US Pat. No. 9,800,613

SYSTEMS AND METHODS FOR PERFORMING A SIMULATED PHISHING ATTACK

KNOWBE4, INC., Clearwate...

1. A method for identifying users that reply to a simulated phishing email, the method comprising:
(a) establishing, by one or more servers comprising a processor coupled to memory, a unique identifier for each user of a
plurality of users to receive a simulated phishing email via a simulated phishing campaign;

(b) generating, by the one or more servers, for each user of the plurality of users a simulated phishing email to comprise
the unique identifier of the respective user embedded in at least one of a subject line of the simulated phishing email, a
body of the simulated phishing email or an attachment of the simulated phishing email;

(c) communicating, by the one or more servers, the respective simulated phishing email to an email account corresponding to
each user of the plurality of users, the respective simulated phishing email comprising an email address in a to field that
corresponds to the one or more servers;

(d) receiving, by the one or more servers, a reply email to the email address communicated responsive to the respective simulated
phishing email from the email account of at least one user of the plurality of users, the reply email comprising the unique
identifier; and

(e) determining by the one or more servers, that the at least one user has replied to the simulated phishing email by comparing
the unique identifier embedded in the reply email to the unique identifier established by the one or more servers for the
at least one user.

US Pat. No. 9,781,160

SYSTEMS AND METHODS FOR DISCOVERING SUSPECT BOT IP ADDRESSES AND USING VALIDATED BOT IP ADDRESS TO IGNORE ACTIONS IN A SIMULATED PHISHING ENVIRONMENT

KNOWBE4, INC., Clearwate...

1. A method for validating internet protocol addresses as having events originating from a user associated with an account,
the method comprising
(a) receiving, by a server, a plurality of events comprising clicks of users on one or more links of one or more campaigns
for a plurality of accounts and a plurality of internet protocol (IP) addresses of devices of the users clicking on the one
or more links;

(b) determining, by the server, that an IP address of the plurality of IP addresses is associated with one or more events
for multiple accounts of the plurality of accounts;

(c) providing, by the server based on at least the determination, identification of the IP address as suspected as having
the one or more events not originating from any user of the multiple accounts; and

(d) receiving, by the server, an indication of whether the IP address is validated as having the one or more events originating
from a bot instead of any user of one of the multiple accounts.

US Pat. No. 9,749,360

SYSTEMS AND METHODS FOR PERFORMING SIMULATED PHISHING ATTACKS USING SOCIAL ENGINEERING INDICATORS

KNOWBE4, INC., Clearwate...

1. A method for running a simulated phishing email attack with a simulated phishing email having one or more failure indicators,
the method comprising:
(a) transmitting, by a simulated attack manager, a simulated phishing email to one or more email accounts, the simulated phishing
email comprising a link to a copy of the simulated phishing email based on a phishing email template, the phishing email template
comprising one or more failure indicators, each of the one or more failure indicators assigned a flag and a description on
how to identify that type of failure indicator;

(b) traversing via the link to a display of a copy of the simulated phishing email responsive to a user interaction with the
simulated phishing email by a user of an email account of the one or more email accounts receiving the simulated phishing
email;

(c) displaying with the copy of the simulated phishing email one or more flags from the phishing email template corresponding
to the one or more failure indicators; and

(d) displaying, responsive to a user interaction with a flag of the one or more flags in the copy of the simulated phishing
email, the description to how to identify that type of failure indicator corresponding to the flag in one of a pop up box
or overlay user interface responsive to a pointer hovering over the flag.

US Pat. No. 9,894,092

SYSTEMS AND METHODS FOR PERFORMING OR CREATING SIMULATED PHISHING ATTACKS AND PHISHING ATTACK CAMPAIGNS

KNOWBE4, INC., Clearwate...

