User reporting and automatic threat processing of suspicious email
First Claim
1. A method comprising:
- at an email client configured to execute on a host computer device, receiving one or more email messages in connection with a user account associated with an email address;
displaying the received one or more email messages and a user selectable icon to report suspicious email; and
receiving user selections of the icon and an associated suspicious email message among the received one or more email messages, and responsive to the selections, automatically performing suspicious email threat processing on the selected suspicious email message, the automatically performing including;
collecting information from the host computer device, the user account, and the email message, the information including a user account name, an Internet Protocol (IP) address of the host, a number of file attachments of the email and a name of each file attachment, and hyperlinks and Uniform Resource Locators (URLs) embedded in the email message;
determining an initial threat priority for the email message based on the collected information;
generating threat indicators based at least on each file attachment of the email message, if any;
determining malware, if any, in the email message based on the threat indicators and the collected information; and
creating an event ticket for the suspicious email message having fields populated based on the collected information, the initial threat priority, and the determined malware.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer device displays email messages received in connection with a user account and a user selectable icon to report suspicious email. The computer device receives user selections of the icon and an associated suspicious email message among the received email messages. Responsive to the selection, the computer device automatically collects information from the host, the user account, and the email message, determines an initial threat priority for the email message based on the collected information, generates threat indicators based at least on each file attachment of the email message, if any, determines malware, if any, in the email message based on the threat indicators, and creates an event ticket for the suspicious email message having fields populated based on the collected information, the initial threat priority, the threat indicators, and the determined malware.
26 Citations
26 Claims
-
1. A method comprising:
-
at an email client configured to execute on a host computer device, receiving one or more email messages in connection with a user account associated with an email address; displaying the received one or more email messages and a user selectable icon to report suspicious email; and receiving user selections of the icon and an associated suspicious email message among the received one or more email messages, and responsive to the selections, automatically performing suspicious email threat processing on the selected suspicious email message, the automatically performing including; collecting information from the host computer device, the user account, and the email message, the information including a user account name, an Internet Protocol (IP) address of the host, a number of file attachments of the email and a name of each file attachment, and hyperlinks and Uniform Resource Locators (URLs) embedded in the email message; determining an initial threat priority for the email message based on the collected information; generating threat indicators based at least on each file attachment of the email message, if any; determining malware, if any, in the email message based on the threat indicators and the collected information; and creating an event ticket for the suspicious email message having fields populated based on the collected information, the initial threat priority, and the determined malware. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus comprising:
-
a network interface unit configured to send and receive communications including email messages over a network; and a processor coupled to the network interface unit and the display, and configured to;
receive at an email client one or more email messages in connection with a user account associated with an email address;display the received one or more email messages and a user selectable icon to report suspicious email; and receive user selections of the icon and an associated suspicious email message among the received one or more email messages, and responsive to the selections, automatically perform suspicious email threat processing on the selected suspicious email message, wherein the processor is further configured to; collect information from the apparatus, the user account, and the email message, the information including a user account name, an Internet Protocol (IP) address of the host, a number of file attachments of the email and a name of each file attachment, and hyperlinks and Uniform Resource Locators (URLs) embedded in the email message; determine an initial threat priority for the email message based on the collected information; generate threat indicators based at least on each file attachment of the email message, if any; determine malware, if any, in the email message based on the threat indicators; and create an event ticket for the suspicious email message having fields populated based on the collected information, the initial threat priority, the threat indicators, and the determined malware. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory processor readable medium storing instructions that,
when executed by a processor, cause the processor to: -
at an email client configured to execute on a host computer device, receive one or more email messages in connection with a user account associated with an email address; display the received one or more email messages and a user selectable icon to report suspicious email; and receive user selections of the icon and an associated suspicious email message among the received email messages, and responsive to the selections, automatically perform suspicious email threat processing on the selected suspicious email message, the instructions to cause the processor to automatically perform including instructions to cause the processor to; collect information from the host computer device, the user account, and the email message, the information including a user account name, an Internet Protocol (IP) address of the host, a number of file attachments of the email and a name of each file attachment, and hyperlinks and Uniform Resource Locators (URLs) embedded in the email message; determine an initial threat priority for the email message based on the collected information; generate threat indicators based at least on each file attachment of the email message, if any; determine malware, if any, in the email message based on the threat indicators; and create an event ticket for the suspicious email message having fields populated based on the collected information, the initial threat priority, the threat indicators, and the determined malware. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. A system comprising:
-
a first computer device configured to; at an email client configured to execute on the first computer device, receive one or more email messages in connection with a user account associated with an email address; display the received one or more email messages and a user selectable icon to report suspicious email; and receive user selections of the icon and an associated suspicious email message among the received one or more email messages, and responsive to the selections, automatically perform suspicious email threat processing on the selected suspicious email message; collect information from the first computer device, the user account, and the email message, the information including a user account name, an Internet Protocol (IP) address of the host, a number of file attachments of the email and a name of each file attachment, and hyperlinks and Uniform Resource Locators (URLs) embedded in the email message; create a first analysis results email message including the collected information, the email message, and files attached to the email, if any; and send the first analysis results email message to a first predetermined email address. - View Dependent Claims (25, 26)
-
Specification