Computer security vulnerabilities come in all shapes and sizes; resultantly, computer security strategy must be varied and diverse to protect against exploitation of those vulnerabilities. Phishing is a particularly interesting challenge for computer security implementation because it is not solely a technological problem, as phishing relies on exploitation of a vulnerability not easily rectified—human fallibility.
While computer network users can be trained to recognize and report phishing attacks, it is difficult for such training to achieve learning retention levels necessary for a network to actually achieve sufficient protection from phishing-based attacks; after all, it is only necessary that for one user of the computer network to make a mistake for a phishing attack to succeed.
Traditionally, this problem has been addressed by performing phishing risk analysis. In such traditional methodologies, network administrators (or third parties) conduct phishing campaigns on network users to determine which phishing campaigns users may be most susceptible to, which users are highly vulnerable to such attacks, and other important information.
Unfortunately, generating sophisticated phishing campaigns is typically a highly manual process that requires either constant administrator involvement or contracting with an external firm (which can be costly and increase exposure). Thus, there is a need in the computer security field to create new and useful methods for phishing risk analysis. The embodiments of the present application provide such new and useful methods.