Method and system to detect and prevent e-mail scams
First Claim
1. A computing system implemented process for identifying 419 messages in a live message stream comprising:
- subjecting a message from a live message stream directed to a user computing system to an anti-spam pipeline, the anti-spam pipeline including;
a dynamic feedback-based heuristic filter stage, the dynamic feedback-based heuristic filter stage using one or more processors associated with one or more computing systems to analyze the message using heuristics utilizing one or more feedback-based potential 419 message parameters obtained from actual 419 messages identified by historical applications of the process for identifying 419 messages in a live message stream;
if, as a result of the analysis of the message by the dynamic feedback-based heuristic filter stage, the message is determined to be a potential 419 message, removing the message from further processing by the computing system implemented process for identifying 419 messages in a live message stream;
if, as a result of the analysis of the message by the dynamic feedback-based heuristic filter stage, the message is not determined to be a potential 419 message, transferring the message to a 419 text-based heuristic filter stage, the 419 text-based heuristic filter stage using one or more processors associated with one or more computing systems to analyze the message using heuristics utilizing one or more text based 419 identification parameters;
if, as a result of the analysis of the message by the 419 text-based heuristic filter stage, the message is determined to be a potential 419 message, removing the message from further processing by the computing system implemented process for identifying 419 messages in a live message stream;
if, as a result of the analysis of the message by 419 text-based heuristic filter stage, the message is not determined to be a potential 419 message, transferring the message to one or more metadata creating heuristic filter stages, the one or more metadata creating heuristic filter stages using one or more processors associated with one or more computing systems to analyze the message and generate a metadata set including one or more metadata entries associated with the message;
transferring the message and the metadata set including one or more metadata entries associated with the message to a metadata analysis stage, the metadata analysis stage using one or more processors associated with one or more computing systems to analyze the metadata set including one or more metadata entries associated with the message using heuristics utilizing one or more metadata-based 419 message identification parameters;
if, as a result of the analysis of the message by the metadata analysis stage, the message is not determined to be a potential 419 message, removing the message from further processing by the computing system implemented process for identifying 419 messages in a live message stream;
if, as a result of the analysis of the message by the metadata analysis stage, the message is determined to be a potential 419 message, using one or more processors associated with one or more computing systems to transform data indicating a status of the message determined to be a potential 419 message to data indicating the message is a potential 419 message;
using one or more processors associated with one or more computing systems to analyze the potential 419 message to identify one or more potential 419 message parameters associated with the message;
using one or more processors associated with one or more computing systems to transform data representing the one or more potential 419 message parameters associated with the message to data representing one or more feedback-based 419 message parameters; and
using one or more processors associated with one or more computing systems to transfer the data representing one or more feedback-based 419 message parameters to the dynamic feedback-based heuristic filter stage of the anti-spam pipeline for use with one or more heuristics.
6 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for identifying 419 messages in a live message stream whereby an incoming message in a live message stream is subjected to an anti-spam pipeline made up of multiple anti-spam stages or filters including a whitelist filter stage, a dynamic feedback-based heuristic filter stage, a 419 text-based heuristic filter stage, one or more metadata creating heuristic filter stages, and a metadata analysis stage. A message is removed from the live analysis of the anti-spam pipeline at any stage where the message is identified as either a potential 419 message or a potential legitimate message. Consequently, processing costs are minimized since no resources are used on messages that have already been classified as either a potential 419 message or a potential legitimate message. In addition, even when a given message is processed by the entire anti-spam pipeline, and the costs are incurred, the information obtained by the application of the entire anti-spam pipeline is used to supplement or update the dynamic feedback-based heuristic filter stage. Consequently, the cost of applying the entire anti-spam pipeline to a message is potentially offset by the valuable feedback results that are used to improve future processing speed and accuracy.
