Detection of a spear-phishing phone call

US 10,244,109 B2
Filed: 07/13/2016
Issued: 03/26/2019
Est. Priority Date: 07/13/2016
Status: Active Grant

First Claim

Patent Images

1. A method, in a data processing system, for detection of a spear-phishing phone call, the method comprising:

responsive to an individual receiving a phone call from a calling party, determining whether the phone call has at least two identifiable traits from a set of identifiable traits that are identified as being associated with spear-phishing, wherein the set of identifiable traits includes an identification via voice analysis of the calling party of a count of mispronounced words exceeding a predetermined number, an identification of a website being accessed by the individual during the phone conversation that requires personal information, an identification of a website being accessed by the individual during the phone conversation is not trusted by anti-virus protection, an identification of remote access or control of the data processing system being requested or given to the caller during the phone conversation, or an identification that the phone call originates from a blocked phone number, a private phone number, or otherwise unidentifiable phone number;

responsive to identifying that the phone call has at least two identifiable traits from the set of identifiable traits that are identified as being associated with spear-phishing, identifying an associated weighted risk value for each of the identified traits associated with the phone call from the set of identifiable traits;

calculating a total risk value using each weighted risk value associated with each identified trait associated with the phone call; and

responsive to the total risk value exceeding a predetermined risk value, notifying the individual of the total risk value to enable the individual to take an appropriate action based on the total risk value.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mechanism is provided for detection of a spear-phishing phone call. Responsive to an individual receiving a phone call, a determination is made as to whether the phone call has one or more identifiable traits from a set of identifiable traits that are identified as being associated with spear-phishing. Responsive to identifying that the phone call has one or more identifiable traits from the set of identifiable traits that are identified as being associated with spear-phishing, an associated weighted risk value for each of the identified traits associated with the phone call is identified from the set of identifiable traits. A total risk value is calculated using each weighted risk value associated with each identified trait associated with the phone call. Responsive to the total risk value exceeding a predetermined risk value, the individual is notified of the total risk value to enable the individual to take an appropriate action based on the total risk value.

41 Citations

View as Search Results

16 Claims

1. A method, in a data processing system, for detection of a spear-phishing phone call, the method comprising:
- responsive to an individual receiving a phone call from a calling party, determining whether the phone call has at least two identifiable traits from a set of identifiable traits that are identified as being associated with spear-phishing, wherein the set of identifiable traits includes an identification via voice analysis of the calling party of a count of mispronounced words exceeding a predetermined number, an identification of a website being accessed by the individual during the phone conversation that requires personal information, an identification of a website being accessed by the individual during the phone conversation is not trusted by anti-virus protection, an identification of remote access or control of the data processing system being requested or given to the caller during the phone conversation, or an identification that the phone call originates from a blocked phone number, a private phone number, or otherwise unidentifiable phone number;
  
  responsive to identifying that the phone call has at least two identifiable traits from the set of identifiable traits that are identified as being associated with spear-phishing, identifying an associated weighted risk value for each of the identified traits associated with the phone call from the set of identifiable traits;
  
  calculating a total risk value using each weighted risk value associated with each identified trait associated with the phone call; and
  
  responsive to the total risk value exceeding a predetermined risk value, notifying the individual of the total risk value to enable the individual to take an appropriate action based on the total risk value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein, as the phone call proceeds the total risk value is recalculated as additional identifiable traits are identified.
  - 3. The method of claim 1, wherein, responsive to the total risk value exceeding the predetermined risk value, adding at least one of a caller identifier associated with the phone call to a list of known caller identifiers associated with spear-phishing or a phone number associated with the phone call to a list of known phone numbers associated with spear-phishing.
  - 4. The method of claim 1, wherein the phone call is a Voice over Internet Protocol (VoIP) phone call, a plain old telephone service (POTS) phone call, or a video phone call.
  - 5. The method of claim 1, wherein the set of identifiable traits includes a caller identifier of the phone call matching a known caller identifier associated with spear-phishing.
  - 6. The method of claim 1, wherein the set of identifiable traits includes a phone number of the phone call matching a known phone number associated with spear-phishing.
  - 7. The method of claim 1, wherein the set of identifiable traits includes voice analysis of the calling party being identified as a person known to be associated with spear-phishing.
  - 8. The method of claim 1, wherein the set of identifiable traits includes the calling party requesting key words or phrases, and wherein the key words or phrases include a bank account number, a social security number, or a credit card number.