1. A method for establishing a campaign for a simulated phishing attack based on at least a type of exploit, the method comprising:
(a) receiving, via a campaign manager executing on a processor coupled to memory, specification of a plurality of parameters
for a campaign of a simulated phishing attack, the plurality of parameters including at least an identifier of a campaign
and identification of users to which to send the campaign;

(b) establishing, via the campaign manager as parameters of the plurality of parameters, a type of exploit for the campaign
and a selection of one or more types of data from a plurality of types of data selectable via an interface of the campaign
manager to collect via configuration of the type of exploit;

(c) storing, by the campaign manager to a database, the campaign comprising the plurality of parameters; and
(d) identifying, by a simulation server, the campaign stored in the database to create a simulated phishing email, to be sent
to email accounts of the users, using the plurality of parameters of the campaign, wherein the simulated phishing email is
to be created to have a link to a landing page comprising the type of exploit and the type of exploit configured to collect
the selection of the one or more types of data.

US Pat. No. 9,906,555

SYSTEMS AND METHODS FOR SUBSCRIPTION MANAGEMENT OF SPECIFIC CLASSIFICATION GROUPS BASED ON USER'S ACTIONS

KNOWBE4, INC., Clearwate...

1. A method comprising:
(a) receiving, by server comprising one or more processors coupled to memory, a first indication of a first predetermined
event associated with a simulated phishing email of a simulated phishing campaign communicated to a user of a first user group
of a plurality of user groups;

(b) including, by the server responsive to receiving the first indication, the user in a second user group that identifies
users to receive training regarding phishing emails;

(c) receiving, by the server, a second indication of a second predetermined event associated with the user's training regarding
phishing emails; and

(d) including, by the server responsive to the second indication, the user in one of the plurality of user groups.

US Pat. No. 10,021,126

SYSTEMS AND METHODS FOR CREATING AND RUNNING HETEROGENEOUS PHISHING ATTACK CAMPAIGNS

KNOWBE4, INC., Clearwate...

1. A method for creating a plurality of different campaigns for different simulated phishing attacks, the method comprising:(a) creating, by a campaign manager executing on a processor coupled to memory, a plurality of campaigns for simulated phishing attacks, each of the plurality of campaigns having a plurality of parameters including at least an identifier of a campaign, identification of users to which to send the campaign, a time schedule for running the campaign and a type of exploit configured to collect a selection of one or more types of data, each of the plurality of campaigns having at least one parameter of the plurality of parameters different than other campaigns of the plurality of campaigns, wherein the time schedule comprises a start date, a duration and a frequency for running the campaign;
(b) storing, by the campaign manager in a database, the plurality of campaigns and the associated identifier and plurality of parameters for each of the campaigns; and
(c) identifying, by a simulation server from the database, a first campaign and a second campaign from the plurality of campaigns from which to create (i) a first simulated phishing email using a first plurality of parameters of the first campaign with a first type of exploit to send on a first time schedule to corresponding email accounts of users of the first campaign, and (ii) a second simulated phishing email using a second plurality of parameters of the second campaign with a second type of exploit to send on a second time schedule, different than the first time schedule, to corresponding email accounts of users of the second campaign.

US Pat. No. 10,009,375

SYSTEMS AND METHODS FOR ARTIFICIAL MODEL BUILDING TECHNIQUES

KNOWBE4, INC., Clearwate...

1. A method for establishing a model for communicating via simulated phishing campaigns, the method comprising:(a) establishing, via one or more workers, a plurality of question and answer pairs to train a model for communicating via simulated phishing campaigns;
(b) training, by model trainer logic executing on a computing device, a neural network with the plurality of question and answer pairs, the model training adjusting settings of the neural network responsive to processing the plurality of question and answer pairs;
(c) establishing the model, by the model trainer logic responsive to training the neural network, the model to comprising a predetermined persona for simulated phishing communications and values corresponding to the adjusted settings of the neural network; and
(d) storing the model to be used by a campaign controller logic for communicating simulated phishing communications to one or more computing devices of one or more users.

US Pat. No. 10,348,762

SYSTEMS AND METHODS FOR SERVING MODULE

KNOWBE4, INC., Clearwate...

