Abstract: A method for establishing a campaign for a simulated phishing attack includes receiving, via a campaign manager, specification of a plurality of parameters for a campaign including at least an identifier of a campaign and identification of users to which to send the campaign, establishing, via the campaign manager, a type of exploit for the campaign and one or more types of data to collect via the type of exploit, storing, by the campaign manager, the campaign comprising the plurality of parameters, and identifying, by a simulation server, the campaign stored in the database to create a simulated phishing email, to be sent to email accounts of the users, using the plurality of parameters of the campaign, wherein the simulated phishing email is to be created to have a link to a landing page comprising the type of exploit and configured to collect the one or more types of data.

Abstract: The present disclosure describes a system that notifies users regarding specific user decisions with respect to solution phishing emails. The system notifies users when users perform specific actions with respect to the untrusted phishing emails. The system pauses execution of these actions and prompts the user to confirm whether to take the actions or to revert back to review the actions. In contrast from anti-ransomware technologies which are entirely in control, the system gives the user autonomy in deciding actions relating to untrusted phishing emails. The system interrupts execution of actions related to untrusted phishing emails in order to give users a choice on whether to proceed with actions.

Abstract: Systems and methods are described for selecting a model for a simulated phishing campaign for a user based on classifying a user into a cluster of a plurality of clusters. A campaign controller may initiate a simulated phishing campaign for a user. In some examples, while initiating the simulated phishing campaign the campaign controller identifies a plurality of attributes of the user and/or a plurality of attributes of a company of the user, and sends the plurality of attributes to a serving module of the campaign controller. The serving module receives historical information on activity associated with the user during previous simulated phishing campaigns. The serving module uses the historical information as input into one or more clustering models and using the model, classifies the user into a cluster which contains users that are responsive to one or more specific models.

Abstract: The present disclosure describes systems and methods for using for a simulated phishing campaign, information about one or more situations of a user determined from an electronic calendar of the user, A campaign controller may identify/an electronic calendar of a user for which to direct a simulated phishing campaign, determine one or more situations of the user from information stored in the electronic calendar and select either a template from a plurality of templates or a starting action from a plurality of starting actions for the simulated phishing campaign based at least on the one or more situations of the user. The campaign controller may communicate to one or more devices of the user a simulated phishing communication based at least on the respective template or starting action.

Abstract: Disclosed embodiments describe an exporter that creates files in a format suitable as input for training models, from records selected and extracted from a database which stores results from simulated phishing campaigns. In some embodiments, a model trainer receives the files from the exporter and uses the files as inputs to train a neural network in order to establish a model. The model is the stored to be used by a campaign controller for communicating simulated phishing communications to devices of users, as part of a simulated phishing campaign.

Abstract: Systems and methods are described for using a template for simulated phishing campaigns based on predetermined date from a date associated with a user. The predetermined date may by an event, an anniversary or a milestone associated with employment of the user with a company. The campaign controller may identify a date associated with the user and based on the identification of the date associated with the user, the campaign controller may select one or more templates for one or more simulated phishing campaigns to be triggered by a predetermined date related to the date associated with the user.

Abstract: Systems and methods for performing a simulated phishing attack are provided. A simulated attack server can send a simulated attack email including a unique identifier to a target. The simulated attack server can receive a reply email including the unique identifier from the target. The simulated attack server can extract the unique identifier from the reply email. The simulated attack server can determine a match between the unique identifier and an identity of the target. The simulated attack server can record a target failure, responsive to determining the match between the unique identifier and the identity of the target.

Abstract: Embodiments disclosed describe a security awareness system may adaptively learn the best design of a simulated phishing campaign to get a user to perform the requested actions, such as clicking a hyperlink or opening a file. In some implementations, the system may adapt an ongoing campaign based on user's responses to messages in the campaign, along with the system's learned awareness. The learning process implemented by the security awareness system can be trained by observing the behavior of other users in the same company, other users in the same industry, other users that share similar attributes, all other users of the system, or users that have user attributes that match criteria set by the system, or that match attributes of a subset of other users in the system.

Abstract: The present disclose describes systems and methods for creating a simulated phishing campaign for a user based on at least a history of the user with respect to simulated phishing campaigns. A database may be configured to store simulated phishing campaign history of a user, the simulated phishing campaign history comprising information on events associated with the user during one or more previous simulated phishing campaigns, A campaign controller may identify the simulated phishing campaign history of the user from the database, determine based at least on the simulated phishing campaign history of the user, a model from a plurality of models for creating a simulated phishing campaign directed to the user; and create, responsive to the determination, the simulated phishing campaign using the model.

Abstract: Embodiments of the disclosure describe a simulated phishing campaign manager that communicates a simulated phishing communication that includes at least the telephone number and reference identifier, to a device of a user. The content of the simulated phishing communication may prompt the user to call the telephone number identified in the simulated phishing communication. The security awareness system may select a telephone number and a reference identifier to use for the simulated phishing communication, the combination of which may be later used to identify a specific user if they respond to the message. Each of a plurality of users may have a unique combination of telephone number and reference identifier. The telephone number may be selected based on the geographic location of the user, or the telephone number may be selected to correspond to content in a simulated phishing communication.