9. A computer program product comprising a computer readable storage medium having a computer readable program stored therein, wherein the computer readable program, when executed on a computing device, causes the computing device to:
- responsive to an individual receiving a phone call from a calling party, determine whether the phone call has at least two identifiable traits from a set of identifiable traits that are identified as being associated with spear-phishing, wherein the set of identifiable traits includes an identification via voice analysis of the calling party of a count of mispronounced words exceeding a predetermined number, an identification of a website being accessed by the individual during the phone conversation that requires personal information, an identification of a website being accessed by the individual during the phone conversation is not trusted by anti-virus protection, an identification of remote access or control of the data processing system being requested or given to the caller during the phone conversation, or an identification that the phone call originates from a blocked phone number, a private phone number, or otherwise unidentifiable phone number;
  
  responsive to identifying that the phone call has at least two identifiable traits from the set of identifiable traits that are identified as being associated with spear-phishing, identify an associated weighted risk value for each of the identified traits associated with the phone call from the set of identifiable traits;
  
  calculate a total risk value using each weighted risk value associated with each identified trait associated with the phone call; and
  
  responsive to the total risk value exceeding a predetermined risk value, notify the individual of the total risk value to enable the individual to take an appropriate action based on the total risk value.
- View Dependent Claims (10, 11, 12)
- - 10. The computer program product of claim 9, wherein, as the phone call proceeds, the computer readable program further causes the computing device to recalculate the total risk value as additional identifiable traits are identified.
  - 11. The computer program product of claim 9, wherein the computer readable program further causes the computing device to:
    - responsive to the total risk value exceeding the predetermined risk value, add, at least one of a caller identifier associated, with the phone call to a list of known caller identifiers associated with spear-phishing or a phone number associated with the phone call to a list of known phone numbers associated with spear-phishing.
  - 12. The computer program product of claim 9, wherein the phone call is a Voice over Internet Protocol (VoIP) phone call, a plain old telephone service (POTS) phone call, or a video phone call.

13. An apparatus comprising:
- a processor; and
  
  a memory coupled to the processor, wherein the memory comprises instructions which, when executed by the processor, cause the processor to;
  
  responsive to an individual receiving a phone call from a calling party, determine whether the phone call has at least two identifiable traits from a set of identifiable traits that are identified as being associated with spear-phishing, wherein the set of identifiable traits includes an identification via voice analysis of the calling party of a count of mispronounced words exceeding a predetermined number, an identification of a website being accessed by the individual during the phone conversation that requires personal information, an identification of a website being accessed by the individual during the phone conversation is not trusted by anti-virus protection, an identification of remote access or control of the data processing system being requested or given to the caller during the phone conversation, or an identification that the phone call originates from a blocked phone number, a private phone number, or otherwise unidentifiable phone number;
  
  responsive to identifying that the phone call has at least two identifiable traits from the set of identifiable traits that are identified as being associated with spear-phishing, identify an associated weighted risk value for each of the identified traits associated with the phone call from the set of identifiable traits;
  
  calculate a total risk value using each weighted risk value associated with each identified trait associated with the phone call; and
  
  responsive to the total risk value exceeding a predetermined risk value, notify the individual of the total risk value to enable the individual to take an appropriate action based on the total risk value.
- View Dependent Claims (14, 15, 16)
- - 14. The apparatus of claim 13, wherein, as the phone call proceeds, the instructions further cause the processor to recalculate the total risk value as additional identifiable traits are identified.
  - 15. The apparatus of claim 13, wherein the instructions farther cause the processor to:
    - responsive to the total risk value exceeding the predetermined risk value, add at least one of a caller identifier associated with the phone call to a list of known caller identifiers associated with spear-phishing or a phone number associated with the phone call to a list of known phone numbers associated with spear-phishing.
  - 16. The apparatus of claim 13, wherein the phone call is a Voice over Internet Protocol (VoIP) phone call, a plain old telephone service (POTS) phone call, or a video phone call.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Bender, Michael, Childress, Rhonda L., Kumhyr, David B., Spisak, Michael J.
Primary Examiner(s)
Matar, Ahmad F.
Assistant Examiner(s)
Pope, Kharye

Application Number

US15/209,052
Publication Number

US 20180020092A1
Time in Patent Office

986 Days
Field of Search

37911414, 379 9317, 379130, 37914205, 37914217, 37921002, 37921003, 379 8812, 4554141, 455566, 455415, 455410, 4554122
US Class Current
CPC Class Codes

G10L 17/26   Recognition of special voic...

G10L 2015/088   Word spotting

H04L 63/1408   by monitoring network traff...

H04L 63/1441   Countermeasures against mal...

H04L 65/1079   of unsolicited session atte...

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

H04M 2201/12   Counting circuits

H04M 2201/40   using speech recognition sp...

H04M 2201/41   using speaker recognition s...

H04M 2203/6027   Fraud preventions

H04M 3/42042   Notifying the called party ...

H04M 3/42059   Making use of the calling p...

H04M 3/436   Arrangements for screening ...

Detection of a spear-phishing phone call

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

41 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Detection of a spear-phishing phone call

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links