Methods and systems for preventing malicious use of phishing simulation records
First Claim
1. A computer-implemented method performed by a data processing apparatus, the method comprising:
- for an individual, associating a phishing simulation record of the individual with an e-mail alias of the individual and associating the e-mail alias of the individual with a primary e-mail address of the individual;
sending via a computer network one or more simulated phishing messages to the individual via the e-mail alias associated with the individual;
generating a phishing simulation record based on a response by the individual to the one or more simulated phishing messages,wherein, for the individual, the phishing simulation record of the individual is associated with the primary e-mail address of the individual only through the e-mail alias of the individual;
wherein, after sending the one or more messages, disassociating by a computer processor the primary e-mail address of the individual from the e-mail alias of the individual such that phishing susceptibility attribution is precluded for the individual.
9 Assignments
0 Petitions
Accused Products
Abstract
Described herein are methods, network devices and machine-readable media for preventing the malicious use of phishing simulation records. Phishing simulation records often times can reveal which individuals are most susceptible to phishing attacks. In the event that an attacker gains access to these records, the attacker can exploit such information to send phishing attacks to those individuals who are the most susceptible. To address such vulnerabilities, a phishing simulation record of an individual is only associated with an e-mail alias of the individual. Further, such e-mail alias may be deactivated after phishing simulations have been completed. Therefore, even if an attacker were able to identify individuals most susceptible to phishing attacks, the attacker will be unable to send any phishing attacks to those individuals since their e-mail aliases will have been deactivated.
-
Citations
17 Claims
-
1. A computer-implemented method performed by a data processing apparatus, the method comprising:
-
for an individual, associating a phishing simulation record of the individual with an e-mail alias of the individual and associating the e-mail alias of the individual with a primary e-mail address of the individual; sending via a computer network one or more simulated phishing messages to the individual via the e-mail alias associated with the individual; generating a phishing simulation record based on a response by the individual to the one or more simulated phishing messages, wherein, for the individual, the phishing simulation record of the individual is associated with the primary e-mail address of the individual only through the e-mail alias of the individual; wherein, after sending the one or more messages, disassociating by a computer processor the primary e-mail address of the individual from the e-mail alias of the individual such that phishing susceptibility attribution is precluded for the individual. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A network device, comprising:
-
a processor; a storage device connected to the processor; and a set of instructions on the storage device that, when executed by the processor, cause the processor to; for an individual, associate a phishing simulation record of the individual with an e-mail alias of the individual and associate the e-mail alias of the individual with a primary e-mail address of the individual; sending one or more simulated phishing messages to the individual via the e-mail alias associated with the individual; generating a phishing simulation record based on a response by the individual to the one or more simulated phishing messages, wherein, for the individual, the phishing simulation record of the individual is associated with the primary e-mail address of the individual only through the e-mail alias of the individual; wherein, after sending the one or more messages, disassociating by a computer processor the primary e-mail address of the individual from the e-mail alias of the individual such that phishing susceptibility attribution is precluded for the individual. - View Dependent Claims (12, 13, 14)
-
-
11. A non-transitory machine-readable storage medium comprising software instructions that, when executed by a processor, cause the processor to:
-
for an individual, associate a phishing simulation record of the individual with an e-mail alias of the individual and associate the e-mail alias of the individual with a primary e-mail address of the individual; sending one or more simulated phishing messages to the individual via the e-mail alias associated with the individual; generating a phishing simulation record based on a response by the individual to the one or more simulated phishing messages, wherein, for the individual, the phishing simulation record of the individual is associated with the primary e-mail address of the individual only through the e-mail alias of the individual; wherein, after sending the one or more messages, disassociating by a computer processor the primary e-mail address of the individual from the e-mail alias of the individual such that phishing susceptibility attribution is precluded for the individual. - View Dependent Claims (15, 16, 17)
-
Specification