Abstract: Systems and methods are provided for performing simulated phishing attacks using social engineering indicators. One or more failure indicators can be configured in a phishing email template, and each failure indicator can be assigned a description about that failure indicator through use of a markup tag. The phishing email template containing the markup tags corresponding to the failure indicators can be stored and can be used to generate a simulated phishing email in which the one or more markup tags are removed.

Abstract: Embodiments of the disclosure describe systems and methods for selecting a first group of users, which is selected to receive simulated phishing emails as part of a simulated phishing campaign, and adding users to a second group of users based upon those selected users interacting with a simulated phishing email that is part of a simulated phishing campaign; tracking the completion of remediation training related to phishing emails by users in the second group of users and receiving one or more indications that the users in the second group of users have completed remedial training; and automatically adding users, who are members of the second user group, to the first user group, to a third user group, or to a predetermined user group responsive to the one or more indications that the users in the second group of users have completed remedial training.

Abstract: A method for creating a plurality of campaigns for simulated phishing attacks includes creating, by a campaign manager, a plurality of campaigns for simulated phishing attacks having a plurality of parameters including at least a time schedule, each of the plurality of campaigns having at least one parameter different than other campaigns of the plurality of campaigns, and identifying, by a simulation server from the database, a first campaign and a second campaign from the plurality of campaigns from which to create a first simulated phishing email to send on a first time schedule to email accounts of users of the first campaign, and a second simulated phishing email to send on a second time schedule, different than the first time schedule, to email accounts of users of the second campaign.

Abstract: Embodiments disclosed describe a security awareness system may adaptively learn the best design of a simulated phishing campaign to get a user to perform the requested actions, such as clicking a hyperlink or opening a file. In some implementations, the system may adapt an ongoing campaign based on user's responses to messages in the campaign, along with the system's learned awareness. The learning process implemented by the security awareness system can be trained by observing the behavior of other users in the same company, other users in the same industry, other users that share similar attributes, all other users of the system, or users that have user attributes that match criteria set by the system, or that match attributes of a subset of other users in the system.

Abstract: Embodiments of the disclosure describe systems and methods for selecting a first group of users, which is selected to receive simulated phishing emails as part of a simulated phishing campaign, and adding users to a second group of users based upon those selected users interacting with a simulated phishing email that is part of a simulated phishing campaign; tracking the completion of remediation training related to phishing emails by users in the second group of users and receiving one or more indications that the users in the second group of users have completed remedial training; and automatically adding users, who are members of the second user group, to the first user group, to a third user group, or to a predetermined user group responsive to the one or more indications that the users in the second group of users have completed remedial training.

Abstract: A method for establishing a campaign for a simulated phishing attack includes receiving, via a campaign manager, specification of a plurality of parameters for a campaign including at least an identifier of a campaign and identification of users to which to send the campaign, establishing, via the campaign manager, a type of exploit for the campaign and one or more types of data to collect via the type of exploit, storing, by the campaign manager, the campaign comprising the plurality of parameters, and identifying, by a simulation server, the campaign stored in the database to create a simulated phishing email, to be sent to email accounts of the users, using the plurality of parameters of the campaign, wherein the simulated phishing email is to be created to have a link to a landing page comprising the type of exploit and configured to collect the one or more types of data.

Abstract: Systems and methods for performing a simulated phishing attack are provided. A simulated attack server can send a simulated attack email including a unique identifier to a target. The simulated attack server can receive a reply email including the unique identifier from the target. The simulated attack server can extract the unique identifier from the reply email. The simulated attack server can determine a match between the unique identifier and an identity of the target. The simulated attack server can record a target failure, responsive to determining the match between the unique identifier and the identity of the target.

Abstract: Methods, systems and apparatus are provided which allow a server of a security awareness system to associate IP addresses with events representing user interactions with simulated phishing campaigns. The server receives a plurality of events related to one or more simulated phishing campaigns for a plurality of accounts. The server determines if an IP address of the plurality of IP addresses is associated with one or more events for multiple accounts of the plurality of accounts. Based upon this determination, the server provides identification of the IP address as suspected as having the one or more events associated with it not originating from any user of the multiple accounts. The server receives an indication of whether the IP address is validated as having the one or more events originating from a bot instead of a user of one of the multiple accounts.

Abstract: Systems and methods are provided for performing simulated phishing attacks using social engineering indicators. One or more failure indicators can be configured in a phishing email template, and each failure indicator can be assigned a description about that failure indicator through use of a markup tag. The phishing email template containing the markup tags corresponding to the failure indicators can be stored and can be used to generate a simulated phishing email in which the one or more markup tags are removed.