Software service to facilitate organizational testing of employees to determine their potential susceptibility to phishing scams
First Claim
1. A system for facilitating an information technology administrator of a client organization to assess the potential susceptibility of employees of the client organization to phishing scams, the system comprising:
- an appliance comprising at least one processor device that is accessible by the information technology administrator of a client organization to set up a phishing e-mail campaign, the appliance comprising;
a first module configured to facilitate entry of the e-mail addresses of a group of individuals into one or more address books;
a second module configured to facilitate creation of a phishing e-mail that includes at least a link;
a third module configured to facilitate creation of a web page accessible by a recipient of the phishing e-mail by clicking on the link included in the phishing e-mail;
a fourth module configured to facilitate establishment of a campaign by selecting and correlating at least one address book and at least one phishing e mails e-mail to be sent;
a fifth module configured to execute the campaign by sending the phishing e-mail(s) to the group of individuals in the address book(s);
a sixth module configured to monitor responses to the phishing e-mail(s) by recipients of phishing e-mail(s) who respond by providing potentially confidential information, the sixth module further configured to instruct an employee'"'"'s web browser to profile potentially confidential information provided by recipients of phishing e-mail(s) and to avoid collecting potentially confidential information provided by recipients of phishing e-mail(s); and
a seventh module configured to provide analysis of responses to the phishing e-mail(s) for review by the information technology administrator.
9 Assignments
0 Petitions
Accused Products
Abstract
A software system and service for facilitating organizational testing of employees in order to determine their potential susceptibility to phishing scams is disclosed to evaluate their susceptibility to e-mail and Internet cybercrimes such as phishing. The e-mail addresses of a client organization'"'"'s employees are provided to the system, a phishing e-mail is created and customized, and a phishing e-mail campaign in which the phishing e-mail message is sent and the responses to the phishing e-mail is monitored, and the results of the e-mail campaign are provided for evaluation. The phishing e-mail may optionally contain attachments and various types of probes and “call home” mechanisms.
82 Citations
7 Claims
-
1. A system for facilitating an information technology administrator of a client organization to assess the potential susceptibility of employees of the client organization to phishing scams, the system comprising:
an appliance comprising at least one processor device that is accessible by the information technology administrator of a client organization to set up a phishing e-mail campaign, the appliance comprising; a first module configured to facilitate entry of the e-mail addresses of a group of individuals into one or more address books; a second module configured to facilitate creation of a phishing e-mail that includes at least a link; a third module configured to facilitate creation of a web page accessible by a recipient of the phishing e-mail by clicking on the link included in the phishing e-mail; a fourth module configured to facilitate establishment of a campaign by selecting and correlating at least one address book and at least one phishing e mails e-mail to be sent; a fifth module configured to execute the campaign by sending the phishing e-mail(s) to the group of individuals in the address book(s); a sixth module configured to monitor responses to the phishing e-mail(s) by recipients of phishing e-mail(s) who respond by providing potentially confidential information, the sixth module further configured to instruct an employee'"'"'s web browser to profile potentially confidential information provided by recipients of phishing e-mail(s) and to avoid collecting potentially confidential information provided by recipients of phishing e-mail(s); and a seventh module configured to provide analysis of responses to the phishing e-mail(s) for review by the information technology administrator. - View Dependent Claims (2, 3, 4, 5, 6)
-
7. A system for facilitating an information technology administrator of a client organization to assess the potential susceptibility of employees of the client organization to phishing scams, the system comprising:
an appliance comprising at least one processor device that is accessible by the information technology administrator of a client organization to set up a phishing e-mail campaign, the appliance comprising; an address book manager module configured to facilitate the input by the information technology administrator of the e-mail addresses of the group of individuals into one or more address books; an e-mail manager module configured to facilitate the creation by the information technology administrator of at least one phishing e-mail; a message generation module configured to execute a campaign by sending the phishing e-mails to the group(s) of individuals in the address book(s); a monitoring module configured to monitor responses to the phishing e-mails by interacting with recipients of phishing e-mails who respond by providing potentially confidential information while avoiding collecting potentially confidential information provided by recipients of phishing e-mails; and a report generating module configured to provide analysis of responses to the phishing e-mails, including analysis of a characteristic of the information provided by the recipients of phishing e-mails who respond, for review by the information technology administrator.
Specification