lure the individual into performing, on at least one of the one or more computing devices, a target action associated with the second message,wherein if the individual performs the target action, the simulated phishing attack does not actually compromise any personal information or any one of the one or more computing devices of the individual; and
monitoring whether the individual performs the target action on at least one of the one or more computing devices.
7 Assignments
0 Petitions
Accused Products
Abstract
Described herein are methods, network devices and machine-readable storage media for conducting simulated phishing attacks on an individual so as to educate the individual about the various ways in which phishing attacks may be disguised. Specifically described is a simulated phishing attack involving a sequence of messages. At least one of the messages has an associated target action that would ordinary, if the attack were an actual phishing attack, result in the individual'"'"'s personal information and/or computing device becoming compromised. In the simulated phishing attack, no malicious action is actually performed. At least one of the other messages is designed to draw attention to the message with the target action.
-
Citations
14 Claims
-
1. A method, comprising:
-
conducting a simulated phishing attack, the simulated attack comprising; transmitting a first message to at least one of one or more computing devices of an individual, the first message being disguised as originating from at least one of one or more trustworthy contacts of the individual and notifying the individual that the individual should expect to receive a second message; and after transmitting the first message, transmitting the second message to at least one of the one or more computing devices of the individual, the second message also being disguised as originating from at least one of the one or more trustworthy contacts of the individual and attempting to lure the individual into performing, on at least one of the one or more computing devices, a target action associated with the second message, wherein if the individual performs the target action, the simulated phishing attack does not actually compromise any personal information or any one of the one or more computing devices of the individual; and monitoring whether the individual performs the target action on at least one of the one or more computing devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method, comprising:
-
conducting a simulated phishing attack, the simulated attack comprising; transmitting a first message to at least one of one or more computing devices of an individual, the first message being disguised as originating from at least one of one or more trustworthy contacts of the individual and attempting to lure the individual into performing, on at least one of the one or more computing devices, a target action associated with the first message; and after transmitting the first message, transmitting a second message to at least one of the one or more computing devices of the individual, the second message also being disguised as originating from at least one of the one or more trustworthy contacts of the individual and encouraging the individual to perform the target action on at least one of the one or more computing devices, wherein if the individual performs the target action, the simulated phishing attack does not actually compromise any personal information or any one of the one or more computing devices of the individual; and monitoring whether the individual performs the target action on at least one of the one or more computing devices. - View Dependent Claims (11, 12, 13)
-
-
14. A method, comprising:
-
conducting a simulated phishing attack, the simulated attack comprising; transmitting a first message to at least one of one or more computing devices of an individual, the first message (i) referencing a second message that the individual should expect to receive after the first message, (ii) being disguised as originating from at least one of one or more trustworthy contacts of the individual, and (iii) attempting to lure the individual into performing, on at least one of the one or more computing devices, a first target action that is associated with the first message; and after transmitting the first message, transmitting the second message to at least one of the one or more computing devices of the individual, the second message also being disguised as originating from at least one of the one or more trustworthy contacts of the individual and attempting to lure the individual into performing, on at least one of the one or more computing devices, a second target action that is associated with the second message, wherein if the individual performs one or more of the first target action and the second target action, the simulated phishing attack does not actually compromise any personal information or any one of the one or more computing devices of the individual; and monitoring whether the individual performs at least one of the first and second target actions on at least one of the one or more computing devices.
-
Specification