Abstract: Systems and methods are described for using secured groups for simulated phishing campaigns to obfuscate data for levels of privacy based on protected criteria classes. Initially, a group to resolve members of the group based on multiple users matching one or more group criteria is established. It is then determined that at least one criteria of the one or more criteria has been configured as one of multiple protected criteria classes. Responsive to the determination, the group is identified as a secured group. A query of the group is then executed to identify one or more users of the multiple users as members of the group based on the users matching the criteria of the secured group at the time of execution of the group and information of the one or more users resulting from the execution of the secured group is obfuscated in accordance with the protected criteria class.

Abstract: Systems and methods are provided for user feedback on receiving simulated phishing communications. A method is described that includes receiving feedback from one or more users that interacted with one or more simulated phishing communications. The feedback identifies one or more reasons that the one or more users interacted with the one or more simulated phishing communications. The method further includes categorizing the feedback into one or more categories of a plurality of categories and collating the categorized feedback into one or more classifications of a plurality of classifications. The method also includes communicating a second one or more simulated phishing communications to one or more users based at least on one of the categorized feedback or the one or more classifications.

Abstract: Systems and methods are provided for performing simulated phishing attacks using social engineering indicators. One or more failure indicators can be configured in a phishing email template, and each failure indicator can be assigned a description about that failure indicator through use of a markup tag. The phishing email template containing the markup tags corresponding to the failure indicators can be stored and can be used to generate a simulated phishing email in which the one or more markup tags are removed.

Abstract: Systems and methods are described for providing calendar-based simulated phishing attacks to users of an organization. Initially, a context is identified for a calendar-based simulated phishing attack directed towards a user. An electronic calendar invitation for the calendar-based simulated phishing attack is then generated using the context. Thereafter, the electronic calendar invitation may be communicated to an electronic calendar of the user.

Abstract: The present disclosure describes a system that notifies users regarding specific user decisions with respect to solution phishing emails. The system notifies users when users perform specific actions with respect to the untrusted phishing emails. The system pauses execution of these actions and prompts the user to confirm whether to take the actions or to revert back to review the actions. In contrast from anti-ransomware technologies which are entirely in control, the system gives the user autonomy in deciding actions relating to untrusted phishing emails. The system interrupts execution of actions related to untrusted phishing emails in order to give users a choice on whether to proceed with actions.

Abstract: Systems and methods are described for creating event-driven orchestrated workflows with automated actions in response to security incidents. In an example, a method is described that includes receiving an indication to create a workflow for automating a response to one or more users engaging in an action associated with a security incident and receiving a selection of the action associated with the security incident from a plurality of selectable actions. The selected action is configured into the workflow and configured to trigger execution of the workflow by a user of the one or more users taking the selected action.

Abstract: Embodiments disclosed herein describe a server, for example a security awareness server or an artificial intelligence machine learning system that establishes a job score for a user based on the user's job title. In embodiments, the vulnerability of a user to malicious cybersecurity attacks, the propensity for the user to engage with a malicious attack, and the severity of a malicious attack likely to be sent to the user and the severity of the harm to the user's organization is the user engages with the malicious attack is represented in a user risk score. The risk score for a user of a security awareness system, or for a group of users of a security awareness system, may be calculated based on one or more of a frequency score for the user, a propensity score for the user, a severity score for the user, and a job score for the user.

Abstract: System and methods are described which are useful for efficiently combining characteristic detection rules, such as may be done to efficiently and quickly assist in the dispositioning of user reported security threats.

Abstract: Systems and methods are described for using a template for simulated phishing campaigns based on predetermined date from a date associated with a user. The predetermined date may by an event, an anniversary or a milestone associated with employment of the user with a company. The campaign controller may identify a date associated with the user and based on the identification of the date associated with the user, the campaign controller may select one or more templates for one or more simulated phishing campaigns to be triggered by a predetermined date related to the date associated with the user.

Abstract: Systems and methods are disclosed for simulating a phishing attack involving an email thread. An email thread of a plurality of email threads of an entity for use in a simulated phishing attack is identified. A simulation system generates a converted reply simulated phishing email to an email of the email thread. The converted reply simulated phishing email is generated to be from a user that is one of a recipient or a sender of one or more emails of the email thread and is communicated to a target user's email account, the converted reply simulated phishing email.

Abstract: The present disclosure describes a system for saving metadata on files and using attribute data files inside a computing system to enhance the ability to provide user interfaces based on actions associated with non-executable attachments like text and document files from untrusted emails, to block execution of potentially harmful executable object downloads and files based on geographic location, and to a create a prompt for users to decide whether to continue execution of potentially harmful executable object downloads and files. The system also records user behavior on reactions to suspicious applications and documents by transmitting a set of attribute data in an attribute data file corresponding to suspicious applications or documents to a server. The system interrupts execution of actions related to untrusted phishing emails in order to give users a choice on whether to proceed with actions.

