Method and system for employing phone number analysis to detect and prevent spam and e-mail scams

US 7,917,655 B1
Filed: 10/23/2009
Issued: 03/29/2011
Est. Priority Date: 10/23/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A computing system implemented process for identifying scam e-mails using phone number analysis comprising:

defining one or more potential scam e-mail identification rules;

storing data representing the one or more potential scam e-mail identification rules in a data storage device;

defining one or more phone number detection parameters;

storing data representing the one or more phone number detection parameters in a data storage device;

using one or more processors associated with at least one computing system to scan e-mails directed to a given computing system using the one or more phone number detection parameters to identify any potential phone numbers in the e-mails directed to the given computing system;

identifying one or more potential phone numbers in at least one of the e-mails directed to the given computing system;

using the one or more processors associated with at least one computing system to normalize the identified one or more potential phone numbers in at least one of the e-mails directed to the given computing system;

using the one or more processors associated with at least one computing system to analyze the normalized one or more potential phone numbers in at least one of the e-mails directed to the given computing system using the data representing the one or more potential scam e-mail identification rules to identify potential scam phone numbers of the one or more potential phone numbers in at least one of the e-mails directed to the given computing system; and

applying the one or more potential scam e-mail identification rules to the at least one of the e-mails directed to the given computing system that includes the identified potential scam phone numbers to transform a status of the at least one of the e-mails directed to the given computing system that includes the identified potential scam phone numbers to the status of potential scam e-mail.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for identifying scam e-mails using phone number analysis whereby a set of potential scam e-mail identification rules is created and data representing the potential scam e-mail identification rules is stored in a data storage device. Incoming e-mails are then scanned under the direction of one or more processors by an e-mail security system to detect phone numbers present in the incoming e-mails using one or more phone number detection parameters. Any potential phone numbers detected using the one or more phone number detection parameters are then normalized. In one embodiment, the normalized potential phone numbers are then analyzed using the potential scam e-mail identification rules to identify potential scam phone numbers. The e-mails including the identified potential scam phone numbers then have their status transformed to that of potential scam e-mails.

54 Citations

View as Search Results

20 Claims

1. A computing system implemented process for identifying scam e-mails using phone number analysis comprising:
- defining one or more potential scam e-mail identification rules;
  
  storing data representing the one or more potential scam e-mail identification rules in a data storage device;
  
  defining one or more phone number detection parameters;
  
  storing data representing the one or more phone number detection parameters in a data storage device;
  
  using one or more processors associated with at least one computing system to scan e-mails directed to a given computing system using the one or more phone number detection parameters to identify any potential phone numbers in the e-mails directed to the given computing system;
  
  identifying one or more potential phone numbers in at least one of the e-mails directed to the given computing system;
  
  using the one or more processors associated with at least one computing system to normalize the identified one or more potential phone numbers in at least one of the e-mails directed to the given computing system;
  
  using the one or more processors associated with at least one computing system to analyze the normalized one or more potential phone numbers in at least one of the e-mails directed to the given computing system using the data representing the one or more potential scam e-mail identification rules to identify potential scam phone numbers of the one or more potential phone numbers in at least one of the e-mails directed to the given computing system; and
  
  applying the one or more potential scam e-mail identification rules to the at least one of the e-mails directed to the given computing system that includes the identified potential scam phone numbers to transform a status of the at least one of the e-mails directed to the given computing system that includes the identified potential scam phone numbers to the status of potential scam e-mail.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computing system implemented process for identifying scam e-mails using phone number analysis of claim 1, wherein:
    - at least one of the one or more potential scam e-mail identification rules is selected from the group of potential scam e-mail identification rules consisting of;
      
      one or more rules requiring that e-mails including phone numbers indicating a defined suspicious country of origin be given a status of potential scam e-mail;
      
      one or more rules requiring that e-mails including phone numbers indicating a defined suspicious area of origin within a country be given a status of potential scam e-mail;
      
      one or more rules requiring that e-mails including phone numbers indicating a defined phone type be given a status of potential scam e-mail;
      
      one or more rules requiring that e-mails including phone numbers of a defined type be given a status of potential scam e-mail;
      
      one or more rules requiring that e-mails including specific known scam phone numbers, or number sequences, be given a status of potential scam e-mail; and
      
      one or more rules requiring that e-mails including phone numbers and defined text be given a status of potential scam e-mail.
  - 3. The computing system implemented process for identifying scam e-mails using phone number analysis of claim 1, wherein:
    - at least one of the one or more phone number detection parameters is selected from the group of phone number detection parameters consisting of;
      
      the presence of international prefixes;
      
      the presence of area codes;
      
      the presence of defined keywords, text, punctuation, or phrases, in a given language, followed by numbers;
      
