Methods and systems for preventing malicious use of phishing simulation records

US 9,262,629 B2
Filed: 01/21/2014
Issued: 02/16/2016
Est. Priority Date: 01/21/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method performed by a data processing apparatus, the method comprising:

for an individual, associating a phishing simulation record of the individual with an e-mail alias of the individual and associating the e-mail alias of the individual with a primary e-mail address of the individual;

sending via a computer network one or more simulated phishing messages to the individual via the e-mail alias associated with the individual;

generating a phishing simulation record based on a response by the individual to the one or more simulated phishing messages,wherein, for the individual, the phishing simulation record of the individual is associated with the primary e-mail address of the individual only through the e-mail alias of the individual;

wherein, after sending the one or more messages, disassociating by a computer processor the primary e-mail address of the individual from the e-mail alias of the individual such that phishing susceptibility attribution is precluded for the individual.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described herein are methods, network devices and machine-readable media for preventing the malicious use of phishing simulation records. Phishing simulation records often times can reveal which individuals are most susceptible to phishing attacks. In the event that an attacker gains access to these records, the attacker can exploit such information to send phishing attacks to those individuals who are the most susceptible. To address such vulnerabilities, a phishing simulation record of an individual is only associated with an e-mail alias of the individual. Further, such e-mail alias may be deactivated after phishing simulations have been completed. Therefore, even if an attacker were able to identify individuals most susceptible to phishing attacks, the attacker will be unable to send any phishing attacks to those individuals since their e-mail aliases will have been deactivated.

Citations

17 Claims

1. A computer-implemented method performed by a data processing apparatus, the method comprising:
- for an individual, associating a phishing simulation record of the individual with an e-mail alias of the individual and associating the e-mail alias of the individual with a primary e-mail address of the individual;
  
  sending via a computer network one or more simulated phishing messages to the individual via the e-mail alias associated with the individual;
  
  generating a phishing simulation record based on a response by the individual to the one or more simulated phishing messages,wherein, for the individual, the phishing simulation record of the individual is associated with the primary e-mail address of the individual only through the e-mail alias of the individual;
  
  wherein, after sending the one or more messages, disassociating by a computer processor the primary e-mail address of the individual from the e-mail alias of the individual such that phishing susceptibility attribution is precluded for the individual.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the phishing simulation record comprises a measure of the corresponding individual'"'"'s susceptibility to phishing attacks.
  - 3. The method of claim 1, further comprising determining which of the phishing simulation records has a measure of phishing susceptibility that exceeds a threshold.
  - 4. The method of claim 1, wherein the phishing simulation record comprises a total number of phishing simulations that the corresponding individual has fallen victim to.
  - 5. The method of claim 4, wherein if the total number of phishing simulations that the corresponding individual has fallen victim to exceeds a threshold, then sending via the computer network one or more simulated phishing messages to the individual.
  - 6. The method of claim 1, wherein the association between the e-mail aliases and the primary e-mail addresses is stored using encryption.
  - 7. The method of claim 1, wherein the association between the phishing simulation records and the e-mail aliases is stored in a first data store and the association between the e-mail aliases and the primary e-mail addresses is stored in a second data store, the first data store being separate from the second data store so that even if an attacker gains access to the first data store, the attacker does not automatically gain access to the second data store.
  - 8. The method of claim 1, further comprising:
    - upon detecting that one or more messages have been sent to an individual'"'"'s e-mail alias, forwarding the one or more messages to the primary e-mail address of the individual.
  - 9. The method of claim 1, wherein the one or more messages comprise one or more of phishing simulations and training materials constructed to increase an individual'"'"'s awareness of phishing attacks.

10. A network device, comprising:
- a processor;
  
  a storage device connected to the processor; and
  
  a set of instructions on the storage device that, when executed by the processor, cause the processor to;
  
  for an individual, associate a phishing simulation record of the individual with an e-mail alias of the individual and associate the e-mail alias of the individual with a primary e-mail address of the individual;
  
  sending one or more simulated phishing messages to the individual via the e-mail alias associated with the individual;
  
  generating a phishing simulation record based on a response by the individual to the one or more simulated phishing messages,wherein, for the individual, the phishing simulation record of the individual is associated with the primary e-mail address of the individual only through the e-mail alias of the individual;
  
  wherein, after sending the one or more messages, disassociating by a computer processor the primary e-mail address of the individual from the e-mail alias of the individual such that phishing susceptibility attribution is precluded for the individual.
- View Dependent Claims (12, 13, 14)
- - 12. The method of claim 10, the instructions further comprising instructions for determining which of the phishing simulation records has a measure of phishing susceptibility that exceeds a threshold.
  - 13. The method of claim 10, wherein the phishing simulation record comprises a total number of phishing simulations that the corresponding individual has fallen victim to.
  - 14. The method of claim 10, wherein if the total number of phishing simulations that the corresponding individual has fallen victim to exceeds a threshold, then sending via the computer network one or more simulated phishing messages to the individual.

11. A non-transitory machine-readable storage medium comprising software instructions that, when executed by a processor, cause the processor to:
- for an individual, associate a phishing simulation record of the individual with an e-mail alias of the individual and associate the e-mail alias of the individual with a primary e-mail address of the individual;
  
  sending one or more simulated phishing messages to the individual via the e-mail alias associated with the individual;
  
  generating a phishing simulation record based on a response by the individual to the one or more simulated phishing messages,wherein, for the individual, the phishing simulation record of the individual is associated with the primary e-mail address of the individual only through the e-mail alias of the individual;
  
  wherein, after sending the one or more messages, disassociating by a computer processor the primary e-mail address of the individual from the e-mail alias of the individual such that phishing susceptibility attribution is precluded for the individual.
- View Dependent Claims (15, 16, 17)
- - 15. The non-transitory machine-readable storage medium of claim 11, the instructions further comprising instructions for determining which of the phishing simulation records has a measure of phishing susceptibility that exceeds a threshold.
  - 16. The non-transitory machine-readable storage medium of claim 11, wherein the phishing simulation record comprises a total number of phishing simulations that the corresponding individual has fallen victim to.
  - 17. The non-transitory machine-readable storage medium of claim 11, wherein if the total number of phishing simulations that the corresponding individual has fallen victim to exceeds a threshold, then sending via the computer network one or more simulated phishing messages to the individual.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cofense, Inc.
Original Assignee
PhishMe Incorporated
Inventors
Belani, Rohyt, Higbee, Aaron, Greaux, Scott
Primary Examiner(s)
LEMMA, SAMSON B

Application Number

US14/160,443
Publication Number

US 20150205953A1
Time in Patent Office

756 Days
Field of Search

726/25
US Class Current

1/1
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1483   service impersonation, e.g....

Methods and systems for preventing malicious use of phishing simulation records

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for preventing malicious use of phishing simulation records

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links