Method and system for employing automatic reply systems to detect e-mail scammer IP addresses
First Claim
1. A computing system implemented process for employing automatic reply systems to detect e-mail scammer IP addresses comprising:
- providing one or more decoy e-mail addresses associated with one or more computing systems;
receiving a given e-mail at one of the one or more decoy e-mail addresses associated with one or more computing systems;
performing an initial analysis of the given e-mail received at one of the one or more decoy e-mail addresses associated with one or more computing systems;
as a result of the initial analysis of the given e-mail received at one of the one or more decoy e-mail addresses associated with one or more computing systems, preliminarily determining that the given e-mail received at one of the one or more decoy e-mail addresses associated with one or more computing systems is a given scam e-mail;
transforming data indicating a status of the given e-mail received at one of the one or more decoy e-mail addresses associated with one or more computing systems to data indicating a status of scam e-mail;
extracting one or more e-mail addresses from the header or body of the given scam e-mail;
generating a fabricated reply e-mail to the given scam e-mail, the fabricated reply e-mail to the given scam e-mail including one or more mechanisms for determining at least an IP address of the sender of the given scam e-mail;
sending the fabricated reply e-mail to the given scam e-mail to the one or more e-mail addresses extracted from the header or body of the given scam e-mail;
capturing at least an IP address of the sender of the given scam e-mail via the one or more mechanisms for determining at least an IP address of the sender of the given scam e-mail sender included in fabricated reply e-mail to the given scam e-mail; and
using the captured IP address of the sender of the given scam e-mail to identify future scam emails from the sender of the given scam e-mail.
6 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for employing automatic reply systems to detect e-mail scammer IP addresses whereby a decoy system to receive illegitimate e-mails, also known as a “honeypot” is established. E-mails sent to the honeypot decoy e-mail addresses are initially scanned and preliminarily identified as scam e-mails and the fact that the scammer must make contact with the intended user/victim is exploited by analyzing the scam e-mail to identify one or more e-mail addresses in either the header or the body of the preliminarily identified scam e-mail. The one or more identified e-mail addresses are then extracted and fabricated reply e-mails are generated that include one or more mechanisms for ascertaining the IP address of the scammer. The fabricated reply e-mails are then sent to the one or more identified e-mail addresses and when the scammer takes the necessary action, the IP address and browser information associated with scammer is obtained.
-
Citations
20 Claims
-
1. A computing system implemented process for employing automatic reply systems to detect e-mail scammer IP addresses comprising:
-
providing one or more decoy e-mail addresses associated with one or more computing systems; receiving a given e-mail at one of the one or more decoy e-mail addresses associated with one or more computing systems; performing an initial analysis of the given e-mail received at one of the one or more decoy e-mail addresses associated with one or more computing systems; as a result of the initial analysis of the given e-mail received at one of the one or more decoy e-mail addresses associated with one or more computing systems, preliminarily determining that the given e-mail received at one of the one or more decoy e-mail addresses associated with one or more computing systems is a given scam e-mail; transforming data indicating a status of the given e-mail received at one of the one or more decoy e-mail addresses associated with one or more computing systems to data indicating a status of scam e-mail; extracting one or more e-mail addresses from the header or body of the given scam e-mail; generating a fabricated reply e-mail to the given scam e-mail, the fabricated reply e-mail to the given scam e-mail including one or more mechanisms for determining at least an IP address of the sender of the given scam e-mail; sending the fabricated reply e-mail to the given scam e-mail to the one or more e-mail addresses extracted from the header or body of the given scam e-mail; capturing at least an IP address of the sender of the given scam e-mail via the one or more mechanisms for determining at least an IP address of the sender of the given scam e-mail sender included in fabricated reply e-mail to the given scam e-mail; and using the captured IP address of the sender of the given scam e-mail to identify future scam emails from the sender of the given scam e-mail. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for employing automatic reply systems to detect e-mail scammer IP addresses comprising:
-
one or more honeypots associated with one or more decoy e-mail addresses; at least one computing system; a least one processor associated with the at least one computing system, the at least one processor associated with the at least one computing system executing at least part of a computing system implemented process for employing automatic reply systems to detect e-mail scammer IP addresses, the computing system implemented process for employing automatic reply systems to detect e-mail scammer IP addresses comprising; receiving a given e-mail at one of the one or more decoy e-mail addresses associated with the one or more honeypots; performing an initial analysis of the given e-mail received at one of the one or more decoy e-mail addresses associated with the one or more honeypots; as a result of the initial analysis of the given e-mail received at one of the one or more decoy e-mail addresses associated with the one or more honeypots, preliminarily determining that the given e-mail received at one of the one or more decoy e-mail addresses associated with the one or more honeypots is a given scam e-mail; transforming data indicating a status of the given e-mail received at one of the one or more decoy e-mail addresses associated with the one or more honeypots to data indicating a status of scam e-mail; extracting one or more e-mail addresses from the header or body of the given scam e-mail; generating a fabricated reply e-mail to the given scam e-mail, the fabricated reply e-mail to the given scam e-mail including one or more mechanisms for determining at least an IP address of the sender of the given scam e-mail; sending the fabricated reply e-mail to the given scam e-mail to the one or more e-mail addresses extracted from the header or body of the given scam e-mail; capturing at least an IP address of the sender of the given scam e-mail via the one or more mechanisms for determining at least an IP address of the sender of the given scam e-mail sender included in fabricated reply e-mail to the given scam e-mail; and using the captured IP address of the sender of the given scam e-mail to identify future scam emails from the sender of the given scam e-mail. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A method for employing automatic reply systems to detect e-mail scammer IP addresses comprising:
-
providing one or more decoy e-mail addresses associated with one or more computing systems; receiving a given e-mail at one of the one or more decoy e-mail addresses associated with one or more computing systems; performing an initial analysis of the given e-mail received at one of the one or more decoy e-mail addresses associated with one or more computing systems; as a result of the initial analysis of the given e-mail received at one of the one or more decoy e-mail addresses associated with one or more computing systems, preliminarily determining that the given e-mail received at one of the one or more decoy e-mail addresses associated with one or more computing systems is a given scam e-mail; transforming data indicating a status of the given e-mail received at one of the one or more decoy e-mail addresses associated with one or more computing systems to data indicating a status of scam e-mail; extracting one or more e-mail addresses from the header or body of the given scam e-mail; generating a fabricated reply e-mail to the given scam e-mail, the fabricated reply e-mail to the given scam e-mail including one or more mechanisms for determining at least an IP address of the sender of the given scam e-mail; sending the fabricated reply e-mail to the given scam e-mail to the one or more e-mail addresses extracted from the header or body of the given scam e-mail; capturing at least an IP address of the sender of the given scam e-mail via the one or more mechanisms for determining at least an IP address of the sender of the given scam e-mail sender included in fabricated reply e-mail to the given scam e-mail; and using the captured IP address of the sender of the given scam e-mail to identify future scam emails from the sender of the given scam e-mail. - View Dependent Claims (17, 18, 19, 20)
-
Specification