Abstract: Systems and methods are described for facilitating assessment of security awareness of a candidate prior to a decision on whether or not to hire the candidate. Security awareness of the candidate in association with an application for a job may be assessed using responses to one or more simulated phishing communications provided by the candidate. Responses to the one or more simulated phishing communications may be used to determine a risk score for the candidate. Further, the risk score for the candidate may be used to make a decision on whether or not to hire the candidate.

Abstract: The present disclosure describes systems and methods for dynamically creating groups of users based on attributes for simulated phishing campaign. A campaign controller determines one or more attributes of a plurality of users during execution of a simulated phishing campaign and creates one or more groups of users during based on the identified attributes. The campaign controller selects a template to be used to execute a portion of the simulated phishing campaign for a first group of users and then communicates one or more simulated phishing communications to the first group of users according to the template. The template may identify a list of a plurality of types of simulated phishing communications (email, text or SMS message, phone call or Internet based communication) and at least a portion of the content for the simulated phishing communication.

Abstract: The present disclosure describes systems and methods for determining a subsequent action of a simulated phishing campaign. A campaign controller identifies a starting action for a simulated phishing campaign directed to a user of a plurality of users. The simulated phishing campaign includes a plurality of actions, one or more of the plurality of actions to be determined during execution of the simulated phishing campaign The campaign controller responsive to the starting action, communicates a simulated phishing communication to one or more devices of a user. The campaign controller determines a subsequent action of the plurality of actions of the simulated phishing campaign based at least on one of a response to the simulated phishing communication received by the campaign controller or a lack of response within a predetermined time period and initiating, responsive to the determination, the subsequent action of the simulated phishing campaign.

Abstract: Systems and methods are described for using secured groups for simulated phishing campaigns to obfuscate data for levels of privacy based on protected criteria classes. Initially, a group to resolve members of the group based on multiple users matching one or more group criteria is established. It is then determined that at least one criteria of the one or more criteria has been configured as one of multiple protected criteria classes. Responsive to the determination, the group is identified as a secured group. A query of the group is then executed to identify one or more users of the multiple users as members of the group based on the users matching the criteria of the secured group at the time of execution of the group and information of the one or more users resulting from the execution of the secured group is obfuscated in accordance with the protected criteria class.

Abstract: Systems and methods are described for enrichment of breach data for security awareness training. Initially, breached credentials of a user are obtained from breach data of one or more breaches. Analysis of the breached credentials are performed and a level of risk that the breached credentials pose to the organization is determined. Thereafter, a breach score of the user is determined based at least on the level of risk. A remedial action with respect to the user is taken based at least on the breach score.

Abstract: Systems and methods are described for modifying one or more advertisements of a webpage or a social media feed to create a simulated cybersecurity attack. Initially, content responsive to a request by a user via a user device to access a webpage or social media feed with one or more advertisements is received. One or more advertisements are detected within the content. An advertisement of the one or more advertisements is modified or replaced with simulated cybersecurity attack advertisements. The webpage or social media feed with the modified advertisement is displayed to the user device. User interactions with the simulated cybersecurity attack content are tracked and training is provided based on user interactions.

Abstract: Systems and methods are described for providing customized message content to be displayed to a user of an email client, responsive to the user selecting, via a plug-in or agent of the email client, to report an email as a potential phishing email. In examples, the user may be an employee of an organization and the systems and methods may facilitate a determination by the plug-in or agent of the email client that the reported email is one that does not pose a security risk, such as a simulated phishing email sent by the organization itself, or an email sent from a trusted partner of the organization. The systems and methods may facilitate a customization of the message content that is displayed to the user. In examples, the customized message content may be included or specified within one or more SMTP extension headers of an SMTP email.

Abstract: Systems and methods are described for tailoring shareable content object reference model (SCORM)-compliant content to one or more users. A learning management system (LMS), configured to be SCORM-compliant, initiates shareable content object (SCO) to provide content to users. The LMS implements an instance of application programming interface (API) comprising a plurality of functions to be called by SCO during runtime to access data model elements accessible via LMS. The LMS is configured to support one or more data model elements undefined by SCORM. Further, LMS receives a call to a function of the plurality of functions of the API from SCO to access information about users. The call references a name of a data model element undefined by SCORM. The data model element identifies information about users. The LMS provides information about the users to SCO and the SCO tailors the content to the users based on the information.

Abstract: Methods, systems and apparatus for implementing a security awareness program are provided which allow a device of a security awareness system to receive attributes of an implementation of a security awareness program from an entity, such as a company. Responsive to the attributes, the device determines a configuration for each of a baseline simulated phishing campaign, electronic based training of users of the entity for security awareness and one or more subsequent simulated phishing campaigns. The device initiates execution of the baseline simulated phishing campaign to identify a percentage of users of the entity that are phish-prone.

Abstract: Systems and methods are provided for performing simulated phishing attacks using social engineering indicators. One or more failure indicators can be configured in a phishing email template, and each failure indicator can be assigned a description about that failure indicator through use of a markup tag. The phishing email template containing the markup tags corresponding to the failure indicators can be stored and can be used to generate a simulated phishing email in which the one or more markup tags are removed.

