Abstract: Embodiments disclosed describe a security awareness system may adaptively learn the best design of a simulated phishing campaign to get a user to perform the requested actions, such as clicking a hyperlink or opening a file. In some implementations, the system may adapt an ongoing campaign based on user's responses to messages in the campaign, along with the system's learned awareness. The learning process implemented by the security awareness system can be trained by observing the behavior of other users in the same company, other users in the same industry, other users that share similar attributes, all other users of the system, or users that have user attributes that match criteria set by the system, or that match attributes of a subset of other users in the system.

Abstract: Systems and methods are described by which a serving module of a campaign controller identifies a first version of a model which the campaign controller uses to communicate a first simulated phishing communication to a plurality of users. The campaign controller receives a first response from a first user to the simulated phishing communication and a second response from a second user to the simulated phishing communication and determines that the first and second responses are corresponding, for example are the same or similar. The serving module assigns a first user to a first group of users and a second user to a second group of users and identifies a second version of the model to use for the first user and a third version of the model to use for the second user.

Abstract: A system and method is described that sends multiple simulated phishing emails, text messages, and/or phone calls (e.g., via VoIP) varying the quantity, frequency, type, sophistication, and combination using machine learning algorithms or other forms of artificial intelligence. In some implementations, some or all messages (email, text messages, VoIP calls) in a campaign after the first simulated phishing email, text message, or call may be used to direct the user to open the first simulated phishing email or text message, or to open the latest simulated phishing email or text message. In some implementations, simulated phishing emails, text messages, or phone calls of a campaign may be intended to lure the user to perform a different requested action, such as selecting a hyperlink in an email or text message, or returning a voice call.

Abstract: Systems and methods, disclosed herein, of a campaign controller that stores information to a database about execution of multiple simulated phishing campaigns for multiple users, where each of the simulated phishing campaigns use one or more models for communicating simulated phishing communications. Based on this information, the campaign controller may determine a rate of success of the model, in causing a user to interact with a link in one of the simulated phishing campaigns, and may display the model's rate of success via a user interface.

Abstract: The present disclosure describes systems and methods for using a model for a predetermined role for simulated phishing campaigns. A campaign controller communicates simulated phishing communications to one or more devices of a user using a model that the campaign controller selects from a plurality of models in a database that have been established for predetermined roles of a company. The model is selected based on one or more attributes of the user that are identified by the campaign controller. The campaign controller identifies one or more attributes of each user of a plurality of users for the simulated phishing campaign, and the campaign controller selects a respective model for each user based on the attributes of each user, wherein the models are not all the same for all of the users.

Abstract: Embodiments disclosed describe a security awareness system may adaptively learn the best design of a simulated phishing campaign to get a user to perform the requested actions, such as clicking a hyperlink or opening a file. In some implementations, the system may adapt an ongoing campaign based on user's responses to messages in the campaign, along with the system's learned awareness. The learning process implemented by the security awareness system can be trained by observing the behavior of other users in the same company, other users in the same industry, other users that share similar attributes, all other users of the system, or users that have user attributes that match criteria set by the system, or that match attributes of a subset of other users in the system.

Abstract: The present disclose describes systems and methods for creating a simulated phishing campaign for a user based on at least a history of the user with respect to simulated phishing campaigns. A database may be configured to store simulated phishing campaign history of a user, the simulated phishing campaign history comprising information on events associated with the user during one or more previous simulated phishing campaigns, A campaign controller may identify the simulated phishing campaign history of the user from the database, determine based at least on the simulated phishing campaign history of the user, a model from a plurality of models for creating a simulated phishing campaign directed to the user; and create, responsive to the determination, the simulated phishing campaign using the model.

Abstract: Methods and systems are described in which a system provides a user interface to confirm whether to review or take an action associated with an untrusted email. A driver on a device monitors the startup of any processes. Responsive to monitoring, the driver detects an application process that was created that indicates than an application was launched, and notifies a user console about the creation of the application process. The user console determines if the application process is of significance, if so, it injects a monitor library into the process. Once injected into the process, the monitor library detects if the application process receives an action of a user to access a domain that is not identified as trusted. The monitor library notifies the user console of the user's URL-access request.

Abstract: Methods and systems are described in which a system provides a user interface to confirm whether to review or take an action associated with an untrusted email. A driver on a device monitors the startup of any processes. Responsive to monitoring, the driver detects an application process that was created that indicates than an application was launched, and notifies a user console about the creation of the application process. The user console determines if the application process is of significance, if so, it injects a monitor library into the process. Once injected into the process, the monitor library detects if the application process receives an action of a user to access a domain that is not identified as trusted. The monitor library notifies the user console of the user's URL-access request.

Abstract: Systems and methods are described by which a serving module of a campaign controller identifies a first version of a model which the campaign controller uses to communicate a first simulated phishing communication to a plurality of users. The campaign controller receives a first response from a first user to the simulated phishing communication and a second response from a second user to the simulated phishing communication and determines that the first and second responses are corresponding, for example are the same or similar. The serving module assigns a first user to a first group of users and a second user to a second group of users and identifies a second version of the model to use for the first user and a third version of the model to use for the second user.

