Abstract: The present disclosure describes systems and methods for using for a simulated phishing campaign, information about one or more situations of a user determined from an electronic calendar of the user, A campaign controller may identify/an electronic calendar of a user for which to direct a simulated phishing campaign, determine one or more situations of the user from information stored in the electronic calendar and select either a template from a plurality of templates or a starting action from a plurality of starting actions for the simulated phishing campaign based at least on the one or more situations of the user. The campaign controller may communicate to one or more devices of the user a simulated phishing communication based at least on the respective template or starting action.

Abstract: Methods and systems are described in which a system provides a user interface to confirm whether to review or take an action associated with an untrusted email. A driver on a device monitors the startup of any processes. Responsive to monitoring, the driver detects an application process that was created that indicates than an application was launched, and notifies a user console about the creation of the application process. The user console determines if the application process is of significance, if so, it injects a monitor library into the process. Once injected into the process, the monitor library detects if the application process receives an action of a user to access a domain that is not identified as trusted. The monitor library notifies the user console of the user's URL-access request.

Abstract: The present disclosure describes systems and methods for using for a simulated phishing campaign, information about one or more situations of a user determined from an electronic calendar of the user, A campaign controller may identify/an electronic calendar of a user for which to direct a simulated phishing campaign, determine one or more situations of the user from information stored in the electronic calendar and select either a template from a plurality of templates or a starting action from a plurality of starting actions for the simulated phishing campaign based at least on the one or more situations of the user. The campaign controller may communicate to one or more devices of the user a simulated phishing communication based at least on the respective template or starting action.

Abstract: Systems and methods are described for using a template for simulated phishing campaigns based on predetermined date from a date associated with a user. The predetermined date may by an event, an anniversary or a milestone associated with employment of the user with a company. The campaign controller may identify a date associated with the user and based on the identification of the date associated with the user, the campaign controller may select one or more templates for one or more simulated phishing campaigns to be triggered by a predetermined date related to the date associated with the user.

Abstract: Systems and methods of embodiments are described of a campaign controller that establishes a model for using a plurality of types of exploits based on at least results of simulated phishing communications using those exploits, and uses the model to communicate a first simulated phishing communication to one or more devices of a user where the type of exploit used for the first simulated phishing communication is selected using the model. The campaign controller applies either artificial intelligence or machine learning to the results of simulated phishing communications to establish the model. The campaign controller selects the exploit by applying either artificial intelligence or machine learning to one or more attributes of the user and/or one or more responses from the user.

Abstract: The present disclosure describes systems and methods for using a model for a predetermined role for simulated phishing campaigns. A campaign controller communicates simulated phishing communications to one or more devices of a user using a model that the campaign controller selects from a plurality of models in a database that have been established for predetermined roles of a company. The model is selected based on one or more attributes of the user that are identified by the campaign controller. The campaign controller identifies one or more attributes of each user of a plurality of users for the simulated phishing campaign, and the campaign controller selects a respective model for each user based on the attributes of each user, wherein the models are not all the same for all of the users.

Abstract: The present disclosure describes systems and method for performing a vulnerabilities assessment of an organization. A campaign controller executes one or more simulated phishing campaigns directed to a plurality of users of an organization, using a plurality of models determined by the campaign controller based at least on identification of the organization. The campaign controller stores to a database the results of execution of the one or more simulated phishing campaigns and based on the results, the campaign controller determines one or more vulnerabilities to phishing for the organization. In one embodiment, the campaign controller determines a percentage of the plurality of users of the organization that are phish-prone. In some embodiments, the users of the organization that are phish-prone interacted with a link of a simulated phishing communication.

Abstract: The present disclosure describes systems and methods for dynamically creating groups of users based on attributes for simulated phishing campaign. A campaign controller determines one or more attributes of a plurality of users during execution of a simulated phishing campaign and creates one or more groups of users during based on the identified attributes. The campaign controller selects a template to be used to execute a portion of the simulated phishing campaign for a first group of users and then communicates one or more simulated phishing communications to the first group of users according to the template. The template may identify a list of a plurality of types of simulated phishing communications (email, text or SMS message, phone call or Internet based communication) and at least a portion of the content for the simulated phishing communication.

Abstract: Systems and methods are described for using a template for simulated phishing campaigns based on predetermined date from a date associated with a user. The predetermined date may by an event, an anniversary or a milestone associated with employment of the user with a company. The campaign controller may identify a date associated with the user and based on the identification of the date associated with the user, the campaign controller may select one or more templates for one or more simulated phishing campaigns to be triggered by a predetermined date related to the date associated with the user.

Abstract: Embodiments of the disclosure describe a simulated phishing campaign manager that communicates a simulated phishing communication that includes at least the telephone number and reference identifier, to a device of a user. The content of the simulated phishing communication may prompt the user to call the telephone number identified in the simulated phishing communication. The security awareness system may select a telephone number and a reference identifier to use for the simulated phishing communication, the combination of which may be later used to identify a specific user if they respond to the message. Each of a plurality of users may have a unique combination of telephone number and reference identifier. The telephone number may be selected based on the geographic location of the user, or the telephone number may be selected to correspond to content in a simulated phishing communication.

