1. Field of the Invention
The present invention relates generally to susceptibility to e-mail and Internet cybercrimes such as phishing, and more particularly to a software service that facilitates organizational testing of employees in order to determine their potential susceptibility to phishing scams.
The massive expansion of Internet usage that has occurred since the mid-1990's has spawned a corresponding increase in cybercrime, which may be broadly defined as any crime that involves a computer and a network (including particularly the Internet). Cybercrimes may be classified into two distinct types: 1. crimes that directly target computers, such as computer viruses, denial-of-service attacks, and malicious code (malware); and 2. crimes that use computer networks (particularly the Internet) to facilitate crimes that advance nefarious ends, including cyberstalking, fraud (such as identity theft), information warfare, and phishing scams.
Phishing is a technique wherein the sender of an e-mail masquerades as a trustworthy sender in an attempt to deceive the receiver into providing personal identity data or other sensitive information such as account usernames, passwords, social security number or other identification information, financial account credentials or other information, etc. to the sender by a return e-mail or similar electronic communication. Phishing usually begins when a “phisher” sends a spoofed e-mail having one or more links that lead the recipient of the spoofed e-mail to one or more unsafe fake websites.
A spoofed e-mail is an e-mail in which the sender's e-mail address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different and well-known (and authentic) address. Since SMTP e-mails do not provide any authentication, it is relatively simple for phishers to conceal the actual origin of an e-mail message, and make an e-mail appear to have come from an authentic and trustworthy sender. The spoofed phishing e-mail may appear to be authentic, and carry graphics and have a layout that is similar or even identical to the authentic website.
The phishing e-mail typically directs the e-mail recipient to click on a link to the fake website operated by the phisher, where the e-mail recipient may then be directed to enter confidential information at a fake website the look and feel of which may be virtually identical to a legitimate website. The e-mail recipient is then typically directed to enter confidential information at the fake website, such as personal identity data or other sensitive information such as account usernames, passwords, social security number or other identification information, financial account credentials (such as credit card numbers) or other information. This information may subsequently be used by the phisher to access the e-mail recipients' various accounts, including secured websites of the employer of the e-mail recipient, or to rob the e-mail recipient's financial accounts.
Alternately, the unsafe website may be designed to download malicious code onto the e-mail recipient's machine that captures the e-mail recipient's personal information directly. Phishing e-mails are hard to identify since phishers take pains to make their e-mails appear genuine. The e-mails often are virtually identical to or closely resemble recognizable e-mails sent out routinely by legitimate organizations such as the e-mail recipient's employer, or banks and credit card companies and the like. These e-mails often convince the e-mail recipients to select links included within the e-mails which lead the e-mail recipients to divulging their confidential and/or personal information.
As might be expected, various proposals designed to address these problems in some fashion have been proposed. For example, U.S. Pat. No. 6,954,858 and U.S. Patent Application Publication No. 2002/0091940, both to Welborn et al., disclose systems to reinforce and measure a change in user behavior. The inventions send an e-mail with an attachment to e-mail users and create a list of e-mail users that open the attachment. The e-mail users are sent an e-mail with an attachment that looks similar to attachments that contain computer viruses. If the attachment is opened, an e-mail is sent to a specific e-mail address. This e-mail address collects all of the e-mail from e-mail users who have not changed behavior and need additional education or management attention.
Another example is U.S. Pat. No. 8,464,346, to Barai et al., which discloses a method for simulating a hacking attack on a network comprising at least one of a plurality of data processing units (DPU's), a plurality of users, and a plurality of communication links, to assess vulnerabilities of the network. An automated social engineering attack is performed to gain access to critical information that pertains to the plurality of users. The automated social engineering attack can be performed by performing at least one of modeling the psychology of human mind, creating the human profile, and impersonating or building the trust between an attacker and a target, and then selecting and launching the attack, sniffing a mail from the Network to impersonate the plurality of users, and crafting the replies of the mail, including a malicious link in the reply, thereby luring the plurality of users to leak the critical information.
Still another example is U.S. Pat. No. 7,788,723, to Huddleston, which discloses a method in which an exploit probe is sent to a subscriber's computer system, and a message based on the computer system's (and the user's) response to the exploit probe is generated. U.S. Pat. Nos. 6,954,858, 7,788,723, and 8,464,346 and U.S. Patent Application Publication No. 2002/0091940 are each hereby incorporated herein by reference in their entirety.
The subject matter discussed in this background of the invention section should not be assumed to be prior art merely as a result of its mention in the background of the invention section. Similarly, a problem mentioned in the background of the invention section or associated with the subject matter of the background of the invention section should not be assumed to have been previously recognized in the prior art. The subject matter in the background of the invention section merely represents different approaches, which in and of themselves may also be inventions.