Invented by Alin Irimie, Greg Kras, David Austin, Benjamin Dalton, Knowbe4 Inc

The market for systems and methods for simulating phishing attacks using social engineering indicators has been steadily growing in recent years. As cyber threats continue to evolve and become more sophisticated, organizations are increasingly recognizing the importance of training their employees to identify and respond to phishing attacks. Phishing attacks, where cybercriminals attempt to deceive individuals into revealing sensitive information such as passwords or credit card details, remain one of the most common and effective methods used by hackers. Traditional security measures like firewalls and antivirus software are not always enough to protect against these attacks, as they often exploit human vulnerabilities rather than technical weaknesses. This is where systems and methods for simulating phishing attacks using social engineering indicators come into play. These tools allow organizations to create realistic scenarios that mimic real-world phishing attempts, helping employees recognize the signs of a potential attack and learn how to respond appropriately. One of the key benefits of these systems is their ability to provide targeted training based on an individual’s behavior and susceptibility to phishing attacks. By analyzing social engineering indicators, such as an employee’s response to suspicious emails or their willingness to click on unknown links, these systems can tailor training programs to address specific weaknesses and improve overall security awareness. Furthermore, these systems often include features that allow organizations to track and monitor employee progress, providing valuable insights into the effectiveness of the training program. This data can be used to identify trends, measure improvement, and make informed decisions about future training initiatives. The market for systems and methods for simulating phishing attacks using social engineering indicators is not limited to large corporations or government agencies. Small and medium-sized businesses are also recognizing the need to invest in employee training to protect against cyber threats. As a result, there is a growing demand for cost-effective and user-friendly solutions that can be easily implemented by organizations of all sizes. In response to this demand, numerous vendors have emerged in the market, offering a wide range of products and services. These include software platforms that allow organizations to create and manage simulated phishing campaigns, as well as consulting services that provide expert guidance on developing effective training programs. As the market continues to evolve, it is expected that these systems and methods will become more sophisticated and integrated with other cybersecurity solutions. For example, some vendors are already incorporating artificial intelligence and machine learning algorithms into their systems, enabling them to adapt and respond to evolving phishing techniques in real-time. In conclusion, the market for systems and methods for simulating phishing attacks using social engineering indicators is experiencing significant growth as organizations recognize the importance of training employees to identify and respond to phishing threats. With the increasing sophistication of cyber attacks, these tools are becoming essential components of a comprehensive cybersecurity strategy. As the market continues to evolve, it is expected that these systems will become more advanced, providing organizations with even greater protection against phishing attacks.

The Knowbe4 Inc invention works as follows

Systems and Methods are provided for simulating phishing attacks by using social engineering indicators. A phishing template can include one or more failure indicators. Each failure indicator can have a description by using a markup. The phishing template that contains the markups corresponding to failure indicators can then be stored, and used to create a simulated email by removing the markups.

Background for Systems and Methods for Simulating Phishing Attacks Using Social Engineering Indicators

Methods and systems are provided that allow one or multiple hidden social engineering-based failure indicators embedded in an email templates which can be used to simulate phishing attacks. The email template can include a flag for each of the social-engineering based failure indicators. A text field is also available to describe the failure indicator. This description can be used to give more information about the failure indicator. For example, why it is so recognizable. The phishing template that contains the failure indicators is available to select and send to one or several users when a simulated campaign is created.

The user who receives an email using a phishing template that contains social engineering failure indicators will be automatically shown the failure indicators in the email they replied to. They will also be given an explanation as to why the failure indicators should have stood out. Users can be shown the failure indicators by showing them a copy the email they interacted with. The failure indicators will then be highlighted in flags. The user can interact with the failure indicators by clicking the flags, or hovering the flags over with their mouse. A text box will appear explaining why the failure indicator was not recognizable. Along with the generic failure indicator that appears on the email, the user may also be shown a copy of the message. The user could be shown the list of failure indicators in the email instead of a copy.

A specific landing pages may be created for the users of social engineering-based failure indicator simulated Phishing campaign. If the user interacted with the simulated email in any manner, they would be redirected onto a landing site, which could be the landing page specifically created for this campaign. The landing page could alert the user if they failed the simulated attack and provide them with real-time general or specific training materials.