Abstract: This disclosure generally revolves around providing users with advance warning that a message that they have received may be suspicious. The user may not be aware of known threats, may not recognize threats in real time, or may not be aware of new threats, and therefore may unintentionally interact with a hazardous message. A security awareness system, on the other hand, is aware of known threats and may become aware of new threats more quickly than users can be trained to identify them. The system may notify the user when one of these threats are found in their messages. The disclosure further provides systems and methods for updating the security awareness training for users for new threats that appear.

Abstract: Methods, systems and apparatus for implementing a security awareness program are provided which allow a device of a security awareness system to receive attributes of an implementation of a security awareness program from an entity, such as a company. Responsive to the attributes, the device determines a configuration for each of a baseline simulated phishing campaign, electronic based training of users of the entity for security awareness and one or more subsequent simulated phishing campaigns. The device initiates execution of the baseline simulated phishing campaign to identify a percentage of users of the entity that are phish-prone.

Abstract: Systems and methods are provided for performing simulated phishing attacks using social engineering indicators. One or more failure indicators can be configured in a phishing email template, and each failure indicator can be assigned a description about that failure indicator through use of a markup tag. The phishing email template containing the markup tags corresponding to the failure indicators can be stored and can be used to generate a simulated phishing email in which the one or more markup tags are removed.

Abstract: Embodiments of the disclosure describe systems and methods for selecting a first group of users, which is selected to receive simulated phishing emails as part of a simulated phishing campaign, and adding users to a second group of users based upon those selected users interacting with a simulated phishing email that is part of a simulated phishing campaign; tracking the completion of remediation training related to phishing emails by users in the second group of users and receiving one or more indications that the users in the second group of users have completed remedial training; and automatically adding users, who are members of the second user group, to the first user group, to a third user group, or to a predetermined user group responsive to the one or more indications that the users in the second group of users have completed remedial training.

Abstract: The present disclosure describes a system that notifies users regarding specific user decisions with respect to solution phishing emails. The system notifies users when users perform specific actions with respect to the untrusted phishing emails. The system pauses execution of these actions and prompts the user to confirm whether to take the actions or to revert back to review the actions. In contrast from anti-ransomware technologies which are entirely in control, the system gives the user autonomy in deciding actions relating to untrusted phishing emails. The system interrupts execution of actions related to untrusted phishing emails in order to give users a choice on whether to proceed with actions.

Abstract: This disclosure describes embodiments of an improvement to the static group solution because all the administrator needs to do is specify the criteria they care about. Unlike static groups, where the administrator needs to keep track of the status of individual users and move them between static groups as their status changes, smart groups allows for automatic identification of the relevant users at the moment that action needs to be taken. This feature automates user management for the purposes of enrollment in either phishing and training campaigns. Because the smart group membership is determined as the group is about to be used for something, the smart group membership is always accurate and never outdated. The query that determines the smart group membership gets run at the time when you are about to do a campaign or perform some other action that needs to know the membership of the smart group.

Abstract: This disclosure describes systems and methods for adding users to user groups based on interactions with simulated phishing emails and completion of remediation training. The systems and methods allow a server to automatically add a user of a first user group to a second user group responsive to that user interacting with a simulated phishing email that was sent as part of a simulated phishing campaign. For example, the user added to the second user group is removed from the first user group. The systems and methods further allow the server to electronically track the remediation training completed by that user, and responsive to the completion of remediation training, the server may automatically add the user, who is a member of the second user group, back to the first user group (for embodiments where the user was removed from the first user group) or to a third user group.

Abstract: Embodiments of the disclosure describe systems and methods for selecting a first group of users, which is selected to receive simulated phishing emails as part of a simulated phishing campaign, and adding users to a second group of users based upon those selected users interacting with a simulated phishing email that is part of a simulated phishing campaign; tracking the completion of remediation training related to phishing emails by users in the second group of users and receiving one or more indications that the users in the second group of users have completed remedial training; and automatically adding users, who are members of the second user group, to the first user group, to a third user group, or to a predetermined user group responsive to the one or more indications that the users in the second group of users have completed remedial training.

Abstract: Systems and methods are provided for performing simulated phishing attacks using social engineering indicators. One or more failure indicators can be configured in a phishing email template, and each failure indicator can be assigned a description about that failure indicator through use of a markup tag. The phishing email template containing the markup tags corresponding to the failure indicators can be stored and can be used to generate a simulated phishing email in which the one or more markup tags are removed.

Abstract: The present disclosure describes systems and methods for using a template for a simulated phishing campaign, A database includes a plurality of templates for simulated phishing campaigns, each template of the plurality of templates identifying a list of a plurality of types of simulated phishing communications and at least a portion of content for the simulated phishing communications. A campaign controller selects a template from the plurality of templates for a simulated phishing campaign directed to a user of a plurality of users; and communicates, to one or more devices of the user a first type of simulated phishing communication of the plurality of types of simulated phishing communications with at least the portion of content identified by the template.