×

System and method for electronic message analysis for phishing detection

  • US 8,566,938 B1
  • Filed: 11/05/2012
  • Issued: 10/22/2013
  • Est. Priority Date: 11/05/2012
  • Status: Active Grant
First Claim
Patent Images

1. A server implemented method for analyzing electronic messages for phishing detection, comprising:

  • receiving, by the server, an email message by a recipient/recipient organization from a sender/sender organization;

    obtaining, by the server, email characteristics by parsing the received email message based on a set of predetermined email characteristics;

    comparing, by the server, the email characteristics of the received email message with the email characteristics associated with the recipient/recipient organization, and/or the sender/sender organization;

    declaring, by the server, the received email message by the recipient/recipient organization as a phishing electronic message based on the outcome of the comparison;

    wherein the email characteristics are selected from the group consisting of network path used to reach a recipient/recipient organization, geography associated with IP address, email client software used by the sender/sender organization, email client software version used by the sender/sender organization, date, day of week, time, time period of the email, time zone of the sender/sender organization, presence and details of digital signatures in the email, meta data present in header portion of the email, character set used in content of the email, format of the email, email length and subject length, character case of the email, character case of the subject, style of introduction at the top of the email, style and content of the sender/sender organization'"'"'s signature in the body of the email, other recipient/recipient organizations included in the email, to, and copy circulated (cc'"'"'d) email addresses, sender/sender organizations name, sender/sender organizations from and reply to email address, senders organization name, senders domain name, sender'"'"'s organization'"'"'s Domain Name Service (DNS) settings including SPF records, sender organization'"'"'s mail server information, including server ip address, sender/sender organization server network path, sender/sender organization email server software and software version. DKIM signature, spam scoring from spam software, message ID, volume of email sent by the sender/sender organization, volume of email sent by sender'"'"'s organization, volume of email received by the recipient, volume of email received by recipient organization, details associated with URLs or attachments in the email, whether the recipient/recipient organization has responded to this specific email, and number of interactions between sender and recipient associated with the email and the like; and

    allowing an administrator to select desired email characteristics to be included in the set of characteristics used for comparing the characteristics of the received email message and to assign a weight of how much each characteristic should influence the likelihood that a new message is a phishing message.

View all claims
  • 6 Assignments
Timeline View
Assignment View
    ×
    ×