The present invention relates generally to susceptibility to social engineering such as phishing and more specifically to systems and software services for testing and/or reducing the susceptibility of an organization to social engineering.
Social engineering includes manipulation, such as psychological manipulation, of people into performing actions or divulging confidential information, for example, information that people would not normally disclose. Such information can be used for various nefarious purposes, e.g., electronic theft, fraud, etc. One form of social engineering is phishing. Phishing is a technique of fraudulently obtaining confidential information. For example, a phisher may send a message, e.g., e-mail, text, SMS, telephone call, voicemail, pre-recorded message, etc., to a recipient. The message may request the recipient to take some action, e.g., click a link, open and/or download a file, provide confidential information, etc. In the case of a link, the link may take the recipient to a website that requests the recipient to provide confidential information on false pretenses. Other links may take the recipient to a website that is designed to download malicious code onto the recipient's electronic device, e.g., code that captures the recipient's personal information from the electronic device, etc. Phishing messages may be designed to be difficult to identify as such, e.g., the messages may be written, include, information, etc., to appear to originate from a legitimate source.