Abstract: The systems and methods disclose creating variations of criteria for a query-based group of users. One or more criteria from a plurality of criteria available is selected to form a query to identify members of query-based group of users. Using the selected one or more criteria, query-based groups of users are generated. Each of the plurality of query-based groups of users may have a query with a variation of the selected one or more criteria. A user count data of user membership in each query-based group of the query-based groups of users is determined based at least on applying the query of each of the plurality of query-based groups of users to one or more databases. One or more of the plurality of query-based groups of users is identified as being validated for a statistical significance based at least on the user count data and the one or more criteria.

Abstract: Embodiments of the disclosure describe systems and methods for selecting a first group of users, which is selected to receive simulated phishing emails as part of a simulated phishing campaign, and adding users to a second group of users based upon those selected users interacting with a simulated phishing email that is part of a simulated phishing campaign; tracking the completion of remediation training related to phishing emails by users in the second group of users and receiving one or more indications that the users in the second group of users have completed remedial training; and automatically adding users, who are members of the second user group, to the first user group, to a third user group, or to a predetermined user group responsive to the one or more indications that the users in the second group of users have completed remedial training.

Abstract: Systems and methods are disclosed for analysis of user behavior data to improve security awareness. User behavior data of an organization is received from one or more agents on endpoint devices accessed by the users and using the user behavior data, one or more risk scores representative of the severity of risk associated with the user behavior of the users are determined. Based on the one or more risk scores representative of the severity of risk associated with the user behavior of the users, the behavior of the is determined to pose a security risk to the organization, In response to the determination that the user behavior of the users of the organization poses a security risk to the organization, electronic security awareness training is delivered to the users.

Abstract: The systems and methods disclose an automated effective template generation and recommendation for selection. A semantic similarity of a plurality of messages may be identified that at least meets a similarity threshold, each of the plurality of messages reported by a plurality of users as a potentially malicious message. The plurality of messages may be indexed under a common template identifier. One or more messages of the plurality of messages indexed under the common template identifier may be determined to have a report-to-reach ratio less than a report-to-reach threshold. Responsive to the determination, the one or more messages may be identified to be used for generating one or more simulated phishing templates. A recommendation of the one or more templates may be provided to a system administrator and/or a security awareness and simulation training platform to create and deliver simulated phishing messages using the templates.

Abstract: Systems and methods are described for using a template for simulated phishing campaigns based on predetermined date from a date associated with a user. The predetermined date may by an event, an anniversary or a milestone associated with employment of the user with a company. The campaign controller may identify a date associated with the user and based on the identification of the date associated with the user, the campaign controller may select one or more templates for one or more simulated phishing campaigns to be triggered by a predetermined date related to the date associated with the user.

Abstract: Systems and methods are disclosed for simulating a phishing attack involving an email thread. An email thread of a plurality of email threads of an entity for use in a simulated phishing attack is identified. A simulation system generates a converted reply simulated phishing email to an email of the email thread. The converted reply simulated phishing email is generated to be from a user that is one of a recipient or a sender of one or more emails of the email thread and is communicated to a target user's email account, the converted reply simulated phishing email.

Abstract: Systems and methods are described for verifying whether simulated phishing communications are allowed to pass by a security system of an email system to email account of users. One or more email accounts of the email system with the security system may be identified to use for a delivery verification campaign. Further, one or more types of simulated phishing communications may be selected from a plurality of types of simulated phishing communications. The delivery verification campaign may be configured to include the selection of the one or more types of simulated phishing communications from the plurality of types of simulated phishing communications. The selected one or more types of simulated phishing communications of the delivery verification campaign may be communicated to the one or more email accounts. Further, whether or not each of the one or more types of simulated phishing communications was allowed by the security system to be received unchanged at the one or more email accounts.

Abstract: Systems and methods are described for improving assessment of security risk based on a user's personal information. Registration of personal information of a user of an organization is received at a security awareness system. Post receiving the registration of the personal information, at least one of an exposure check or a security audit of the personal information of the user is performed by the security awareness system. A personal risk score of the user is then generated or adjusted based at least on a result of one of the exposure check or the security audit.

Abstract: Embodiments disclosed describe a security awareness system may adaptively learn the best design of a simulated phishing campaign to get a user to perform the requested actions, such as clicking a hyperlink or opening a file. In some implementations, the system may adapt an ongoing campaign based on user's responses to messages in the campaign, along with the system's learned awareness. The learning process implemented by the security awareness system can be trained by observing the behavior of other users in the same company, other users in the same industry, other users that share similar attributes, all other users of the system, or users that have user attributes that match criteria set by the system, or that match attributes of a subset of other users in the system.

Abstract: Systems and methods for performing a simulated phishing attack are provided. A simulated attack server can send a simulated attack email including a unique identifier to a target. The simulated attack server can receive a reply email including the unique identifier from the target. The simulated attack server can extract the unique identifier from the reply email. The simulated attack server can determine a match between the unique identifier and an identity of the target. The simulated attack server can record a target failure, responsive to determining the match between the unique identifier and the identity of the target.