Abstract: The present disclosure describes systems and methods for dynamically creating groups of users based on attributes for simulated phishing campaign. A campaign controller determines one or more attributes of a plurality of users during execution of a simulated phishing campaign and creates one or more groups of users during based on the identified attributes. The campaign controller selects a template to be used to execute a portion of the simulated phishing campaign for a first group of users and then communicates one or more simulated phishing communications to the first group of users according to the template. The template may identify a list of a plurality of types of simulated phishing communications (email, text or SMS message, phone call or Internet based communication) and at least a portion of the content for the simulated phishing communication.

Abstract: The present disclosure describes systems and methods for using a template for a simulated phishing campaign, A database includes a plurality of templates for simulated phishing campaigns, each template of the plurality of templates identifying a list of a plurality of types of simulated phishing communications and at least a portion of content for the simulated phishing communications. A campaign controller selects a template from the plurality of templates for a simulated phishing campaign directed to a user of a plurality of users; and communicates, to one or more devices of the user a first type of simulated phishing communication of the plurality of types of simulated phishing communications with at least the portion of content identified by the template.

Abstract: Embodiments disclosed herein describe a server, for example a security awareness server or an artificial intelligence machine learning system that establishes a risk score or vulnerable for a user of a security awareness system, or for a group of users of a security awareness system. The server may create a frequency score for a user, which predicts the frequency at which the user is to be hit with a malicious attack. The frequency score may be based on at least a job score, which may be represented by a value that is based on the type of job the user has, and a breach score that may be represented by a value that is based on the user's level of exposure to email.

Abstract: A system and method is described that sends multiple simulated phishing emails, text messages, and/or phone calls (e.g., via VoIP) varying the quantity, frequency, type, sophistication, and combination using machine learning algorithms or other forms of artificial intelligence. In some implementations, some or all messages (email, text messages, VoIP calls) in a campaign after the first simulated phishing email, text message, or call may be used to direct the user to open the first simulated phishing email or text message, or to open the latest simulated phishing email or text message. In some implementations, simulated phishing emails, text messages, or phone calls of a campaign may be intended to lure the user to perform a different requested action, such as selecting a hyperlink in an email or text message, or returning a voice call.

Abstract: Systems and methods, disclosed herein, of a campaign controller that stores information to a database about execution of multiple simulated phishing campaigns for multiple users, where each of the simulated phishing campaigns use one or more models for communicating simulated phishing communications. Based on this information, the campaign controller may determine a rate of success of the model, in causing a user to interact with a link in one of the simulated phishing campaigns, and may display the model's rate of success via a user interface.

Abstract: The present disclosure describes systems and methods for dynamically creating groups of users based on attributes for simulated phishing campaign. A campaign controller determines one or more attributes of a plurality of users during execution of a simulated phishing campaign and creates one or more groups of users during based on the identified attributes. The campaign controller selects a template to be used to execute a portion of the simulated phishing campaign for a first group of users and then communicates one or more simulated phishing communications to the first group of users according to the template. The template may identify a list of a plurality of types of simulated phishing communications (email, text or SMS message, phone call or Internet based communication) and at least a portion of the content for the simulated phishing communication.

Abstract: The present disclosure describes systems and methods for using a model for a predetermined role for simulated phishing campaigns. A campaign controller communicates simulated phishing communications to one or more devices of a user using a model that the campaign controller selects from a plurality of models in a database that have been established for predetermined roles of a company. The model is selected based on one or more attributes of the user that are identified by the campaign controller. The campaign controller identifies one or more attributes of each user of a plurality of users for the simulated phishing campaign, and the campaign controller selects a respective model for each user based on the attributes of each user, wherein the models are not all the same for all of the users.

Abstract: Methods and systems are described in which a system provides a user interface to confirm whether to review or take an action associated with an untrusted email. A driver on a device monitors the startup of any processes. Responsive to monitoring, the driver detects an application process that was created that indicates than an application was launched, and notifies a user console about the creation of the application process. The user console determines if the application process is of significance, if so, it injects a monitor library into the process. Once injected into the process, the monitor library detects if the application process receives an action of a user to access a domain that is not identified as trusted. The monitor library notifies the user console of the user's URL-access request.

Abstract: Systems and methods are described by which a serving module of a campaign controller identifies a first version of a model which the campaign controller uses to communicate a first simulated phishing communication to a plurality of users. The campaign controller receives a first response from a first user to the simulated phishing communication and a second response from a second user to the simulated phishing communication and determines that the first and second responses are corresponding, for example are the same or similar. The serving module assigns a first user to a first group of users and a second user to a second group of users and identifies a second version of the model to use for the first user and a third version of the model to use for the second user.

Abstract: The present disclosure describes systems and methods for using a model for a predetermined role for simulated phishing campaigns. A campaign controller communicates simulated phishing communications to one or more devices of a user using a model that the campaign controller selects from a plurality of models in a database that have been established for predetermined roles of a company. The model is selected based on one or more attributes of the user that are identified by the campaign controller. The campaign controller identifies one or more attributes of each user of a plurality of users for the simulated phishing campaign, and the campaign controller selects a respective model for each user based on the attributes of each user, wherein the models are not all the same for all of the users.