A phishing attack involves an attempt to acquire sensitive information such as usernames, passwords, credit card details, etc., often for malicious reasons, possibly by masquerading as a trustworthy entity. For example, an email may be sent to a target, the email having an attachment that performs malicious actions when executed or a link to a webpage that either performs malicious actions when accessed or prompts the user to execute a malicious program. Malicious actions may be malicious data collection or actions harmful to the normal functioning of a device on which the email was activated, or any other malicious actions capable of being performed by a program or a set of programs. Malicious attacks may be contained in executable files like scripts and macros, but they may also be contained in non-executable files, for example document files, spreadsheets, PowerPoint presentations, and text files.
In general, there are a variety of anti-ransomware technologies that attempt to protect computers before they get infected by cybersecurity attacks such as phishing attacks. These anti-ransomware technologies can prevent ransomware, malware, and spyware attacks that result from phishing attacks or other attacks. For example, one anti-ransomware product leverages an artificial intelligence engine to detect and eliminate ransomware, malware, and zero-day threats before they can infect a computer or encrypt the computer's data. Phishing attacks are typically delivered via email or another type of message. When these phishing emails contain an executable attachment, anti-ransomware technologies can easily recognize this and remove the attachment.
When malicious attacks are embedded in non-executable files that are attached to messages, and in particular when these files are downloaded and saved on the computing system and opened later or moved between computing systems before being opened, anti-ransomware technologies and security awareness training technologies may not be able to keep track of the movement of the file or that fact that it may contain a security risk because it was downloaded from a message.
It is useful to track user behavior with respect to suspicious applications or documents, in order to learn information about the type of attacks that users are most likely to be susceptible to. This information may be used to provide improved security awareness training.