COLLABORATIVE PHISHING ATTACK DETECTION
First Claim
1. A method, comprising:
- receiving a notification that a message has been identified by one or more individuals as a possible phishing attack, the message having been received on a computing device of each of the one or more individuals;
determining whether the message is a simulated phishing attack;
if the message is determined to be a simulated phishing attack, recording in a database that each of the one or more individuals has correctly identified the message as a possible phishing attack; and
if the message is determined not to be a simulated phishing attack,determining whether the message is likely a real phishing attack;
if the message is determined to likely be a real phishing attack,determining a trustworthiness level for each of the one or more individuals; and
processing the message based on the trustworthiness level of each of the one or more individuals; and
if the message is determined to not likely be a real phishing attack, not performing further analysis on the message.
9 Assignments
0 Petitions
Accused Products
Abstract
Described herein are methods, network devices and machine-readable storage media for detecting whether a message is a phishing attack based on the collective responses from one or more individuals who have received that message. The individuals may flag the message as a possible phishing attack, and/or may provide a numerical ranking indicating the likelihood that the message is a possible phishing attack. As responses from different individuals may have a different degree of reliability, each response from an individual may be weighted with a corresponding trustworthiness level of that individual, in an overall determination as to whether a message is a phishing attack. A trustworthiness level of an individual may indicate a degree to which the response of that individual can be trusted and/or relied upon, and may be determined by how well that individual recognized simulated phishing attacks.
147 Citations
7 Claims
-
1. A method, comprising:
-
receiving a notification that a message has been identified by one or more individuals as a possible phishing attack, the message having been received on a computing device of each of the one or more individuals; determining whether the message is a simulated phishing attack; if the message is determined to be a simulated phishing attack, recording in a database that each of the one or more individuals has correctly identified the message as a possible phishing attack; and if the message is determined not to be a simulated phishing attack, determining whether the message is likely a real phishing attack; if the message is determined to likely be a real phishing attack, determining a trustworthiness level for each of the one or more individuals; and processing the message based on the trustworthiness level of each of the one or more individuals; and if the message is determined to not likely be a real phishing attack, not performing further analysis on the message. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification