Identifying malicious messages based on received message data of the sender
First Claim
1. A data processing method providing an improvement in computer security and comprising:
- receiving, at a security computing device executing one or more message security applications, an electronic digital message that is directed to a receiving account;
using the security computing device, identifying a sending account associated with the electronic digital message and from which the electronic digital message was sent;
transmitting, to a message server, a request to obtain a count of messages received by any of a plurality of primary recipient accounts from a plurality of secondary sending accounts where the sending account was a secondary recipient, and receiving the count of messages in response to the request;
using the security computing device, determining that the sending account satisfies one or more received message criteria by determining that the count of messages is less than a threshold number of messages;
in response to the determining, using the security computing device, performing a responsive action relating to the electronic digital message.
4 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for providing an improvement to computer security relating to electronic digital messages are provided. In an embodiment, a computing device receives an electronic digital message that is sent to a receiving account. The computing device identifies a sending account associated with the electronic digital message and from which the electronic digital message was sent. The computing device obtains metadata relating to the sending account, the metadata including received message data that is related to a number of messages that have been received by the sending account. The computing device determines that the sending account satisfies a received message criteria based, at least in part, on the received message data and, in response, performs a responsive action relating to the electronic digital message.
17 Citations
21 Claims
-
1. A data processing method providing an improvement in computer security and comprising:
-
receiving, at a security computing device executing one or more message security applications, an electronic digital message that is directed to a receiving account; using the security computing device, identifying a sending account associated with the electronic digital message and from which the electronic digital message was sent; transmitting, to a message server, a request to obtain a count of messages received by any of a plurality of primary recipient accounts from a plurality of secondary sending accounts where the sending account was a secondary recipient, and receiving the count of messages in response to the request; using the security computing device, determining that the sending account satisfies one or more received message criteria by determining that the count of messages is less than a threshold number of messages; in response to the determining, using the security computing device, performing a responsive action relating to the electronic digital message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A data processing method providing an improvement in computer security and comprising:
-
receiving, at a security computing device implemented to execute one or more message security applications an e-mail message that is directed to a receiving account; identifying, by the security computing device, a sending account associated with the e-mail message and from which the e-mail message was sent; transmitting, to a host computer of the sending account, a request to obtain a count of messages received by any of a plurality of primary recipient accounts from a plurality of secondary sending accounts where the sending account was a secondary recipient, and receiving the count of messages in response to the request; using the security computing device, in response to determining that the count of messages is less than a specified number, performing a responsive action relating to the e-mail message, the responsive action comprising one or more of; causing the e-mail message to be quarantined; marking the sending account as a potential phishing account; increasing a value identifying a likelihood that the sending account is a phishing account; analyzing one or more hyperlinks in the e-mail message; scanning one or more attachments in the e-mail message for viruses; dropping and not delivering the e-mail message to the receiving account; transmitting one or more notifications or alerts relating to the e-mail message. - View Dependent Claims (11, 12)
-
-
13. A system comprising:
-
one or more processors; a memory communicatively coupled to the one or more processors storing instructions which, when executed by the one or more processors, cause performance of; receiving an electronic digital message that is directed to a receiving account; identifying a sending account associated with the electronic digital message and from which the electronic digital message was sent; transmitting, to a message server, a request to obtain a count of messages received by any of a plurality of primary recipient accounts from a plurality of secondary sending accounts where the sending account was a secondary recipient, and receiving the count of messages in response to the request; determining that the sending account satisfies one or more received message criteria by determining that the count of messages is less than a threshold number of messages; in response to the determining, performing a responsive action relating to the electronic digital message. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
Specification