      the presence of a defined number of numbers; and
      
      the presence of defined formatting of numbers.
  - 4. The computing system implemented process for identifying scam e-mails using phone number analysis of claim 1, further comprising:
    - preventing the at least one of the e-mails directed to the given computing system having the status of potential scam e-mail from being passed to the given computing system.
  - 5. The computing system implemented process for identifying scam e-mails using phone number analysis of claim 4, further comprising:
    - preventing the at least one of the e-mails directed to the given computing system having the status of potential scam e-mail from being passed to the given computing system and performing further analysis on the at least one of the e-mails directed to the given computing system having the status of potential scam e-mail.
  - 6. The computing system implemented process for identifying scam e-mails using phone number analysis of claim 5, wherein:
    - performing further analysis on the at least one of the e-mails directed to the given computing system having the status of potential scam e-mail includes requesting input from a user of the given computing system regarding the at least one of the e-mails directed to the given computing system having the status of potential scam e-mail.
  - 7. The computing system implemented process for identifying scam e-mails using phone number analysis of claim 1, wherein:
    - the one or more processors associated with at least one computing system are one or more processors associated with at least one security system provider computing system.
  - 8. The computing system implemented process for identifying scam e-mails using phone number analysis of claim 1, wherein:
    - the one or more processors associated with at least one computing system are one or more processors associated with the given computing system.

9. A system for identifying scam e-mails using phone number analysis comprising:
- a user computing system;
  
  a security system associated with the user computing system;
  
  a security system provider computing system;
  
  a least one processor associated with the security system provider computing system, the at least one processor associated with the security system provider computing system executing at least part of a computing system implemented process for identifying scam e-mails using phone number analysis, the computing system implemented process for identifying scam e-mails using phone number analysis comprising;
  
  defining one or more potential scam e-mail identification rules;
  
  storing data representing the one or more potential scam e-mail identification rules in a data storage device;
  
  defining one or more phone number detection parameters;
  
  storing data representing the one or more phone number detection parameters in a data storage device;
  
  using the at least one processor associated with the security service provider computing system to scan e-mails directed to the user computing system using the one or more phone number detection parameters to identify any potential phone numbers in the e-mails directed to the user computing system;
  
  identifying one or more potential phone numbers in at least one of the e-mails directed to the user computing system;
  
  using the at least one processor associated with the security system provider computing system to normalize the identified one or more potential phone numbers in at least one of the e-mails directed to the user computing system;
  
  using the at least one processor associated with the security system provider computing system to analyze the normalized one or more potential phone numbers in at least one of the e-mails directed to the user computing system using the data representing the one or more potential scam e-mail identification rules to identify potential scam phone numbers of the one or more potential phone numbers in at least one of the e-mails directed to the user computing system; and
  
  applying the one or more potential scam e-mail identification rules to the at least one of the e-mails directed to the user computing system that includes the identified potential scam phone numbers to transform a status of the at least one of the e-mails directed to the user computing system that includes the identified potential scam phone numbers to the status of potential scam e-mail.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The computing system implemented process for identifying scam e-mails using phone number analysis of claim 9, wherein:
    - at least one of the one or more potential scam e-mail identification rules is selected from the group of potential scam e-mail identification rules consisting of;
      
      one or more rules requiring that e-mails including phone numbers indicating a defined suspicious country of origin be given a status of potential scam e-mail;
      
      one or more rules requiring that e-mails including phone numbers indicating a defined suspicious area of origin within a country be given a status of potential scam e-mail;
      
      one or more rules requiring that e-mails including phone numbers indicating a defined phone type be given a status of potential scam e-mail;
      
      one or more rules requiring that e-mails including phone numbers of a defined type be given a status of potential scam e-mail;
      
      one or more rules requiring that e-mails including specific known scam phone numbers, or number sequences, be given a status of potential scam e-mail; and
      
      one or more rules requiring that e-mails including phone numbers and defined text be given a status of potential scam e-mail.
  - 11. The computing system implemented process for identifying scam e-mails using phone number analysis of claim 9, wherein:
    - at least one of the one or more phone number detection parameters is selected from the group of phone number detection parameters consisting of;
      
      the presence of international prefixes;
      
      the presence of area codes;
      
      the presence of defined keywords, text, punctuation, or phrases, in a given language, followed by numbers;
      
      the presence of a defined number of numbers; and
      
      the presence of defined formatting of numbers.
  - 12. The computing system implemented process for identifying scam e-mails using phone number analysis of claim 9, further comprising:
    - preventing the at least one of the e-mails directed to the user computing system having the status of potential scam e-mail from being passed to the user computing system.
  - 13. The computing system implemented process for identifying scam e-mails using phone number analysis of claim 12, further comprising:
    - preventing the at least one of the e-mails directed to the user computing system having the status of potential scam e-mail from being passed to the user computing system and performing further analysis on the at least one of the e-mails directed to the user computing system having the status of potential scam e-mail.
  - 14. The computing system implemented process for identifying scam e-mails using phone number analysis of claim 13, wherein:
    - performing further analysis on the at least one of the e-mails directed to the user computing system having the status of potential scam e-mail includes requesting input from a user of the user computing system regarding the at least one of the e-mails directed to the user computing system having the status of potential scam e-mail.

