Mitigating communication risk by detecting similarity to a trusted message contact
First Claim
1. A method, comprising:
- determining a measure of trust associated with a sender of a message;
determining a measure of similarity between an identifier of the sender of the message and each identifier of one or more identifiers of each trusted contact of a plurality of trusted contacts of a recipient of the message;
determining a measure of spoofing risk associated with the sender;
combining, at a system that includes one or more servers, the measure of similarity with at least one of the measure of trust or the measure of spoofing risk to determine a combined measure of risk associated with the message, wherein the sender of the message is not any of the trusted contacts but at least one of the measure of similarity between the identifier of the sender of the message and a selected identifier of a selected trusted contact of the plurality of trusted contacts meets a threshold; and
based at least in part on the combined measure of risk associated with the message, modifying, at the system that includes the one or more servers, the message to alter content of a data field that includes an identification of the sender of the message, wherein the data field is one of a plurality of data fields included in a header of the message.
3 Assignments
0 Petitions
Accused Products
Abstract
A measure of similarity between an identifier of a sender of the message and each identifier of one or more identifiers of each trusted contact of a plurality of trusted contacts of a recipient of the message is determined. In the event the sender of the message is not any of the trusted contacts but at least one of the measure of similarity between the identifier of the sender of the message and a selected identifier of a selected trusted contact of the plurality of trusted contacts meets a threshold, the message is modified, if applicable, to alter content of a data field that includes an identification of the sender of the message. The data field is one of a plurality of data fields included in a header of the message.
-
Citations
20 Claims
-
1. A method, comprising:
-
determining a measure of trust associated with a sender of a message; determining a measure of similarity between an identifier of the sender of the message and each identifier of one or more identifiers of each trusted contact of a plurality of trusted contacts of a recipient of the message; determining a measure of spoofing risk associated with the sender; combining, at a system that includes one or more servers, the measure of similarity with at least one of the measure of trust or the measure of spoofing risk to determine a combined measure of risk associated with the message, wherein the sender of the message is not any of the trusted contacts but at least one of the measure of similarity between the identifier of the sender of the message and a selected identifier of a selected trusted contact of the plurality of trusted contacts meets a threshold; and based at least in part on the combined measure of risk associated with the message, modifying, at the system that includes the one or more servers, the message to alter content of a data field that includes an identification of the sender of the message, wherein the data field is one of a plurality of data fields included in a header of the message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system, comprising:
-
a processor configured to; determine a measure of trust associated with a sender of a message; determine a measure of similarity between an identifier of the sender of the message and each identifier of one or more identifiers of each trusted contact of a plurality of trusted contacts of a recipient of the message; determine a measure of spoofing risk associated with the sender; combine the measure of similarity with at least one of the measure of trust or the measure of spoofing risk to determine a combined measure of risk associated with the message, wherein the sender of the message is not any of the trusted contacts but at least one of the measure of similarity between the identifier of the sender of the message and a selected identifier of a selected trusted contact of the plurality of trusted contacts meets a threshold; and based at least in part on the combined measure of risk associated with the message, modify, at the system that includes the one or more servers, the message to alter content of a data field that includes an identification of the sender of the message, wherein the data field is one of a plurality of data fields included in a header of the message; and a memory coupled to the processor and configured to provide the processor with instructions.
-
-
20. A computer program product, the computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions for:
-
determining a measure of trust associated with a sender of a message; determining a measure of similarity between an identifier of the sender of the message and each identifier of one or more identifiers of each trusted contact of a plurality of trusted contacts of a recipient of the message; determining a measure of spoofing risk associated with the sender; combining the measure of similarity with at least one of the measure of trust or the measure of spoofing risk to determine a combined measure of risk associated with the message, wherein the sender of the message is not any of the trusted contacts but at least one of the measure of similarity between the identifier of the sender of the message and a selected identifier of a selected trusted contact of the plurality of trusted contacts meets a threshold; and based at least in part on the combined measure of risk associated with the message, modifying, at the system that includes the one or more servers, the message to alter content of a data field that includes an identification of the sender of the message, wherein the data field is one of a plurality of data fields included in a header of the message.
-
Specification