Dynamically Adapting Cybersecurity Training Templates Based on Measuring User-Specific Phishing/Fraud Susceptibility
US-2022005373-A1 · Jan 6, 2022 · US
Systems and methods for reporting based simulated phishing campaign
US12177252B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12177252-B2 |
| Application number | US-202318124984-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 22, 2023 |
| Priority date | Apr 29, 2020 |
| Publication date | Dec 24, 2024 |
| Grant date | Dec 24, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods are described for leveraging the knowledge and security awareness of well-informed users in an organization to protect other users and train them to identify new phishing attacks. Initially, a report of a message being suspicious may be identified and it may be determined whether message is a malicious phishing message. In an example, a well-informed user of an organization may report the message as suspicious. Further, on determining the message to be a malicious phishing message, a simulated phishing message or a template may be created. The simulated phishing message may then be communicated to one or more devices of one or more users.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: identifying, by one or more processors, that a message reported as being suspicious is a malicious phishing message; modifying, by the one or more processors, one or more malicious elements of the malicious phishing message to include one or more links to training content when interacted with by a user; using, by the one or more processors, the modified malicious phishing message as a simulated phishing message to replace the malicious phishing message in one or more message applications; and communicating, by the one or more processors, the modified malicious phishing message as the simulated phishing message to one or more message applications. 2. The method of claim 1 , further comprising receiving, by the one or more processors, a report of the message as being suspicious from one or more users during a phishing attack. 3. The method of claim 1 , further comprising modifying, by the one or more processors, the malicious phishing message by removing a malicious element of the one or more malicious elements from the malicious phishing message. 4. The method of claim 1 , further comprising causing, by the one or more processors, the message reported as being suspicious to be replaced in a messaging application of the one or more messaging applications with the modified malicious phishing message. 5. The method of claim 1 , further comprising detecting, by the one or more processors using one or more detection rules, that the reported message is malicious. 6. The method of claim 1 , further comprising creating, by the one or more processors, a second simulated phishing message based at least on the modified malicious phishing message. 7. The method of claim 1 , further comprising creating, by the one or more processors, a template based at least on the modified malicious phishing message. 8. The method of claim 1 , further comprising modifying, by the one or more processors, a link of the one or more malicious elements with a benign link. 9. The method of claim 1 , further comprising modifying, by the one or more processors, a malicious element of the one or more malicious elements by removing one of an attachment or macro of the malicious phishing message. 10. A system comprising: one or more processors, coupled to memory and configured to: identify that a message reported as being suspicious is a malicious phishing message; modify one or more malicious elements of the malicious phishing message to include one or more links to training content when interacted with by a user; and use the modified malicious phishing message as a simulated phishing message to replace the malicious phishing message in one or more message applications; and communicate the modified malicious phishing message as the simulated phishing message to one or more message applications. 11. The system of claim 10 , wherein the one or more processors are further configured to receive a report of the message as being suspicious from one or more users during a phishing attack. 12. The system of claim 10 , wherein the one or more processors are further configured to modify the malicious phishing message by removing a malicious element of the one or more malicious elements from the malicious phishing message. 13. The system of claim 10 , wherein the one or more processors are further configured to cause the message reported as being suspicious to be replaced in a messaging application of the one or more messaging applications with the modified malicious phishing message. 14. The system of claim 10 , wherein the one or more processors are further configured to detect, using one or more detection rules, that the reported message is malicious. 15. The system of claim 10 , wherein the one or more processors are further configured to create a second simulated phishing message based at least on the modified malicious phishing message. 16. The system of claim 10 , wherein the one or more processors are further configured to create a template based at least on the modified malicious phishing message. 17. The system of claim 10 , wherein the one or more processors are further configured to modify a link of the one or more malicious elements with a benign link. 18. The system of claim 10 , wherein the one or more processors are further configured to modify a malicious element of the one or more malicious elements by removing one of an attachment or macro of the malicious phishing message.
Assignees
Inventors
Classifications
using filtering or selective blocking · CPC title
Mailbox-related aspects, e.g. synchronisation of mailboxes · CPC title
- H04L63/1483Primary
service impersonation, e.g. phishing, pharming or web spoofing (detection of rogue wireless access points H04W12/12) · CPC title
Interoperability with other network applications or services · CPC title
Computers, e.g. programming · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12177252B2 cover?
- Systems and methods are described for leveraging the knowledge and security awareness of well-informed users in an organization to protect other users and train them to identify new phishing attacks. Initially, a report of a message being suspicious may be identified and it may be determined whether message is a malicious phishing message. In an example, a well-informed user of an organization …
- Who is the assignee on this patent?
- Knowbe4 Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1483. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 24 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).