Protecting electronic assets using false profiles in social networks
First Claim
1. A method of protecting a secure network from malicious communications, the method comprising:
- configuring, on the secure network, receiving circuitry to identify communications that include a particular user identifier;
storing the particular user identifier in a server remote from the secure network;
receiving, at the secure network, a particular communication;
verifying, by the receiving circuitry, whether the particular communication includes the particular user identifier;
issuing an alert when the particular communication includes the particular user identifier;
not issuing the alert when the particular communication does not include the particular user identifier, wherein the server hosts a website of a social network and maps values of the user identifier corresponding to each employee of the set of employees to an employee profile on the social network;
wherein storing the particular user identifier includes;
sending the particular user identifier to the server, the server generating an employee profile of a false employee on the social network from the particular user identifierwherein the particular communication that includes the particular user identifier is sent by a malicious user and further includes identification information identifying the malicious user; and
wherein the method further comprises;
extracting the identification information identifying the malicious user; and
issuing the alert upon receiving communications that include the identification information identifying the malicious user.
9 Assignments
0 Petitions
Accused Products
Abstract
An improved technique utilizes a honeypot-style seeding of synthetic user identifiers which, if used by spear-phishing intruders, enable easy discovery of the intruders. Along these lines, an administrator of a network constructs false employee profiles on a social network with the intent of intercepting any email to that employee. Such employee profiles correspond to no actual employee of the corporation, but are in fact synthetic entities designed to appear to be an actual employee. These profiles contain identifiers that describe the employee, such as a name, position within the corporation, telephone number, educational background, past positions, and social connections. The administrator configures a receiver at the corporate network to block from entering the secure network emails that include references to any of these identifiers.
-
Citations
19 Claims
-
1. A method of protecting a secure network from malicious communications, the method comprising:
-
configuring, on the secure network, receiving circuitry to identify communications that include a particular user identifier; storing the particular user identifier in a server remote from the secure network; receiving, at the secure network, a particular communication; verifying, by the receiving circuitry, whether the particular communication includes the particular user identifier; issuing an alert when the particular communication includes the particular user identifier; not issuing the alert when the particular communication does not include the particular user identifier, wherein the server hosts a website of a social network and maps values of the user identifier corresponding to each employee of the set of employees to an employee profile on the social network; wherein storing the particular user identifier includes;
sending the particular user identifier to the server, the server generating an employee profile of a false employee on the social network from the particular user identifierwherein the particular communication that includes the particular user identifier is sent by a malicious user and further includes identification information identifying the malicious user; and wherein the method further comprises;
extracting the identification information identifying the malicious user; and
issuing the alert upon receiving communications that include the identification information identifying the malicious user. - View Dependent Claims (2, 3, 4, 5, 17, 18, 19)
-
-
6. A system constructed and arranged to protect a secure network from malicious communications, the system comprising:
-
a network interface; memory; and a controller including receiving circuitry and controlling circuitry coupled to the memory, the controlling circuitry being constructed and arranged to; configure, on the secure network, receiving circuitry to identify communications that include a particular user identifier; store the particular user identifier in a server remote from the secure network; receive, at the secure network, a particular communication; cause the receiving circuitry to verify whether the particular communication includes the particular user identifier; issue an alert when the particular communication includes the particular user identifier; not issue the alert when the particular communication does not include the particular user identifier wherein the server hosts a website of a social network and maps values of the user identifier corresponding to the employee of the set of employees to an employee profile on the social network; and wherein storing the particular user identifier includes;
sending the particular user identifier to the server, the server generating an employee profile of a false employee on the social network from the particular user identifierwherein the particular communication that includes the particular user identifier is sent by a malicious user and further includes identification information identifying the malicious user; and wherein the method further comprises;
extracting the identification information identifying the malicious user; and
issuing the alert upon receiving communications that include the identification information identifying the malicious user. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A computer program product having a non-transitory, computer-readable storage medium which stores code to protect a secure network from malicious communications, the code including instructions to:
-
configure, on the secure network, receiving circuitry to identify communications that include a particular user identifier; store the particular user identifier in a server remote from the secure network; receive, at the secure network, a particular communication; verify, by the receiving circuitry, whether the particular communication includes the particular user identifier; issue an alert when the particular communication includes the particular user identifier; not issue the alert when the particular communication does not include the particular user identifier wherein the server hosts a website of a social network and maps values of the user identifier corresponding to the employee of the set of employees to an employee profile on the social network; and wherein storing the particular user identifier includes;
sending the particular user identifier to the server, the server generating an employee profile of a false employee on the social network from the particular user identifierwherein the particular communication that includes the particular user identifier is sent by a malicious user and further includes identification information identifying the malicious user; and wherein the method further comprises;
extracting the identification information identifying the malicious user; and
issuing the alert upon receiving communications that include the identification information identifying the malicious user. - View Dependent Claims (13, 14, 15, 16)
-
Specification