The methods, systems, and apparatus also provide indicators for the organization regarding the results of a simulated phishing attempt. The system can provide information, for example, about the failure indicator or set of failure indicators that was most likely to cause a failure on the part of a user.

In one embodiment, the method comprises configuring one of more failure indicators within a phishing template and assigning a description to each failure indicator using a markup tags. The phishing template with the failure indicator markup tags is stored, and it can be used to create a simulated email without the markup tag.

In some implementations, using the editing tool to create a custom-made phishing template is also included. In some implementations the failure indicator is chosen from one of the categories below: sender (or subject), content, attachment (or link), and overall.

In some implementations, a markup tag is generated to be placed in a field or body of the email template. In some implementations the method also includes generating a markup tag that is either self-terminating, or encapsulates text or an image. In some implementations the method also includes generating a markup tag that is a hypertext language tag with a predetermined tag name and one or several attributes specifying how the flag should be displayed.

In some implementations the method also includes associating a simulated phishing message with a stored phishing template. In some implementations the method also includes generating a simulated email that includes a link to an image of a simulated email with one or more flags displayed.

The system includes an editing tool that can modify a template phishing to include one or multiple failure indicators as markup tags, which contain an attribute that explains the failure indicator. It is also able to store the source codes of the template phishing and generate a simulation phishing based on it.

In some implementations the editing tool can be configured to create a phishing template. In some implementations the flag for one or more failure indicator is selected from the categories of the following: sender (subject), content (attachment), link, and overall.

In some implementations, a markup tag may be generated and placed in a field or body of a phishing template. In some implementations the markup tag can be configured to either self-terminate or to encapsulate text or an image. In some implementations the markup tag contains a hypertext markup languages tag with a name predetermined and one or several attributes specifying how the flag should be displayed.

In some implementations the simulated email phishing is linked to the template phishing. In some implementations the simulated email contains a link that displays a copy with one or more flags for the markup tags.

In another embodiment, there is a method for running a fake phishing mail attack, using a template email that includes one or several failure indicators, with their descriptions. The method comprises transmitting a simulated email without the markup tags to one or multiple user’s accounts, traversing based on how the user interacts with the fake phishing message to a display copy of the fake phishing, in which the failure indicator in the template email are displayed, as well as displaying descriptions of these failure markers to

In some implementations, a click is also received on a part of the simulated email that corresponds to a failure indication. In some implementations the method also includes receiving a clicking on the uniform resource locator (URL) within the simulated email that corresponds to a fail indicator. In some implementations, using the link will also take you to a landing-page that contains the copy of the simulated email with one or several flags highlighted.

In some implementations the method also includes highlighting the failure indicator flag that was clicked in the simulated email phishing. In some implementations the method also includes displaying the text in a pop-up box or overlay when the pointer is hovered over the flag. In some implementations the method also tracks which email account users clicked on the simulated email. In some implementations the method also tracks the failure indicators that are associated with users who clicked on the simulated email.

The system includes a simulated email manager that is configured to send a fake phishing message based on an email template with failure indicators. This simulated email also contains a link to another copy of the email in which the failure indicators can be seen. In response to a user clicking on the flag of the copied phishing mail, the system will display the description of the failure indicator associated with the flag.

In some implementations, a simulated phishing message is configured to navigate via a link in response to a click of a part of the simulated email that corresponds to a failure indication. In some implementations the simulated email is configured to navigate via the link in response to a click of a uniform resource location within the simulated email that corresponds to a failure indication. In some implementations, a landing page is embedded in the link that shows the copy of simulated phishing email with one or several flags highlighted.

In some implementations the copy of a simulated phishing message is configured to further highlight the flag for the failure indicator which was clicked in the simulated email. In some implementations the copy of the simulated email is configured to display a description as a pop-up box or overlay when a pointer is hovered over the flag. In some implementations the simulated attack manager can also be configured to track the users who clicked on the phishing email. In some implementations the simulated attack manager can also be configured to track one or more failure indicator associated with users who clicked on the simulated email.

The following sections of the specification with their respective contents can be useful for reading the descriptions of various embodiments:

Section A” describes a computing environment and network environment that may be helpful in the practice of embodiments.

Section B describes systems and methods to simulate phishing using social engineering indicators.

Click here to view the patent on Google Patents.