Building an Intelligent, Automated Tiered Phishing System: Matching the Message Level to User Ability

Phishing campaigns and the procedures to run them have remained unchanged since the dawn of the modern era of security awareness training platforms in 2012. The present model uses templates sent at random, assigned based on the level of difficulty of the template, not the user. This study creates a new phishing model, method, and process in which the system matches the phishing message difficulty level to the user’s skill level. The new design factors the current aptitude of the user and the level of the message difficulty. The system is intelligent, automated, dynamic, and platform-agnostic to scale for the size of the enterprise. Analysis of the tiered system produced statistically significant results indicating that the system improves the user’s ability to detect phishing. The system systematically builds the user's skill level and commensurately decreases the risk of falling victim to phishing attacks. There are no other known documented systems like this that are in use at this time. The study discusses forward-looking observations on how practitioners could further enhance this new system when used with User Behavior Analytics and Risk Scoring.