Email anti-phishing inspector
First Claim
Patent Images
1. A method of determining a phishing email using a score, comprising:
- receiving an email message;
parsing the email message into a header and a body;
extracting a URL from the body;
determining a HTML tag associated with the URL;
adjusting the score based on the determined HTML tag;
determining a geographic location of origination for the email message;
adjusting the score based on the determined geographic location of origination; and
determining if the email message is a phishing email message by comparing the score with a predetermined phishing threshold score.
1 Assignment
0 Petitions
Accused Products
Abstract
An application and system for inspecting an email message to determine if the email message is being used in a phishing ploy. When an email recipient receives an email message, the email message is sent to an EScam server for inspection. During its inspection, the EScam server considers various criteria, such as an originating country for an IP address associated with a sender of the email message, and assigns a score to the email message. Based on the score of the email message and threshold levels set within the EScam server, an email client determines whether the email message is part of a phishing ploy or a legitimate email message.
-
Citations
31 Claims
-
1. A method of determining a phishing email using a score, comprising:
-
receiving an email message; parsing the email message into a header and a body; extracting a URL from the body; determining a HTML tag associated with the URL; adjusting the score based on the determined HTML tag; determining a geographic location of origination for the email message; adjusting the score based on the determined geographic location of origination; and determining if the email message is a phishing email message by comparing the score with a predetermined phishing threshold score. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method of determining a phishing email using a score, comprising:
-
receiving an email message comprising a header and a body; extracting a URL from the body; determining a first IP address associated with the URL; determining a markup tag associated with the URL; adjusting the score based on the determined markup tag; determining if the first IP address is associated with one of a high-risk or OFAC country, and adjusting the score based on the association; determining a geographic location of origination for the email message; determining a geographic location of a server associated with the email message; adjusting the score by comparing the geographic location of origination of the email message and the geographic location of the server, and determining if the email message is a phishing email message by comparing the score with a predetermined score. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A method of determining a phishing email using a score, comprising:
-
receiving an email message comprising a header and a body; determining a first set of one more IP addresses from the header; adjusting the score by performing the following steps for each IP address in the first set of IP addresses; determining if the IP address is associated with a trusted country or a non-trusted country; determining if the IP address is associated with a proxy server; determining if the IP address is associated with a reserved address; determining if the IP address is associated with an open relay; determining if the IP address is a dynamic server IP address; and determining if the email message is a phishing email message by comparing the score with a predetermined score. - View Dependent Claims (26, 27, 28, 29, 30, 31)
-
Specification