Performance benchmarking for simulated phishing attacks

US 8,635,703 B1
Filed: 03/05/2013
Issued: 01/21/2014
Est. Priority Date: 02/08/2013
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

conducting a simulated phishing attack on individuals from a first group;

recording a response of each individual from the first group to the simulated phishing attack;

calculating an aggregate performance of the first group based on the respective responses; and

comparing the aggregate performance of the first group with an aggregate performance of individuals from a second group so as to determine whether an additional simulated phishing attack should be administered to the individuals from the first group,wherein the simulated phishing attack is standardized for all individuals from the first and second groups so as to allow the aggregate performance of the first group to be compared with the aggregate performance of the second group.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described herein are methods, network devices and machine-readable media for conducting a simulated phishing attack on a first group of individuals, and performing an analysis of the group'"'"'s performance to the simulated attack. In the analysis, an aggregate performance of the first group is compared with an aggregate performance of individuals from a second group. Standardizing the simulated phishing attacks for individuals from both the first and second groups is necessary in order for the performance of the first group to be fairly or meaningfully compared to the performance of the second group. To ensure uniformity in the simulated phishing attacks, messages thereof may be constructed from template messages, the template messages having placeholders for individual-specific and company-specific information.

288 Citations

14 Claims

1. A method, comprising:
- conducting a simulated phishing attack on individuals from a first group;
  
  recording a response of each individual from the first group to the simulated phishing attack;
  
  calculating an aggregate performance of the first group based on the respective responses; and
  
  comparing the aggregate performance of the first group with an aggregate performance of individuals from a second group so as to determine whether an additional simulated phishing attack should be administered to the individuals from the first group,wherein the simulated phishing attack is standardized for all individuals from the first and second groups so as to allow the aggregate performance of the first group to be compared with the aggregate performance of the second group.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the response of each individual includes one or more of ignoring the simulated phishing attack, reporting the simulated phishing attack and performing a target action of the simulated phishing attack.
  - 3. The method of claim 2, wherein the target action of the simulated phishing attack comprises one or more of opening an e-mail attachment, selecting an embedded link, and providing personal information.
  - 4. The method of claim 1, wherein the aggregate performance of the first group is one or more of a percentage of individuals who ignored the simulated phishing attack, a percentage of individuals who reported the simulated phishing attack, and a percentage of individuals who performed a target action of the simulated phishing attack.
  - 5. The method of claim 1, further comprising in response to ones of the individuals who performed a target action of the simulated phishing attack, receiving information characterizing respective computing devices of those individuals.
  - 6. The method of claim 5, wherein the information characterizing the respective computing devices include one or more of a type of web browser of the computing device, a type of operating system of the computing device, and a type of the computing device.
  - 7. The method of claim 5, further comprising calculating, based on the information characterizing respective computing devices of individuals who performed the target action, an aggregate performance of individuals who share a computing device characteristic.
  - 8. The method of claim 1, wherein the simulated phishing attack is standardized by preparing one or more messages of the simulated phishing attack from one or more template messages, wherein the preparation includes incorporating information specific to the first group into the one or more template messages.
  - 9. The method of claim 8, wherein the information specific to the first group includes one or more of names of the individuals from the first group, a company logo of the first group, a company name of the first group and one or more project names associated with the first group.
  - 10. The method of claim 1, wherein the first group is a first company and the second group is a second company.
  - 11. The method of claim 1, wherein the first group is a first organization and the second group includes one or more organizations other than the first organization.
  - 12. The method of claim 1, wherein the first group is a first department within a company and the second group is a second department within the company.

13. A network device, comprising:
- a processor;
  
  a storage device connected to the processor; and
  
  a set of instructions on the storage device that, when executed by the processor, cause the processor to;
  
  conduct a simulated phishing attack on individuals from a first group;
  
  record a response of each individual from the first group to the simulated phishing attack;
  
  calculate an aggregate performance of the first group based on the respective responses; and
  
  compare the aggregate performance of the first group with an aggregate performance of individuals from a second group so as to determine whether an additional simulated phishing attack should be administered to the individuals from the first group,wherein the simulated phishing attack is standardized for all individuals from the first and second groups so as to allow the aggregate performance of the first group to be compared with the aggregate performance of the second group.

14. A non-transitory machine-readable storage medium comprising software instructions that, when executed by a processor, cause the processor to:
- conduct a simulated phishing attack on individuals from a first group;
  
  record a response of each individual from the first group to the simulated phishing attack;
  
  calculate an aggregate performance of the first group based on the respective responses; and
  
  compare the aggregate performance of the first group with an aggregate performance of individuals from a second group so as to determine whether an additional simulated phishing attack should be administered to the individuals from the first group,wherein the simulated phishing attack is standardized for all individuals from the first and second groups so as to allow the aggregate performance of the first group to be compared with the aggregate performance of the second group.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cofense, Inc.
Original Assignee
PhishMe Incorporated
Inventors
Belani, Rohyt, Higbee, Aaron, Greaux, Scott
Primary Examiner(s)
Abrishamkar, Kaveh

Application Number

US13/785,215
Time in Patent Office

322 Days
Field of Search

None
US Class Current

726/25
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06Q 10/107   Computer-aided management o...

H04L 63/1433   Vulnerability analysis

H04L 63/1483   service impersonation, e.g....

Performance benchmarking for simulated phishing attacks

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

288 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Performance benchmarking for simulated phishing attacks

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

288 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links