Defending against malicious electronic messages
First Claim
Patent Images
1. A computer-implemented method for defending against malicious electronic messages, the method comprising:
- analyzing a plurality of electronic messages, wherein each of the electronic messages is either of a) an electronic mail message and b) an instant message sent via a computer network, to identify a plurality of predefined risk elements, wherein the plurality of predefined risk elements include any ofa predefined suspicious word or phrase included in any of the plurality of electronic messages, anda computer network address included in any of the plurality of electronic messages;
detecting an attempt by a computer user to perform a computer-mediated action that is associated with any of the plurality of electronic messages, wherein the computer-mediated action includes either of a) sending information to the computer network address and b) retrieving information located at the computer network address;
assigning a predefined risk value to each of the plurality of predefined risk elements;
determining a total of the risk values of the plurality of predefined risk elements found across the plurality of electronic messages, wherein the plurality of electronic messages are sent by a common sender or sent by multiple senders regarding a common topic;
identifying a potential security risk associated with any of the plurality of electronic messages and the computer-mediated action if the total of the risk values of the plurality of predefined risk elements found across the plurality of electronic messages meets or exceeds a predefined threshold value; and
performing a predefined preventive security action responsive to identifying the potential security risk.
1 Assignment
0 Petitions
Accused Products
Abstract
Defending against malicious electronic messages by analyzing electronic messages sent via a computer network to identify predefined risk elements found within the electronic messages, detecting attempts to perform computer-mediated actions that are associated with the electronic messages, identifying a potential security risk associated with the electronic messages and the computer-mediated actions, and performing a predefined preventive security action responsive to identifying the potential security risk.
-
Citations
7 Claims
-
1. A computer-implemented method for defending against malicious electronic messages, the method comprising:
-
analyzing a plurality of electronic messages, wherein each of the electronic messages is either of a) an electronic mail message and b) an instant message sent via a computer network, to identify a plurality of predefined risk elements, wherein the plurality of predefined risk elements include any of a predefined suspicious word or phrase included in any of the plurality of electronic messages, and a computer network address included in any of the plurality of electronic messages; detecting an attempt by a computer user to perform a computer-mediated action that is associated with any of the plurality of electronic messages, wherein the computer-mediated action includes either of a) sending information to the computer network address and b) retrieving information located at the computer network address; assigning a predefined risk value to each of the plurality of predefined risk elements; determining a total of the risk values of the plurality of predefined risk elements found across the plurality of electronic messages, wherein the plurality of electronic messages are sent by a common sender or sent by multiple senders regarding a common topic; identifying a potential security risk associated with any of the plurality of electronic messages and the computer-mediated action if the total of the risk values of the plurality of predefined risk elements found across the plurality of electronic messages meets or exceeds a predefined threshold value; and performing a predefined preventive security action responsive to identifying the potential security risk. - View Dependent Claims (2, 3)
-
-
4. A system for defending against malicious electronic messages, the system comprising:
-
an electronic message activity monitor configured to analyze a plurality of electronic messages, wherein each of the electronic messages is either of a) an electronic mail message and b) an instant message sent via a computer network, to identify a plurality of predefined risk elements, wherein the plurality of predefined risk elements include any of a predefined suspicious word or phrase included in any of the plurality of electronic messages, and a computer network address included in any of the plurality of electronic messages, and detect an attempt by a computer user to perform a computer-mediated action that is associated with any of the plurality of electronic messages, wherein the computer-mediated action includes either of a) sending information to the computer network address and b) retrieving information located at the computer network address; and a security manager configured to assign a predefined risk value to each of the plurality of predefined risk elements, determine a total of the risk values of the plurality of predefined risk elements found across the plurality of electronic messages, wherein the plurality of electronic messages are sent by a common sender or sent by multiple senders regarding a common topic, identify a potential security risk associated with any of the plurality of electronic messages and the computer-mediated action if a total of the risk values of the plurality of predefined risk elements found across the plurality of electronic messages meets or exceeds a predefined threshold value, and perform a predefined preventive security action responsive to identifying the potential security risk. - View Dependent Claims (5, 6)
-
-
7. A computer program product for defending against malicious electronic messages, the computer program product comprising:
-
a non-transitory, computer-readable storage medium; and computer-readable program code embodied in the storage medium, wherein the computer-readable program code is configured to analyze a plurality of electronic messages, wherein each of the electronic messages is either of a) an electronic mail message and b) an instant message sent via a computer network, to identify a plurality of predefined risk elements, wherein the plurality of predefined risk elements include any of a predefined suspicious word or phrase included in any of the plurality of electronic messages, and a computer network address included in any of the plurality of electronic messages, detect an attempt by a computer user to perform a computer-mediated action that is associated with any of the plurality of electronic messages, wherein the computer-mediated action includes either of a) sending information to the computer network address and b) retrieving information located at the computer network address, determine a total of the risk values of the plurality of predefined risk elements found across the plurality of electronic messages, wherein the plurality of electronic messages are sent by a common sender or sent by multiple senders regarding a common topic, assign a predefined risk value to each of the plurality of predefined risk elements, identify a potential security risk associated with any of the plurality of electronic messages and the computer-mediated action if a total of the risk values of the plurality of predefined risk elements found across the plurality of electronic messages meets or exceeds a predefined threshold value, and perform a predefined preventive security action responsive to identifying the potential security risk.
-
Specification