Software service to facilitate organizational testing of employees to determine their potential susceptibility to phishing scams

US 9,881,271 B2
Filed: 11/18/2015
Issued: 01/30/2018
Est. Priority Date: 01/27/2012
Status: Active Grant

First Claim

Patent Images

1. A system configured to facilitate assessment by an information technology administrator of the potential susceptibility of employees of an organization to phishing scams, the system comprising:

a first module configured to generate an invitation;

a second module configured to receive a contact information for a plurality of employees from the administrator;

a third module configured to send the invitation to the plurality of the employees; and

a fourth module configured to monitor interaction with the invitation by the employees, wherein the monitored interaction includes responses provided by recipients of the invitation and data obtained in response to the invitation, create a log based on the invitation and the monitored interaction of the employees with the invitation, encrypt the log, and provide the log to the administrator.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A software system and service for facilitating organizational testing of employees in order to determine their potential susceptibility to phishing scams is disclosed to evaluate their susceptibility to e-mail and Internet cybercrimes such as phishing. The e-mail addresses of a client organization'"'"'s employees are provided to the system, a phishing e-mail is created and customized, and a phishing e-mail campaign in which the phishing e-mail message is sent and the responses to the phishing e-mail is monitored, and the results of the e-mail campaign are provided for evaluation. The phishing e-mail may optionally contain attachments and various types of probes and “call home” mechanisms.

Citations

18 Claims

1. A system configured to facilitate assessment by an information technology administrator of the potential susceptibility of employees of an organization to phishing scams, the system comprising:
- a first module configured to generate an invitation;
  
  a second module configured to receive a contact information for a plurality of employees from the administrator;
  
  a third module configured to send the invitation to the plurality of the employees; and
  
  a fourth module configured to monitor interaction with the invitation by the employees, wherein the monitored interaction includes responses provided by recipients of the invitation and data obtained in response to the invitation, create a log based on the invitation and the monitored interaction of the employees with the invitation, encrypt the log, and provide the log to the administrator.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The system of claim 1, wherein the fourth module is configured to receive probe data generated by each employee'"'"'s interaction with the invitation, and wherein the fourth module is configured to provide the probe data and the invitation to the administrator.
  - 3. The system of claim 2, wherein the system is configured to provide benchmark information to the administrator based on the monitored interaction of the employees with the invitation.
  - 4. The system of claim 2, wherein the system is configured to provide comparison information to the administrator between the monitored interactions of the employees with the invitation and a previous e-mail campaign.
  - 5. The system of claim 1, wherein the fourth module is configured to analyze the risk level of each employee'"'"'s interaction with the invitation based on a predetermined time period subsequent to each interaction.
  - 6. The system of claim 5, wherein the fourth module is configured to instruct the employees'"'"' web browser to determine at least one characteristic of the input received from each of the employees, to delete the input received from each of the employees, and to send information regarding the at least one characteristic for each of the employees'"'"' input to the fourth module.
  - 7. The system of claim 6, wherein the at least one characteristic includes information regarding the number of characters of the input received from each of the employees.
  - 8. The system of claim 6, wherein the at least one characteristic includes a hash of the input received from each of the employees.
  - 9. The system of claim 1, wherein the invitation is an e-mail including a link to a web page configured to be accessed by the employees using a web browser by clicking the link;
    - wherein the web page includes a portion configured to receive input from the employees; and
      
      wherein the fourth module is configured to instruct the employees'"'"' web browser to determine whether each of the employees provides input to the web page.
  - 10. The system of claim 1, wherein the invitation is an e-mail including a link to a web page configured to be accessed by the employees using a web browser by clicking the link;
    - wherein the web page includes a portion configured to receive input from the employees; and
      
      wherein the fourth module is configured to instruct the employees'"'"' web browser to profile the input received from each of the employees before sending it to the fourth module.
  - 11. The system of claim 10, wherein the web page is configured to prompt the employees to upload a file;
    - andwherein the fourth module is configured to direct the web page to profile at least one of the name of the file, the size of the file, and the type of the file, before transmitting information regarding the file to the fourth module.
  - 12. The system of claim 1, wherein the fourth module is configured to instruct the employee'"'"'s web browser to encrypt information sent from the employee'"'"'s web browser to the fourth module.
  - 13. The system of claim 1, wherein the invitation is an e-mail including a link to a web page configured to be accessed by the employees using a web browser by clicking the link;
    - wherein the webpage includes a portion configured to receive input from the employees; and
      
      wherein the fourth module is configured to instruct the employees'"'"' web browser to profile the input received from each of the employees with a one way hash and before sending the input to the fourth module.
  - 14. The system of claim 1, wherein the invitation is an e-mail including a link to a web page configured to be accessed by the employees using a web browser by clicking the link;
    - wherein the webpage includes a portion configured to receive input from the employees; and
      
      wherein the fourth module is configured to instruct the web browser to profile the input received from each of the employees and to delete the input received from each of the employees.
  - 15. The system of claim 1, wherein the invitation is an SMS message including a link which if clicked by one of the employees is configured to install an attachment probe on the one of the employees'"'"' device.
  - 16. The system of claim 1, wherein for each monitored interaction with the invitation by an employee the system is configured to determine information regarding that employee'"'"'s computer.
  - 17. The system of claim 16, wherein the determined information regarding that employee'"'"'s computer includes at least one of the version of Excel that is being used on that employee'"'"'s computer, the version of the web browser being used on that employee'"'"'s computer, the plug-ins being used on that employee'"'"'s computer, and whether java, activeX, or cookies are enabled in the web browser being used on that employee'"'"'s computer.
  - 18. The system of claim 1, wherein the fourth module is configured to avoid collecting potentially confidential information provided by the employees.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Barracuda Networks Incorporated
Original Assignee
Phishline, LLC (Barracuda Networks Incorporated)
Inventors
Chapman, Mark T.
Primary Examiner(s)
Gergiso, Techane

Application Number

US14/945,085
Publication Number

US 20160078377A1
Time in Patent Office

804 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 10/0635   Risk analysis of enterprise...

G06Q 10/107   Computer-aided management o...

H04L 63/1433   Vulnerability analysis

H04L 63/1483   service impersonation, e.g....

Software service to facilitate organizational testing of employees to determine their potential susceptibility to phishing scams

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Software service to facilitate organizational testing of employees to determine their potential susceptibility to phishing scams

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links