Abstract: Systems and methods are described for tailoring shareable content object reference model (SCORM)-compliant content to one or more users. A learning management system (LMS), configured to be SCORM-compliant, initiates shareable content object (SCO) to provide content to users. The LMS implements an instance of application programming interface (API) comprising a plurality of functions to be called by SCO during runtime to access data model elements accessible via LMS. The LMS is configured to support one or more data model elements undefined by SCORM. Further, LMS receives a call to a function of the plurality of functions of the API from SCO to access information about users. The call references a name of a data model element undefined by SCORM. The data model element identifies information about users. The LMS provides information about the users to SCO and the SCO tailors the content to the users based on the information.

Abstract: The present disclosure describes systems and methods for using for a simulated phishing campaign, information about one or more situations of a user determined from an electronic calendar of the user, A campaign controller may identify/an electronic calendar of a user for which to direct a simulated phishing campaign, determine one or more situations of the user from information stored in the electronic calendar and select either a template from a plurality of templates or a starting action from a plurality of starting actions for the simulated phishing campaign based at least on the one or more situations of the user. The campaign controller may communicate to one or more devices of the user a simulated phishing communication based at least on the respective template or starting action.

Abstract: The present disclose describes systems and methods for creating a simulated phishing campaign for a user based on at least a history of the user with respect to simulated phishing campaigns. A database may be configured to store simulated phishing campaign history of a user, the simulated phishing campaign history comprising information on events associated with the user during one or more previous simulated phishing campaigns, A campaign controller may identify the simulated phishing campaign history of the user from the database, determine based at least on the simulated phishing campaign history of the user, a model from a plurality of models for creating a simulated phishing campaign directed to the user; and create, responsive to the determination, the simulated phishing campaign using the model.

Abstract: Embodiments of the disclosure describe systems and methods for selecting a first group of users, which is selected to receive simulated phishing emails as part of a simulated phishing campaign, and adding users to a second group of users based upon those selected users interacting with a simulated phishing email that is part of a simulated phishing campaign; tracking the completion of remediation training related to phishing emails by users in the second group of users and receiving one or more indications that the users in the second group of users have completed remedial training; and automatically adding users, who are members of the second user group, to the first user group, to a third user group, or to a predetermined user group responsive to the one or more indications that the users in the second group of users have completed remedial training.

Abstract: Systems and methods of embodiments are described of a campaign controller that establishes a model for using a plurality of types of exploits based on at least results of simulated phishing communications using those exploits, and uses the model to communicate a first simulated phishing communication to one or more devices of a user where the type of exploit used for the first simulated phishing communication is selected using the model. The campaign controller applies either artificial intelligence or machine learning to the results of simulated phishing communications to establish the model. The campaign controller selects the exploit by applying either artificial intelligence or machine learning to one or more attributes of the user and/or one or more responses from the user.

Abstract: A method for establishing a campaign for a simulated phishing attack includes receiving, via a campaign manager, specification of a plurality of parameters for a campaign including at least an identifier of a campaign and identification of users to which to send the campaign, establishing, via the campaign manager, a type of exploit for the campaign and one or more types of data to collect via the type of exploit, storing, by the campaign manager, the campaign comprising the plurality of parameters, and identifying, by a simulation server, the campaign stored in the database to create a simulated phishing email, to be sent to email accounts of the users, using the plurality of parameters of the campaign, wherein the simulated phishing email is to be created to have a link to a landing page comprising the type of exploit and configured to collect the one or more types of data.

Abstract: Systems and methods are provided for determining template difficulty based on user security maturity. In an example, a method includes communicating one or more simulated phishing communications to a plurality of users. Each of the users are assigned a user security maturity level of a plurality of user security maturity levels. The one or more simulated phishing communications are generated using a simulated phishing template. The method includes recording the user security maturity level of a user and a type of user interaction for each of the responses to the one or more simulated phishing communications from the users and determining, a failure rate of the simulated phishing template at each user security maturity level of the plurality of user security maturity levels based on the type of user interaction for each of the responses from one or more users assigned to each user security maturity level.

Abstract: Systems and methods are described by which a serving module of a campaign controller identifies a first version of a model which the campaign controller uses to communicate a first simulated phishing communication to a plurality of users. The campaign controller receives a first response from a first user to the simulated phishing communication and a second response from a second user to the simulated phishing communication and determines that the first and second responses are corresponding, for example are the same or similar. The serving module assigns a first user to a first group of users and a second user to a second group of users and identifies a second version of the model to use for the first user and a third version of the model to use for the second user.

Abstract: Systems and methods are described for security maturity determination. Initially, first value for security knowledge level and second value for security awareness level of a user are determined. Further, third value for security culture level of a group of the user is determined. Thereafter, fourth value of security maturity of user is determined based at least on function of first value, second value, and third value. The user is then grouped into class of users comprising one or more additional users, wherein the fourth value of security maturity of the user falls within a predetermined range of security maturity values associated with class of users, class of users comprising one or more additional users. A phish prone percentage of user is benchmarked with phish phone percentage of one of one or more additional users of class of users. The benchmarking of phish prone percentage of user is displayed.