52 Citations
20 Claims
-
1. A computing system implemented process for identifying 419 messages in a live message stream comprising:
-
subjecting a message from a live message stream directed to a user computing system to an anti-spam pipeline, the anti-spam pipeline including; a dynamic feedback-based heuristic filter stage, the dynamic feedback-based heuristic filter stage using one or more processors associated with one or more computing systems to analyze the message using heuristics utilizing one or more feedback-based potential 419 message parameters obtained from actual 419 messages identified by historical applications of the process for identifying 419 messages in a live message stream; if, as a result of the analysis of the message by the dynamic feedback-based heuristic filter stage, the message is determined to be a potential 419 message, removing the message from further processing by the computing system implemented process for identifying 419 messages in a live message stream; if, as a result of the analysis of the message by the dynamic feedback-based heuristic filter stage, the message is not determined to be a potential 419 message, transferring the message to a 419 text-based heuristic filter stage, the 419 text-based heuristic filter stage using one or more processors associated with one or more computing systems to analyze the message using heuristics utilizing one or more text based 419 identification parameters; if, as a result of the analysis of the message by the 419 text-based heuristic filter stage, the message is determined to be a potential 419 message, removing the message from further processing by the computing system implemented process for identifying 419 messages in a live message stream; if, as a result of the analysis of the message by 419 text-based heuristic filter stage, the message is not determined to be a potential 419 message, transferring the message to one or more metadata creating heuristic filter stages, the one or more metadata creating heuristic filter stages using one or more processors associated with one or more computing systems to analyze the message and generate a metadata set including one or more metadata entries associated with the message; transferring the message and the metadata set including one or more metadata entries associated with the message to a metadata analysis stage, the metadata analysis stage using one or more processors associated with one or more computing systems to analyze the metadata set including one or more metadata entries associated with the message using heuristics utilizing one or more metadata-based 419 message identification parameters; if, as a result of the analysis of the message by the metadata analysis stage, the message is not determined to be a potential 419 message, removing the message from further processing by the computing system implemented process for identifying 419 messages in a live message stream; if, as a result of the analysis of the message by the metadata analysis stage, the message is determined to be a potential 419 message, using one or more processors associated with one or more computing systems to transform data indicating a status of the message determined to be a potential 419 message to data indicating the message is a potential 419 message; using one or more processors associated with one or more computing systems to analyze the potential 419 message to identify one or more potential 419 message parameters associated with the message; using one or more processors associated with one or more computing systems to transform data representing the one or more potential 419 message parameters associated with the message to data representing one or more feedback-based 419 message parameters; and using one or more processors associated with one or more computing systems to transfer the data representing one or more feedback-based 419 message parameters to the dynamic feedback-based heuristic filter stage of the anti-spam pipeline for use with one or more heuristics. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computing system implemented process for identifying 419 messages in a live message stream comprising:
-
subjecting a message from a live message stream directed to a user computing system to an anti-spam pipeline, the anti-spam pipeline including; a whitelist filter stage, the whitelist filter stage using one or more processors associated with one or more computing systems to analyze the message using heuristics utilizing one or more potential legitimate message parameters; if, as a result of the analysis of the message by the whitelist filter stage, the message is determined to be a potential legitimate message, removing the message from further processing by the computing system implemented process for identifying 419 messages in a live message stream; if, as a result of the analysis of the message by whitelist filter stage, the message is not determined to be a potential legitimate message, transferring the message to a dynamic feedback-based heuristic filter stage, the dynamic feedback-based heuristic filter stage using one or more processors associated with one or more computing systems to analyze the message using heuristics utilizing one or more feedback-based potential 419 message parameters obtained from actual 419 messages identified by historical applications of the process for identifying 419 messages in a live message stream; if, as a result of the analysis of the message by the dynamic feedback-based heuristic filter stage, the message is determined to be a potential 419 message, removing the message from further processing by the computing system implemented process for identifying 419 messages in a live message stream; if, as a result of the analysis of the message by the dynamic feedback-based heuristic filter stage, the message is not determined to be a potential 419 message, transferring the message to a 419 text-based heuristic filter stage, the 419 text-based heuristic filter stage using one or more processors associated with one or more computing systems to analyze the message using heuristics utilizing one or more text based 419 identification parameters; if, as a result of the analysis of the message by the 419 text-based heuristic filter stage, the message is determined to be a potential 419 message, removing the message from further processing by the computing system implemented process for identifying 419 messages in a live message stream; if, as a result of the analysis of the message by 419 text-based heuristic filter stage, the message is not determined to be a potential 419 message, transferring the message to one or more metadata creating heuristic filter stages, the one or more metadata creating heuristic filter stages using one or more processors associated with one or more computing systems to analyze the message and generate a metadata set including one or more metadata entries associated with the message; transferring the message and the metadata set including one or more metadata entries associated with the message to a metadata analysis stage, the metadata analysis stage using one or more processors associated with one or more computing systems to analyze the metadata set including one or more metadata entries associated with the message using heuristics utilizing one or more metadata-based 419 message identification parameters; if, as a result of the analysis of the message by the metadata analysis stage, the message is not determined to be a potential 419 message, removing the message from further processing by the computing system implemented process for identifying 419 messages in a live message stream; if, as a result of the analysis of the message by the metadata analysis stage, the message is determined to be a potential 419 message, using one or more processors associated with one or more computing systems to transform data indicating a status of the message determined to be a potential 419 message to data indicating the message is a potential 419 message; using one or more processors associated with one or more computing systems to analyze the potential 419 message to identify one or more potential 419 message parameters associated with the message; using one or more processors associated with one or more computing systems to transform data representing the one or more potential 419 message parameters associated with the message to data representing one or more feedback-based 419 message parameters; and using one or more processors associated with one or more computing systems to transfer the data representing one or more feedback-based 419 message parameters to the dynamic feedback-based heuristic filter stage of the anti-spam pipeline for use with one or more heuristics. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for identifying 419 messages in a live message stream comprising:
-
a user computing system; a live message stream; a message in the live message stream directed to the user computing system; and one or more processors associated with one or more computing systems, the one or more processors implementing an anti-spam pipeline, the anti-spam pipeline including; a dynamic feedback-based heuristic filter stage, the dynamic feedback-based heuristic filter stage using one or more of the one or more processors associated with one or more computing systems to analyze the message using heuristics utilizing one or more feedback-based potential 419 message parameters obtained from actual 419 messages identified by historical uses of the anti-spam pipeline; a 419 text-based heuristic filter stage, the 419 text-based heuristic filter stage using one or more of the one or more processors associated with one or more computing systems to analyze the message using heuristics utilizing one or more text based 419 identification parameters; and one or more metadata creating heuristic filter stages, the one or more metadata creating heuristic filter stages using one or more of the one or more processors associated with one or more computing systems to analyze the message and generate a metadata set including one or more metadata entries associated with the message. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification