Identifying user behavior in a distributed computing system
First Claim
Patent Images
1. A computing system, comprising:
- a processor; and
memory storing instructions executable by the processor, wherein the instructions, when executed, configure the computing system to;
based on electronic mail (e-mail) data, identify a set of forwarding e-mail accounts, that are each configured to forward messages to a particular e-mail account;
compare the number of forwarding e-mail accounts in the identified set to a threshold number;
based on the comparison, identify the particular e-mail account as a dropbox e-mail account that is a destination of forwarded messages from the threshold number of forwarding e-mail accounts;
identify, as malicious collection e-mail accounts, at least a subset of the forwarding e-mail accounts that forward messages to the identified dropbox e-mail account;
generate a malicious collection account identifier that identifies the malicious collection e-mail accounts; and
perform a resolution action to resolve the malicious collection e-mail accounts based on the malicious collection account identifier.
1 Assignment
0 Petitions
Accused Products
Abstract
A list of electronic mail (e-mail) accounts is extracted from an electronic mail system. A list of electronic mail accounts, with forwarding enabled, are identified as a set of collection accounts. A dropbox account is identified, from the collection accounts, as a destination e-mail account for the forwarded collection accounts. The collection accounts that forward to the dropbox account that has in excess of a threshold number of collection accounts forwarding to it, are identified as malicious e-mail collection accounts and are forwarded to a resolution system, for resolution.
-
Citations
19 Claims
-
1. A computing system, comprising:
-
a processor; and memory storing instructions executable by the processor, wherein the instructions, when executed, configure the computing system to; based on electronic mail (e-mail) data, identify a set of forwarding e-mail accounts, that are each configured to forward messages to a particular e-mail account; compare the number of forwarding e-mail accounts in the identified set to a threshold number; based on the comparison, identify the particular e-mail account as a dropbox e-mail account that is a destination of forwarded messages from the threshold number of forwarding e-mail accounts; identify, as malicious collection e-mail accounts, at least a subset of the forwarding e-mail accounts that forward messages to the identified dropbox e-mail account; generate a malicious collection account identifier that identifies the malicious collection e-mail accounts; and perform a resolution action to resolve the malicious collection e-mail accounts based on the malicious collection account identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer implemented method, comprising:
-
obtaining electronic mail (e-mail) data indicative of a set of forwarding e-mail accounts, that are each configured to forward messages to particular e-mail account; compare the number of forwarding e-mail accounts in the set to a threshold number; based on the comparison, identifying the particular e-mail account as a dropbox e-mail account that is a destination of forwarded messages from the threshold number of the-forwarding e-mail accounts; identifying, as malicious collection e-mail accounts, at least a subset of the forwarding e-mail accounts that forward messages to the identified dropbox e-mail account; generating a malicious collection account identifier that identifies the malicious collection e-mail accounts; and performing, by a resolution system device, a resolution action to resolve the malicious collection e-mail accounts based on the malicious collection account identifier. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A computing system, comprising:
-
a processor; and memory storing instructions executable by the processor, wherein the instructions, when executed, configure the computing system to provide; a collection account identifying component configured to; based on electronic mail (e-mail) data in a user account data store, identify, as a set of collection accounts, forwarding e-mail accounts that are each configured to forward messages to a particular e-mail account; and generate a collection account identifier indicative of the set of collection accounts; a dropbox account identification component configured to; obtain the collection account identifier; compare the number of accounts, in the set of collection accounts, to a threshold number; based on the comparison, identify the particular e-mail account as a dropbox e-mail account that is a destination of forwarded messages from the threshold number of the forwarding e-mail accounts; malicious collection account identifying component configured to; identify, as malicious collection e-mail accounts, at least a subset of the forwarding e-mail accounts that forward messages to the identified dropbox e-mail account, and generate a malicious collection account identifier identifying the malicious collection e-mail accounts; and a resolution system configured to; based on the malicious collection account identifier, perform a resolution action comprising at least one of; automatically suspend the malicious collection e-mail accounts; automatically re-configure filtering information corresponding to the malicious collection e-mail accounts to inhibit forwarding of messages from the malicious collection e-mail accounts;
orautomatically remove forwarding status information corresponding to the malicious collection e-mail accounts to inhibit forwarding of messages from the malicious collection e-mail accounts. - View Dependent Claims (19)
-
Specification