System and methods for automated detection, reasoning and recommendations for resilient cyber systems
US-2018103052-A1 · Apr 12, 2018 · US
Systems and methods for performing a simulated phishing attack
US10826937B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10826937-B2 |
| Application number | US-201916409387-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 10, 2019 |
| Priority date | Jun 28, 2016 |
| Publication date | Nov 3, 2020 |
| Grant date | Nov 3, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods for performing a simulated phishing attack are provided. A simulated attack server can send a simulated attack email including a unique identifier to a target. The simulated attack server can receive a reply email including the unique identifier from the target. The simulated attack server can extract the unique identifier from the reply email. The simulated attack server can determine a match between the unique identifier and an identity of the target. The simulated attack server can record a target failure, responsive to determining the match between the unique identifier and the identity of the target.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: (a) assigning, by one or more processors coupled to memory, a unique identifier to each user of a plurality of users that identifies a user separately from any email account of the user; (b) embedding, by the one or more processors, the unique identifier of a user in a simulated phishing email to be communicated to a first email account of the user; (c) communicating, by the one or more processors, the simulated phishing email to the first email account of the user, the simulated phishing email communicated to one or more second email accounts different from the first email account of the user; (d) receiving, by the one or more processors, a reply email communicated from at least one of the one or more second email accounts, the reply email comprising the unique identifier; and (e) determining, by the one or more processors based at least on the unique identifier of the user in the reply email, that the reply email was received responsive to the simulated phishing email communicated to the first email account of the user. 2. The method of claim 1 , wherein the unique identifier identifies the user regardless of which email account is used to reply to the simulated phishing email. 3. The method of claim 1 , wherein (b) further comprises embedding the unique identifier in one of a body, a subject line or an attachment of the simulated phishing email. 4. The method of claim 1 , wherein (b) further comprises embedding the unique identifier in one of a from field or a cc field of the simulated phishing email. 5. The method of claim 1 , wherein (b) further comprises generating the simulated phishing email to include an email address hosted by the one or more processors for which the reply email is communicated when replying to the simulated phishing email. 6. The method of claim 1 , wherein the one or more second email accounts are one or more email accounts of a second user. 7. The method of claim 1 , wherein (d) further comprises receiving, by the one or more processors, the reply email sent to one of a domain of or a domain hosted by the one or more processors. 8. The method of claim 1 , wherein (e) further comprises identifying, by the one or more processors, the unique identifier in a location of the reply email in which the unique identifier is embedded. 9. The method of claim 1 , wherein (e) further comprises determining, by the one or more processors based at least on the unique identifier and a from field of the reply email, that the simulated phishing email was interacted via a second email account different from the first email account of the user to which the simulated phishing email was targeted. 10. A system comprising: one or more processors coupled to memory, and configured to: assign a unique identifier to each user of a plurality of users that identifies a user separately from any email account of the user; embed the unique identifier of a user simulated phishing email to be communicated to a first email account of the user; communicate the simulated phishing email to the first email account of the user, the simulated phishing email communicated to one or more second email accounts different from the first email account of the user; receive a reply email communicated from at least one of the one or more second email accounts, the reply email comprising the unique identifier; and determine, based at least on the unique identifier of the user in the reply email, that the reply email was received responsive to the simulated phishing email communicated to the first email account of the user. 11. The system of claim 10 , wherein the unique identifier identifies the user regardless of which email account is used to reply to the simulated phishing email. 12. The system of claim 10 , wherein the one or more processors are configured to embed the unique identifier in one of a body, a subject line or an attachment of the simulated phishing email. 13. The system of claim 10 , wherein the one or more processors are configured to embed the unique identifier in one of a from field or a cc field of the simulated phishing email. 14. The system of claim 10 , wherein the one or more processors are configured to generate the simulated phishing email to include an email address hosted by the one or more processors for which the reply email is communicated when replying to the simulated phishing email. 15. The system of claim 10 , wherein the one or more second email accounts are one or more email accounts of a second user. 16. The system of claim 10 , wherein the one or more processors are configured to receive the reply email sent to one of a domain of or a domain hosted by the one or more processors. 17. The system of claim 10 , wherein the one or more processors are configured to identify the unique identifier in a location of the reply email in which the unique identifier is embedded. 18. The system of claim 10 , wherein the one or more processors are configured to determine, based at least on the unique identifier and a from field of the reply email, that the simulated phishing email was interacted via a second email account different from the first email account of the user to which the simulated phishing email was targeted.
Assignees
Inventors
Classifications
Traffic logging, e.g. anomaly detection · CPC title
Performance analysis of employees; Performance analysis of enterprise or organisation operations · CPC title
Reliability checks, e.g. acknowledgments or fault reporting · CPC title
Mailbox-related aspects, e.g. synchronisation of mailboxes · CPC title
- H04L63/1483Primary
service impersonation, e.g. phishing, pharming or web spoofing (detection of rogue wireless access points H04W12/12) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10826937B2 cover?
- Systems and methods for performing a simulated phishing attack are provided. A simulated attack server can send a simulated attack email including a unique identifier to a target. The simulated attack server can receive a reply email including the unique identifier from the target. The simulated attack server can extract the unique identifier from the reply email. The simulated attack server ca…
- Who is the assignee on this patent?
- Knowbe4 Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1483. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 03 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).