15. A system for identifying scam e-mails using phone number analysis comprising:
- a user computing system;
  
  a least one processor associated with the user computing system, the at least one processor associated with the user computing system executing at least part of a computing system implemented process for identifying scam e-mails using phone number analysis, the computing system implemented process for identifying scam e-mails using phone number analysis comprising;
  
  defining one or more potential scam e-mail identification rules;
  
  storing data representing the one or more potential scam e-mail identification rules in a data storage device;
  
  defining one or more phone number detection parameters;
  
  storing data representing the one or more phone number detection parameters in a data storage device;
  
  using the at least one processor associated with the user computing system to scan e-mails directed to the user computing system using the one or more phone number detection parameters to identify any potential phone numbers in the e-mails directed to the user computing system;
  
  identifying one or more potential phone numbers in at least one of the e-mails directed to the user computing system;
  
  using the at least one processor associated with the user computing system to normalize the identified one or more potential phone numbers in at least one of the e-mails directed to the user computing system;
  
  using the at least one processor associated with the user computing system to analyze the normalized one or more potential phone numbers in at least one of the e-mails directed to the user computing system using the data representing the one or more potential scam e-mail identification rules to identify potential scam phone numbers of the one or more potential phone numbers in at least one of the e-mails directed to the user computing system; and
  
  applying the one or more potential scam e-mail identification rules to the at least one of the e-mails directed to the user computing system that includes the identified potential scam phone numbers to transform a status of the at least one of the e-mails directed to the user computing system that includes the identified potential scam phone numbers to the status of potential scam e-mail.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computing system implemented process for identifying scam e-mails using phone number analysis of claim 15, wherein:
    - at least one of the one or more potential scam e-mail identification rules is selected from the group of potential scam e-mail identification rules consisting of;
      
      one or more rules requiring that e-mails including phone numbers indicating a defined suspicious country of origin be given a status of potential scam e-mail;
      
      one or more rules requiring that e-mails including phone numbers indicating a defined suspicious area of origin within a country be given a status of potential scam e-mail;
      
      one or more rules requiring that e-mails including phone numbers indicating a defined phone type be given a status of potential scam e-mail;
      
      one or more rules requiring that e-mails including phone numbers of a defined type be given a status of potential scam e-mail;
      
      one or more rules requiring that e-mails including specific known scam phone numbers, or number sequences, be given a status of potential scam e-mail; and
      
      one or more rules requiring that e-mails including phone numbers and defined text be given a status of potential scam e-mail.
  - 17. The computing system implemented process for identifying scam e-mails using phone number analysis of claim 15, wherein:
    - at least one of the one or more phone number detection parameters is selected from the group of phone number detection parameters consisting of;
      
      the presence of international prefixes;
      
      the presence of area codes;
      
      the presence of defined keywords, text, or phrases, punctuation, in a given language, followed by numbers;
      
      the presence of a defined number of numbers; and
      
      the presence of defined formatting of numbers.
  - 18. The computing system implemented process for identifying scam e-mails using phone number analysis of claim 15, further comprising:
    - preventing the at least one of the e-mails directed to the user computing system having the status of potential scam e-mail from being passed to an e-mail inbox associated with the user computing system.
  - 19. The computing system implemented process for identifying scam e-mails using phone number analysis of claim 18, further comprising:
    - preventing the at least one of the e-mails directed to the user computing system having the status of potential scam e-mail from being passed to the e-mail inbox associated with the user computing system and performing further analysis on the at least one of the e-mails directed to the user computing system having the status of potential scam e-mail.
  - 20. The computing system implemented process for identifying scam e-mails using phone number analysis of claim 19, wherein:
    - performing further analysis on the at least one of the e-mails directed to the user computing system having the status of potential scam e-mail includes requesting user input regarding the at least one of the e-mails directed to a given computing system having the status of potential scam e-mail.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gen Digital Inc.
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Coomer, Graham, Johnston, Nicholas
Primary Examiner(s)
Patel; Haresh N

Application Number

US12/604,671
Time in Patent Office

522 Days
Field of Search

709/203, 709/206, 709217-228, 709/248, 726/22, 726/23, 726/4, 726/16
US Class Current

709/248
CPC Class Codes

G06Q 10/107 Computer-aided management o...

Method and system for employing phone number analysis to detect and prevent spam and e-mail scams

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

54 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for employing phone number analysis to detect and prevent spam and e-mail scams

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links