Performance benchmarking for simulated phishing attacks

US 9,667,645 B1
Filed: 01/25/2016
Issued: 05/30/2017
Est. Priority Date: 02/08/2013
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

conducting a first simulated phishing attack on individuals from a first group by electronically sending one or more messages from a network device;

electronically recording in a computer readable storage medium responses of one or more individuals from the first group to the first simulated phishing attack;

conducting a second simulated phishing attack on individuals from a second group by electronically sending one or more messages from the network device;

electronically recording in the computer readable storage medium responses of one or more individuals from the second group to the second simulated phishing attack;

calculating by a computerized processor an aggregate performance of the first group based on the responses to the first simulated phishing attack;

calculating by the computerized processor an aggregate performance of the second group based on the responses to the second simulated phishing attack; and

generating by the computerized processor a comparison of the aggregate performance of the first group with the aggregate performance of individuals from the second group;

wherein the simulated phishing attacks are constructed from a common template with respect to at least one individual from the first group and at least one individual from the second group so as to allow the aggregate performance of the first group to be compared with the aggregate performance of the second group.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described herein are methods, network devices and machine-readable media for conducting a simulated phishing attack on a first group of individuals, and performing an analysis of the group'"'"'s performance to the simulated attack. In the analysis, an aggregate performance of the first group is compared with an aggregate performance of individuals from a second group. To ensure uniformity in the simulated phishing attacks, messages thereof may be constructed from template messages, the template messages having placeholders for individual-specific and company-specific information.

Citations

30 Claims

1. A method, comprising:
- conducting a first simulated phishing attack on individuals from a first group by electronically sending one or more messages from a network device;
  
  electronically recording in a computer readable storage medium responses of one or more individuals from the first group to the first simulated phishing attack;
  
  conducting a second simulated phishing attack on individuals from a second group by electronically sending one or more messages from the network device;
  
  electronically recording in the computer readable storage medium responses of one or more individuals from the second group to the second simulated phishing attack;
  
  calculating by a computerized processor an aggregate performance of the first group based on the responses to the first simulated phishing attack;
  
  calculating by the computerized processor an aggregate performance of the second group based on the responses to the second simulated phishing attack; and
  
  generating by the computerized processor a comparison of the aggregate performance of the first group with the aggregate performance of individuals from the second group;
  
  wherein the simulated phishing attacks are constructed from a common template with respect to at least one individual from the first group and at least one individual from the second group so as to allow the aggregate performance of the first group to be compared with the aggregate performance of the second group.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, further comprising determining whether an additional simulated phishing attack should be administered to the individuals from the first group based on the comparing of the aggregate performance of the first group with the aggregate performance of the second group.
  - 3. The method of claim 1, wherein at least one response of the individuals from the first or second groups includes ignoring the simulated phishing attack.
  - 4. The method of claim 1, wherein at least one response of the individuals from the first or second groups includes reporting the simulated phishing attack.
  - 5. The method of claim 1, wherein at least one response of the individuals from the first or second groups includes performing a target action of the simulated phishing attack.
  - 6. The method of claim 1, wherein a target action of the first or second simulated phishing attacks comprises one or more of opening an e-mail attachment, selecting an embedded link, and providing personal information.
  - 7. The method of claim 1, further comprising administering a first type of simulated phishing attack to the first group and a second type of phishing attack to the second group, wherein the first type of simulated phishing attack and second type of simulated phishing attack each include one or more of:
    - a target action involving opening an attachment, ora target action involving selecting an embedded link, ora target action involving a webpage requesting input of a username or password.
  - 8. The method of claim 1, further comprising receiving information characterizing respective computing devices of the individuals, wherein the information characterizing the respective computing devices includes one or more of a type of web browser of the computing device, a type of operating system of the computing device, and a type of the computing device.
  - 9. The method of claim 8, further comprising calculating, based on the information characterizing respective computing devices of individuals who performed the target action, an aggregate performance of individuals who share a computing device characteristic.
  - 10. The method of claim 1, wherein the first simulated phishing attack is constructed by preparing one or more messages of the first simulated phishing attack from a template message, wherein the template message includes a placeholder for information specific to the first group.
  - 11. The method of claim 10, wherein the information specific to the first group includes one or more of names of the individuals from the first group, a company logo of the first group, a company name of the first group and one or more project names associated with the first group.
  - 12. The method of claim 1, wherein the first group comprises a first company and the second group comprises an aggregate of other companies, each of the other companies in the aggregate being in a field similar to that of the first company.
  - 13. The method of claim 1, wherein the first group comprises a first organization and the second group comprises one or more organizations other than the first organization, each of the second group of organizations having a size similar to that of the first company.
  - 14. The method of claim 1, wherein the first group comprises a first department within a company and the second group comprises a second department within the company.
  - 15. The method of claim 1, wherein first group is a first company and the second group is a second company, and wherein the first company and the second company are in the same industry vertical.

16. A system comprising:
- a processor;
  
  a storage device connected to the processor;
  
  a network device; and
  
  a set of instructions on the storage device that, when executed by the processor, cause the processor to;
  
  conduct a first simulated phishing attack on individuals from a first group;
  
  electronically record in a computer readable storage medium responses of one or more individuals from the first group to the first simulated phishing attack;
  
  conduct a second simulated phishing attack on individuals from a second group;
  
  electronically record in the computer readable storage medium responses of one or more individuals from the second group to the second simulated phishing attack;
  
  calculate an aggregate performance of the first group based on the responses to the first simulated phishing attack;
  
  calculate an aggregate performance of the second group based on the responses to the second simulated phishing attack; and
  
  compare the aggregate performance of the first group with the aggregate performance of individuals from the second group;
  
  wherein the simulated phishing attacks are constructed from a common template with respect to at least one individual from the first group and at least one individual from the second group so as to allow the aggregate performance of the first group to be compared with the aggregate performance of the second group.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
- - 17. The system of claim 16, wherein the set of instructions on the storage device further causes the processor to determine whether an additional simulated phishing attack should be administered to the individuals from the first group based on the comparing of the aggregate performance of the first group with the aggregate performance of the second group.
  - 18. The system of claim 16, wherein at least one response of the individuals from the first or second groups includes ignoring the simulated phishing attack.
  - 19. The system of claim 16, wherein at least one response of the individuals from the first or second groups includes reporting the simulated phishing attack.
  - 20. The system of claim 16, wherein at least one response of the individuals from the first or second groups includes performing a target action of the simulated phishing attack.
  - 21. The method of claim 16, wherein the set of instructions on the storage device further causes the processor to administer a first type of simulated phishing attack to the first group and a second type of phishing attack to the second group, wherein the first type of simulated phishing attack and second type of simulated phishing attack each include one or more of:
    - a target action involving opening an attachment, ora target action involving selecting an embedded link, ora target action involving a webpage requesting input of a username or password.
  - 22. The system of claim 16, wherein the first simulated phishing attack is constructed by preparing one or more messages of the first simulated phishing attack from a template message, wherein the template message includes a placeholder for information specific to the first group.
  - 23. The system of claim 16, wherein the first group comprises a first company and the second group comprises an aggregate of other companies, each of the other companies in the aggregate being in a field similar to that of the first company.
  - 24. The system of claim 16, wherein first group is a first company and the second group is a second company, and wherein the first company and the second company are in the same industry vertical.

25. A non-transitory machine-readable storage medium comprising software instructions that, when executed by a processor, cause the processor to:
- conduct a first simulated phishing attack on individuals from a first group by electronically sending one or more messages from a network device;
  
  electronically record in a computer readable storage medium responses of one or more individuals from the first group to the first simulated phishing attack;
  
  conduct a second simulated phishing attack on individuals from a second group by electronically sending one or more messages from the network device;
  
  electronically record in the computer readable storage medium responses of one or more individuals from the second group to the second simulated phishing attack;
  
  calculate by a computerized processor an aggregate performance of the first group based on the responses to the first simulated phishing attack;
  
  calculate by the computerized processor an aggregate performance of the second group based on the responses to the second simulated phishing attack; and
  
  generate by the computerized processor a comparison of the aggregate performance of the first group with the aggregate performance of individuals from the second group;
  
  wherein the simulated phishing attacks are constructed from a common template with respect to at least one individual from the first group and at least one individual from the second group so as to allow the aggregate performance of the first group to be compared with the aggregate performance of the second group.
- View Dependent Claims (26, 27, 28, 29, 30)
- - 26. The non-transitory machine-readable storage medium of claim 25, wherein the set of instructions on the storage device further causes the processor to administer a first type of simulated phishing attack to the first group and a second type of phishing attack to the second group, wherein the first type of simulated phishing attack and second type of simulated phishing attack each include one or more of:
    - a target action involving opening an attachment, ora target action involving selecting an embedded link, ora target action involving a webpage requesting input of a username or password.
  - 27. The non-transitory machine-readable storage medium of claim 25, wherein the set of instructions further causes the processor to determine whether an additional simulated phishing attack should be administered to the individuals from the first group based on the comparing of the aggregate performance of the first group with the aggregate performance of the second group.
  - 28. The non-transitory machine-readable storage medium of claim 25, wherein at least one response of the individuals from the first or second groups includes ignoring the simulated phishing attack.
  - 29. The non-transitory machine-readable storage medium of claim 25, wherein at least one response of the individuals from the first or second groups includes reporting the simulated phishing attack.
  - 30. The non-transitory machine-readable storage medium of claim 25, wherein at least one response of the individuals from the first or second groups includes performing a target action of the simulated phishing attack.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cofense, Inc.
Original Assignee
PhishMe Incorporated
Inventors
Greaux, Scott, Belani, Rohyt, Higbee, Aaron
Primary Examiner(s)
Brown, Anthony

Application Number

US15/006,030
Time in Patent Office

491 Days
Field of Search

726 25
US Class Current
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06Q 10/107   Computer-aided management o...

H04L 63/1433   Vulnerability analysis

H04L 63/1483   service impersonation, e.g....

Performance benchmarking for simulated phishing attacks

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Performance benchmarking for simulated phishing attacks

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links