System and method for monitoring social engineering in a computer network environment

US 8,645,478 B2
Filed: 12/10/2009
Issued: 02/04/2014
Est. Priority Date: 12/10/2009
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

providing a memory component with one or more alternative email entries associated with a plurality of name records representing one or more authorized users of a network;

identifying a recipient email address in an outgoing email message from the network if a username of the recipient email address includes an identifiable portion of one of the plurality of name records, wherein the outgoing email message is being sent to the recipient email address from one of a plurality of official email addresses associated with the network, and wherein the identifiable portion of the one of the name records includes at least a first character of a first name and at least the smaller one of a last name and a first five characters of the last name;

populating the memory component with a new alternative email entry corresponding to the identified recipient email address;

determining whether any of the one or more alternative email entries corresponds to a sender email address in an incoming email message being sent from the sender email address to at least one of the plurality of official email addresses associated with the network;

identifying the sender email address if a username of the sender email address includes another identifiable portion of one of the plurality of name records; and

tagging the incoming email message with a flag if none of the one or more alternative email entries corresponds to the identified sender email address.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method in one example implementation includes providing a memory component with one or more alternative email entries associated with a plurality of name records. The name records represent one or more authorized users of a network. The method further includes determining whether any of the one or more alternative email entries corresponds to a sender email address in an incoming email message, where the incoming email message is being sent from the sender email address to at least one official email address associated with the network. In more specific embodiments the method includes tagging the incoming email message with a first or second flag depending on whether any of the one or more alternative email entries corresponds to the sender email address and whether a username of the sender email address includes an identifiable portion of one of the plurality of name records.

24 Citations

View as Search Results

14 Claims

1. A method, comprising:
- providing a memory component with one or more alternative email entries associated with a plurality of name records representing one or more authorized users of a network;
  
  identifying a recipient email address in an outgoing email message from the network if a username of the recipient email address includes an identifiable portion of one of the plurality of name records, wherein the outgoing email message is being sent to the recipient email address from one of a plurality of official email addresses associated with the network, and wherein the identifiable portion of the one of the name records includes at least a first character of a first name and at least the smaller one of a last name and a first five characters of the last name;
  
  populating the memory component with a new alternative email entry corresponding to the identified recipient email address;
  
  determining whether any of the one or more alternative email entries corresponds to a sender email address in an incoming email message being sent from the sender email address to at least one of the plurality of official email addresses associated with the network;
  
  identifying the sender email address if a username of the sender email address includes another identifiable portion of one of the plurality of name records; and
  
  tagging the incoming email message with a flag if none of the one or more alternative email entries corresponds to the identified sender email address.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
    - tagging the incoming email message with a different flag if any of the one or more alternative email entries in the memory component corresponds to the sender email address.
  - 3. The method of claim 1, wherein a plurality of the alternative email entries is associated with one of the name records.
  - 4. The method of claim 1,wherein each of the plurality of official email addresses is associated with at least one of the name records, andwherein the memory component will be populated with the new alternative email entry only if the official email address sending the outgoing email message is associated with the one of the plurality of name records with the identifiable portion included in the username of the recipient email address.
  - 5. The method of claim 1, wherein if the memory component contains an existing alternative email entry corresponding to the recipient email address then the memory component is not populated with the new alternative email entry.
  - 6. The method of claim 1, further comprising:
    - mapping the new alternative email entry to a tracking entry corresponding to the official email address sending the outgoing email message.

7. Logic encoded in one or more tangible, non-transitory media that includes code for execution and when executed by one or more processors is operable to perform operations comprising:
- providing a memory component with one or more alternative email entries associated with a plurality of name records representing one or more authorized users of a network, and wherein the identifiable portion of the one of the name records includes at least a first character of a first name and at least the smaller one of a last name and a first five characters of the last name;
  
  identifying a recipient email address in an outgoing email message from the network if a username of the recipient email address includes an identifiable portion of one of the plurality of name records, wherein the outgoing email message is being sent to the recipient email address from one of a plurality of official email addresses associated with the network;
  
  populating the memory component with a new alternative email entry corresponding to the identified recipient email address; and
  
  determining whether any of the one or more alternative email entries corresponds to a sender email address in an incoming email message being sent from the sender email address to at least one of the plurality of official email addresses associated with the network;
  
  identifying the sender email address if a username of the sender email address includes another identifiable portion of one of the plurality of name records; and
  
  tagging the incoming email message with a flag if none of the one or more alternative email entries corresponds to the identified sender email address.
- View Dependent Claims (8, 9, 10)
- - 8. The logic of claim 7, the one or more processors being operable to perform operations further comprising:
    - tagging the incoming email message with a different flag if any of the one or more alternative email entries in the memory component corresponds to the sender email address.
  - 9. The logic of claim 7,wherein each of the plurality of official email addresses is associated with at least one of the name records, andwherein the memory component will be populated with the new alternative email entry only if the official email address sending the outgoing email message is associated with the one of the plurality of name records with the identifiable portion included in the username of the recipient email address.
  - 10. The logic of claim 7, further comprising:
    - mapping the new alternative email entry to a tracking entry corresponding to the official email address sending the outgoing email message.

11. An apparatus, comprising:
- a memory component including one or more alternative email entries associated with a plurality of name records representing one or more authorized users of a network; and
  
  one or more processors operable to execute instructions for monitoring social engineering in a network, including;
  
  identifying a recipient email address in an outgoing email message from the network if a username of the recipient email address includes an identifiable portion of one of the plurality of name records, wherein the outgoing email message is being sent to the recipient email address from one of a plurality of official email addresses associated with the network, and wherein the identifiable portion of the one of the name records includes at least a first character of a first name and at least the smaller one of a last name and a first five characters of the last name;
  
  populating the memory component with a new alternative email entry corresponding to the identified recipient email address; and
  
  determining whether any of the one or more alternative email entries corresponds to a sender email address in an incoming email message being sent from the sender email address to at least one of the plurality of official email addresses associated with the network;
  
  identifying the sender email address if a username of the sender email address includes another identifiable portion of one of the plurality of name records; and
  
  tagging the incoming email message with a flag if none of the one or more alternative email entries corresponds to the identified sender email address.
- View Dependent Claims (12, 13, 14)
- - 12. The apparatus of claim 11, wherein the one or more processors are operable to execute instructions further comprising:
    - tagging the incoming email message with a different flag if any of the one or more alternative email entries in the memory component corresponds to the sender email address.
  - 13. The apparatus of claim 11,wherein each of the plurality of official email addresses is associated with at least one of the name records, andwherein the memory component will be populated with the new alternative email entry only if the official email address sending the outgoing email message is associated with the one of the plurality of name records with the identifiable portion included in the username of the recipient email address.
  - 14. The apparatus of claim 11, wherein the one or more processors are operable to execute instructions further comprising:
    - mapping the new alternative email entry to a tracking entry corresponding to the official email address sending the outgoing email message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Gaddala, Satish Kumar
Primary Examiner(s)
Nguyen, Tammy

Application Number

US12/634,945
Publication Number

US 20130246537A1
Time in Patent Office

1,517 Days
Field of Search

709/206, 709/203, 709/224, 709/217, 379/142.01, 379/207.02, 713/152
US Class Current

709/206
CPC Class Codes

G06Q 10/107 Computer-aided management o...

G06Q 50/01 Social networking

System and method for monitoring social engineering in a computer network environment

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for monitoring social engineering in a computer network environment

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links