Collaborative phishing attack detection
First Claim
1. A method for enhancing the security of a computing environment, the method comprising:
- generating a simulated phishing email at a networked computing system, wherein;
the simulated phishing email comprises specified identifying header information, and wherein the specified identifying header information is stored in a header of the simulated phishing email;
the simulated phishing email is a non-malicious email that resembles a phishing attack;
the simulated phishing email includes content attempting to lure an individual into performing a target action on a computing device;
when the individual performs the target action on the computing device, performance of the target action does not compromise the computing device or personal information of the individual;
transmitting the simulated phishing email from the networked computing system over a communications network so that it can be delivered in an email account associated with a user;
providing computer-executable instructions for an email client plugin, wherein the instructions provide a user-interface element in the form of a button in the email client for a user interaction in the form of identifying an email received in the email account associated with the user as a suspected phishing email or a simulated phishing email;
providing computer-executable instructions for the email client plugin for receiving a user interaction with the user-interface element displayed to the user in the form of the button while the email received in the email account associated with the user is displayed to the user;
providing computer-executable instructions for the email client plugin for determining when the received email is the simulated phishing email generated by the networked computing system by comparing the specified identifying header information to header information of the received email, wherein when the header information of the received email matches the specified identifying header information, then the received email is indicated as the simulated phishing email generated by the networked computing system;
when the received email is determined to be the simulated phishing email generated by the networked computing system based on the comparing of the header information, then the user interaction with the user interface element in the form of the button causes the plugin to identify the received email in the email account associated with the user as being a simulated phishing email;
when the received email is determined to not be a simulated phishing email generated by the networked computing system based on the comparing of header information, then the user interaction with the user interface element in the form of the button causes the plugin to identify the received email in the email account associated with the user as being a suspected phishing email;
recording data in volatile or non-volatile computer memory indicating whether the received email was identified as a simulated phishing email; and
providing computer-executable instructions for the email client plugin, upon determining that the received email is not a simulated phishing email, causing the received email to be transmitted for analysis as to whether or not it is malicious.
7 Assignments
0 Petitions
Accused Products
Abstract
Described herein are methods, network devices and machine-readable storage media for detecting whether a message is a phishing attack based on the collective responses from one or more individuals who have received that message. The individuals may flag the message as a possible phishing attack, and/or may provide a numerical ranking indicating the likelihood that the message is a possible phishing attack. As responses from different individuals may have a different degree of reliability, each response from an individual may be weighted with a corresponding trustworthiness level of that individual, in an overall determination as to whether a message is a phishing attack. A trustworthiness level of an individual may indicate a degree to which the response of that individual can be trusted and/or relied upon, and may be determined by how well that individual recognized simulated phishing attacks.
-
Citations
14 Claims
-
1. A method for enhancing the security of a computing environment, the method comprising:
-
generating a simulated phishing email at a networked computing system, wherein; the simulated phishing email comprises specified identifying header information, and wherein the specified identifying header information is stored in a header of the simulated phishing email; the simulated phishing email is a non-malicious email that resembles a phishing attack; the simulated phishing email includes content attempting to lure an individual into performing a target action on a computing device; when the individual performs the target action on the computing device, performance of the target action does not compromise the computing device or personal information of the individual; transmitting the simulated phishing email from the networked computing system over a communications network so that it can be delivered in an email account associated with a user; providing computer-executable instructions for an email client plugin, wherein the instructions provide a user-interface element in the form of a button in the email client for a user interaction in the form of identifying an email received in the email account associated with the user as a suspected phishing email or a simulated phishing email; providing computer-executable instructions for the email client plugin for receiving a user interaction with the user-interface element displayed to the user in the form of the button while the email received in the email account associated with the user is displayed to the user; providing computer-executable instructions for the email client plugin for determining when the received email is the simulated phishing email generated by the networked computing system by comparing the specified identifying header information to header information of the received email, wherein when the header information of the received email matches the specified identifying header information, then the received email is indicated as the simulated phishing email generated by the networked computing system; when the received email is determined to be the simulated phishing email generated by the networked computing system based on the comparing of the header information, then the user interaction with the user interface element in the form of the button causes the plugin to identify the received email in the email account associated with the user as being a simulated phishing email; when the received email is determined to not be a simulated phishing email generated by the networked computing system based on the comparing of header information, then the user interaction with the user interface element in the form of the button causes the plugin to identify the received email in the email account associated with the user as being a suspected phishing email; recording data in volatile or non-volatile computer memory indicating whether the received email was identified as a simulated phishing email; and providing computer-executable instructions for the email client plugin, upon determining that the received email is not a simulated phishing email, causing the received email to be transmitted for analysis as to whether or not it is malicious. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for enhancing the security of a computing environment, the system comprising a processor and data store with computer-executable instructions for:
-
generating a simulated phishing email at a networked computing system, wherein; the simulated phishing email comprises specified identifying header information, and wherein the specified identifying header information is stored in a header of the simulated phishing email; the simulated phishing email is a non-malicious email that resembles a phishing attack; the simulated phishing email includes content attempting to lure an individual into performing a target action on a computing device; when the individual performs the target action on the computing device, performance of the target action does not compromise the computing device or personal information of the individual; transmitting the simulated phishing email from the networked computing system over a communications network so that it can be delivered in an email account associated with a user; an email client plugin with computer-executable instructions for; a user-interface element in the form of a button in the email client for a user interaction in the form of identifying an email received in the email account associated with the user as a suspected phishing email or a simulated phishing email; receiving a user interaction with the user-interface element displayed to the user in the form of a button while the email received in the email account associated with the user is displayed to the user; determining when the received email is the simulated phishing email generated by the networked computing system by comparing the specified identifying header information to header information of the received email, wherein when the header information of the received email matches the specified identifying header information, then the received email is indicated as the simulated phishing email generated by the networked computing system; when the received email is determined to be the simulated phishing email generated by the networked computing system based on the comparing of the header information, then the user interaction with the user interface element in the form of the button causes the plugin to identify the received email in the email account associated with the user as being a simulated phishing email; when the received email is determined to not be a simulated phishing email generated by the networked computing system based on the comparing of header information, then the user interaction with the user interface element in the form of the button causes the plugin to identify the received email in the email account associated with the user as being a suspected phishing email; recording data in volatile or non-volatile computer memory indicating whether the received email was identified as a simulated phishing email; and upon determining that the received email is not a simulated phishing email, causing the received email to be transmitted for analysis as to whether or not it is malicious. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification