In a phishing attack, an individual (e.g., a person, an employee of a company, a user of a computing device) receives a message, commonly in the form of an email or other electronic message or communication, directing the individual to perform an action, such as opening a message attachment or following (e.g., using a cursor controlled device or touch screen) an embedded link. If such message were from a trusted source (e.g., co-worker, bank, utility company or other well-known and trusted entity), such action might carry little risk. Nevertheless, in a phishing attack, such message is from an attacker (e.g., an individual using a computing device to perform a malicious act on another computer device user) disguised as a trusted source, and an unsuspecting individual, for example, opening an attachment to view a “friend's photograph” might in fact install spyware, a virus, and/or other malware (e.g., malicious computer software) on the user's computer. Similarly, an unsuspecting individual directed to a webpage made to look like an official banking webpage might be deceived into submitting a username, password, bank account number, etc. to an attacker.
Software as a Service (SaaS) solutions for sending simulated phishing messages are known, such as that described in U.S. Pat. No. 9,053,326. Such solutions for user training and education have been proven to reduce the susceptibility of users to phishing attacks. Some solutions provide the user with a user interface as a means for reporting suspected phishing attacks, such as that described in U.S. patent application Ser. No. 13/763,538. Provided with the means to report, due to the difficulty of discerning attacks from legitimate messages, users may report actual phishing attacks, as well as legitimate messages. False positive reports sent to network security personnel are distracting and time consuming to process and respond to.
Thus, what is needed is a system for allowing network security personnel to quickly discern malicious messages from a large volume of reported threats.