1. A method comprising:(a) initiating, by a campaign controller, a simulated phishing campaign for a user of a plurality of users;
(b) receiving, by a serving module logic, a simulated phishing campaign history of the user, the simulated phishing campaign history comprising information on activity associated with the user during one or more previous simulated phishing campaigns;
(c) classifying, by the serving module logic using the simulated phishing campaign history as input into one or more clustering models for clustering a plurality of users into at least one of a plurality of clusters identified as output from the one or more clustering models, the user into a cluster of the plurality of clusters, each cluster of the plurality of clusters identifying the plurality of users that are responsive to a specific one or more simulated phishing campaign models of the plurality of simulated phishing campaign models for executing the simulated phishing campaign;
(d) determining, by the serving module logic based at least on the cluster of the user, a simulated phishing campaign model from the plurality of simulated phishing campaign models for the simulated phishing campaign; and
(e) executing, by the campaign controller responsive to the serving module logic, the simulated phishing campaign using the simulated phishing campaign model.

US Pat. No. 10,659,487

SYSTEMS AND METHODS FOR PROVIDING USER INTERFACES BASED ON ACTIONS ASSOCIATED WITH UNTRUSTED EMAILS

KnowBe4, Inc., Clearwate...

1. A method comprising(a) detecting, by a driver, that an application received a request of a user to take an action with respect to one of an untrusted domain or an untrusted email;
(b) intercepting, by the driver, the request of the user prior to the action being taken, wherein the application is paused;
(c) providing, by a client service responsive to the driver, a user interface to receive input from the user to confirm whether to continue to take the action or to revert back to a point in the application at which the user made the request, wherein the user interface receives input to revert back to the point in the application at which the user made the request;
(d) unpausing the application responsive to the input; and
(e) reverting the application back to the point in the application in which the user made the request.

US Pat. No. 10,348,761

SYSTEMS AND METHODS FOR SITUATIONAL LOCALIZATION OF AIDA

KNOWBE4, INC., Clearwate...

1. A method of using, for a simulated phishing campaign, information about one or more situations of a user determined from an electronic calendar of the user, the method comprising:(a) identifying, by a campaign controller, an electronic calendar of a user for which to direct a simulated phishing campaign;
(b) determining, by the campaign controller, one or more situations of the user from information stored in the electronic calendar;
(c) selecting, by the campaign controller responsive to the determination, one of a template from a plurality of templates or a starting action from a plurality of starting actions for the simulated phishing campaign based at least on the one or more situations of the user; and
(d) communicating, by the campaign controller, to one or more devices of the user a simulated phishing communication based at least on the respective template or starting action.

US Pat. No. 10,257,225

SYSTEMS AND METHODS FOR ARTIFICIAL INTELLIGENCE DRIVEN AGENT CAMPAIGN CONTROLLER

KNOWBE4, INC., Clearwate...

1. A method for creating a simulated phishing campaign for a user based on at least a history of the user with respect to simulated phishing campaigns, the method comprising:(a) identifying, by a campaign controller, a simulated phishing campaign history of a user, the simulated phishing campaign history comprising information on events associated with the user during one or more previous simulated phishing campaigns;
(b) determining, by the campaign controller based at least on the simulated phishing campaign history of the user, a model from a plurality of models for creating an instance of a simulated phishing campaign directed to the user, each of the plurality of models comprising information indicating one or more actions to perform; and
(c) creating, by the campaign controller responsive to the campaign controller determining the model, the instance of the simulated phishing campaign using the model, the model indicating to the campaign controller the one or more actions to perform.

US Pat. No. 10,291,649

SYSTEMS AND METHODS FOR PERFORMING A SIMULATED PHISHING ATTACK

KNOWBE4, INC., Clearwate...

1. A method for identifying users that reply to a simulated phishing email, the method comprising:(a) establishing, by one or more servers comprising one or more processors coupled to memory, a unique identifier for each user of a plurality of users identify each user separately from an email account from which each user replies to a simulated phishing email;
(b) embedding, by the one or more servers, the unique identifier of a user in one of a body, a subject line or an attachment of a simulated phishing email to be communicated to that user, the simulated phishing email comprising an email address to be used in a to field of a reply email that corresponds to the one or more servers;
(c) receiving, by the one or more servers, the reply email to the email address communicated responsive to the simulated phishing email being communicated to the email account of at least one user of the plurality of users, the reply email comprising the unique identifier and the reply email received from a second email account of the at least one user different from the email account to which the simulated phishing email was communicated; and
(d) determining, by the one or more servers, that a user has replied to the simulated phishing email by identifying the unique identifier embedded in the reply email as the unique identifier established by the one or more servers for the user.

US Pat. No. 10,165,006

SYSTEMS AND METHODS FOR PERFORMING SIMULATED PHISHING ATTACKS USING SOCIAL ENGINEERING INDICATORS

KnowBe4, Inc., Clearwate...

1. A method for configuring a simulated phishing email with one or more failure indicators, the method comprising:a) receiving, via an editing tool, selection of a phishing email template from a plurality of phishing email templates for configuring a simulated phishing email;
b) receiving, via the editing tool, specification of one or more failure indicators to be configured in the phishing email template, each of the one or more failure indicators assigned a flag and a description on how to identify that type of social engineering indicator, wherein a failure indicator of the one or more failure indicators is configured to be displayed in one of a pop up box or overlay user interface responsive to a pointer hovering over the flag;
c) generating, by the editing tool, a markup tag that is included in the phishing email template for each of the one or more failure indicators, the markup tag comprising a first attribute to describe the flag assigned to a social engineering indicator;
d) storing, by the editing tool, source code of the phishing email template with one or more markup tags corresponding to the one or more failure indicators; and
e) generating, by the editing tool, a simulated phishing email to be sent to one or more email accounts based on the phishing email template by removing the one or more markup tags.

US Pat. No. 10,313,387

TIME BASED TRIGGERING OF DYNAMIC TEMPLATES

KNOWBE4, INC., Clearwate...

5. The method of claim 1, wherein (a) further comprises identifying, by the campaign controller, the data associated with the user from one of a directory service, an email, an electronic calendar or a human resource system.

US Pat. No. 10,237,302

SYSTEM AND METHODS FOR REVERSE VISHING AND POINT OF FAILURE REMEDIAL TRAINING

KNOWBE4, INC., Clearwate...

1. A method for identifying users who fail a simulated phishing attack associated with telephone numbers, the method comprising:(a) selecting, by a simulated phishing campaign manager, a telephone number and a reference identifier to be identified in a simulated phishing communication to be communicated to a user of a plurality of users;
(b) communicating, by the simulated phishing campaign manager to a device of the user, the simulated phishing communication comprising the telephone number and the reference identifier selected for the user;
(c) receiving, by the simulated phishing campaign manager, information indicating that the user called the telephone number and provided the reference identifier corresponding to the user; and
(d) identifying, by the simulated phishing campaign manager responsive to the information, the user as failing the simulated phishing attack.

US Pat. No. 10,540,493

SYSTEM AND METHODS FOR MINIMIZING ORGANIZATION RISK FROM USERS ASSOCIATED WITH A PASSWORD BREACH

KnowBe4, Inc., Clearwate...

1. A method for providing electronic training to users with passwords associated with a data breach, the method comprising:(a) determining, by a server, a plurality of users with passwords associated with one or more data breaches and for each of the plurality of users a corresponding type of password breach selected from a plurality of types of password breach, the server establishing a user risk score for each of the plurality of users based at least on the corresponding type of password breach;
(b) selecting, by the server, a first one or more users of the plurality of users based at least on a first type of password breach from the plurality of types of password breach;
(c) generating, by the server responsive to the selection, a first electronic training campaign configured to train the first one or more users on using passwords based at least on the first type of password breach; and
(d) communicating, by the server, the first electronic training campaign to one or more devices of the first one or more users, the server modifying the user risk score for at least one user of the first one or more users based at least on a result of the first electronic training campaign.

US Pat. No. 10,332,003

SYSTEMS AND METHODS FOR AIDA BASED ANALYTICS AND REPORTING

KNOWBE4, INC., Clearwate...

1. A method for training models using results of simulated phishing campaigns, the method comprising:(a) extracting, by an exporter executing on one or more processors, coupled to memory, records selected from a database storing results from a plurality of simulated phishing campaigns;
(b) creating, by the exporter from the extracted records, one or more files configured in a format suitable as input for training models;
(c) training, by a model trainer executing on the one or more processors and using the one or more files as input, a neural network;
(d) establishing, by the model trainer responsive to training the neural network, a model, the model comprising the neural network; and
(e) using, by a campaign controller executing on the one or more processors, the model for communicating simulated phishing communications to one or more devices of one or more users.

US Pat. No. 10,616,275

SYSTEMS AND METHODS FOR SITUATIONAL LOCALIZATION OF AIDA

KnowBe4, Inc., Clearwate...

1. A method comprising:(a) identifying, by one or more processors, information in an electronic calendar of a user indicating one or more situations of the user;
(b) selecting, by the one or more processors using the information in the electronic calendar, a template from a plurality of templates for the simulated phishing campaign based at least on the one or more situations of the user; and
(c) communicating, by the one or more processors, to one or more devices of the user a simulated phishing communication based at least on the selected template.

US Pat. No. 10,581,868

USING SMART GROUPS FOR COMPUTER-BASED SECURITY AWARENESS TRAINING SYSTEMS

KnowBe4, Inc., Clearwate...

1. A method for dynamically identifying members of a group at a time of use of the group, the method comprising(a) establishing, by a server, a group comprising criteria for identifying one or more users from a plurality of users, the group configured to resolve members of the group based on the one or more users matching the criteria at time of execution of the group;
(b) receiving, by the server, an indication to use the group for a simulated phishing campaign, the group being executed responsive to the indication;
(c) performing, by the server responsive to execution of the group a query of the plurality of users to determine which one or more users of the plurality of users match the criteria of the group; and
(d) identifying, by the server responsive to the indication, as members of the group for the simulated phishing campaign the one or more users identified as a result of the query.

US Pat. No. 10,581,910

SYSTEMS AND METHODS FOR AIDA BASED A/B TESTING

KnowBe4, Inc., Clearwate...

1. A method for testing one or more versions of a model used for simulated phishing campaigns, the method comprising:(a) identifying, by a serving module of a campaign controller, a first version of a model to be used by the campaign controller for executing simulated phishing campaigns;
(b) communicating, by the campaign controller, a first simulated phishing communication to a plurality of users using the first version of the model;
(c) receiving, by the campaign controller, a first response from a first user of the plurality of users to the first simulated phishing communication and a second response from a second user of the plurality of users to the first simulated phishing communication;
(d) determining, by the campaign controller, that the first response and the second response are responses of a failed simulated phishing communication interaction;
(e) assigning, by the serving module responsive to the determination, the first user to a first group of users and the second user to a second group of users different from the first group of users; and
(f) identifying, by the serving module, a second version of the model to use for the first user and a third version of the model, different from each of the first version of the model and the second version of the model, to use for the second user.

US Pat. No. 10,581,911

SYSTEMS AND METHODS FOR SUBSCRIPTION MANAGEMENT OF SPECIFIC CLASSIFICATION GROUPS BASED ON USER'S ACTIONS

KnowBe4, Inc., Clearwate...

1. A method comprising:(a) establishing, by one or more processors coupled to memory, a first user group of a plurality of user groups, wherein a type of interaction and a number of times the type of interaction is performed are identified for the first user group;
(b) communicating, by the one or more processors, a first simulated phishing communication to a user of a plurality of users;
(c) receiving, by the one or more processors, a first indication that the user performed the type of interaction with the simulated phishing communication;
(d) communicating, by the one or more processors, a second simulated phishing communication to the user;
(e) receiving, by the one or more processors, a second indication that the user performed the type of interaction with the second simulated phishing communication; and
(f) adding, by the one or more processors responsive to the first and second indication, the user to the first user group.

US Pat. No. 10,581,912

SYSTEMS AND METHODS FOR PERFORMING SIMULATED PHISHING ATTACKS USING SOCIAL ENGINEERING INDICATORS

KnowBe4, Inc., Clearwate...

1. A method comprising:a) identifying a phishing email template from a plurality of phishing email templates for configuring a simulated phishing email;
b) receiving, via an editing tool, specification of one or more social engineering indicators to be configured in the phishing email template, each of the one or more social engineering indicators assigned a flag, wherein a social engineering indicator of the one or more social engineering indicators is configured to be displayed in one of a pop up box or an overlay;
c) generating in the phishing email template by the editing tool, one or more markup tags for each of the one or more social engineering indicators, describing how to identify that type of social engineering indicator;
d) storing, by the editing tool, source code of the phishing email template with the one or more markup tags corresponding to the one or more social engineering indicators; and
e) generating, by the editing tool, a simulated phishing email to be sent to one or more email accounts based on the phishing email template without the one or more markup tags identifying to a recipient that the simulated phishing email is a simulated phishing attack.

US Pat. No. 10,469,519

SYSTEMS AND METHODS FOR PERFORMING OF CREATING SIMULATED PHISHING ATTACKS AND PHISHING ATTACK CAMPAIGNS

KnowBe4, Inc, Clearwater...

1. A system comprising:a campaign manager executable on one or more processors coupled to memory, and configured to establish a campaign for a simulated phishing attack, wherein the campaign identifies a type of exploit and a selection of one or more types of data to collect via configuration of the type of exploit;
a simulation server executable on the one or more processors, and configured to create a simulated phishing email with a link to a landing page comprising the type of exploit configured to collect the one or more types of data; and to communicate the simulated phishing email to email accounts of one or more users; and
wherein responsive to traversal via the link to the landing page, the type of exploit and the one or more types of data collected via the landing page are identified to the simulation server.

US Pat. No. 10,264,018

SYSTEMS AND METHODS FOR ARTIFICIAL MODEL BUILDING TECHNIQUES

KNOWBE4, INC., Clearwate...

1. A method comprising:(a) establishing, by one or more processors of one or more computing devices, a plurality of models, each of the plurality of models for communicating as a predetermined persona via simulated phishing communications, each of the plurality of models trained with a plurality of question and response pairs for the predetermined persona;
(b) selecting, by the one or more processors, a model from the plurality of models to use for a simulated phishing campaign;
(c) generating, by the one or more processors based on the selected model, a response to a question received electronically by the one or more processors from a recipient of a simulated phishing communication during the simulated phishing campaign; and
(d) communicating, by the one or more processors responsive to the received question, the generated response to the recipient as part of the simulated phishing campaign.

US Pat. No. 10,657,248

SYSTEMS AND METHODS FOR USING ATTRIBUTE DATA FOR SYSTEM PROTECTION AND SECURITY AWARENESS TRAINING

KnowBe4, Inc., Clearwate...

1. A method for creating attribute data for a file of an application, the method comprising:(a) registering, by a service executing on a device, a driver into an operating system of the device to monitor processes, the driver configured to receive notifications from the operating system of processes started or terminated on the device;
(b) executing, an attribute data writer on the device, the attribute data writer in communication with the driver to receive notifications from the driver of processes started on the device;
(c) receiving, by the attribute data writer, a process id from the driver for a process of an application detected by the driver as starting on the device;
(d) injecting, by an injector program launched by the attribute data writer, an attribute data writer library into the process of the application corresponding to the process id;
(e) classifying, by the attribute data writer library, the application into a class of a plurality of classes; and
(f) causing, by the attribute data writer library, the application to create attribute data corresponding to the class responsive to a file being one of created or opened by the application.

US Pat. No. 10,362,047

SYSTEMS AND METHODS FOR PROVIDING USER INTERFACES BASED ON ACTIONS ASSOCIATED WITH UNTRUSTED EMAILS

KNOWBE4, INC., Clearwate...

1. A method for providing a user interface to confirm whether to review or take an action associated with a domain that is identified as not trusted, the method comprising(a) monitoring, by a driver on a device, process execution of an application;
(b) detecting, by the driver responsive to monitoring, that the application received an action of a user to access a domain that is identified as not trusted;
(c) intercepting, by the driver, the action of the user prior to accessing the domain;
(d) displaying, by a client service responsive to a signal from the driver while execution of the application is paused, a user interface to receive input from the user to confirm whether to take the action or to revert back to review the action; and
(e) unpausing execution of the application based on the input.