Method and system for assessing and classifying reported potentially malicious messages in a cybersecurity system
First Claim
1. A non-malicious message identification and classification system of a cybersecurity network, the system comprising:
- a cybersecurity server comprising a cybersecurity server processor and programming instructions configured to cause the cybersecurity server processor to generate simulated phishing messages and send the simulated phishing messages to a client computing device;
a computer-readable medium portion storing programming instructions that are configured to cause the client computing device to;
receive an electronic message via a communications network, andreceive a user notification that indicates that a user has reported the received message as a potentially malicious message; and
a computer-readable medium portion storing programming instructions that are configured to cause the client computing device or a remote computing device to;
determine whether the received message is a legitimate message or-a potentially malicious message,in response to determining that the received message is a legitimate message, further analyze the received message to assign a class from a set of available classes to the received message, wherein;
the available classes comprise a simulated phishing message class, a trusted internal sender class, and a trusted external sender class, andthe assigned class is the simulated phishing message class, the trusted internal sender class, or the trusted external sender class, andin response to receiving the user notification and determining that the received message is a legitimate message, cause the client computing device to output a prompt to the user so that the prompt indicates that the message is a legitimate message and is associated with the assigned class, wherein;
if the assigned class is the simulated phishing message class, then the prompt confirms that the user has properly reported the received message, andif the assigned class is either of the trusted internal sender class or the trusted external sender class, then the prompt conveys that the user has improperly reported the received message as a potentially malicious message so as to train the user.
7 Assignments
0 Petitions
Accused Products
Abstract
In a cybersecurity network, a system identifies and classifies non-malicious messages by receiving a user notification indicating that the user has reported a received message as potentially malicious message, and determining whether the received message is legitimate or potentially malicious. When the system determines that the message is a legitimate, it further analyzes the message to assign a class that may include trusted internal sender, trusted external sender, or training a simulated phishing message. It will then cause the user'"'"'s device to provide the user with information corresponding to the assigned class. The system may also quarantine a received message and release the message from the quarantine only after determining that the message is legitimate and receiving a user acknowledgment.
-
Citations
24 Claims
-
1. A non-malicious message identification and classification system of a cybersecurity network, the system comprising:
-
a cybersecurity server comprising a cybersecurity server processor and programming instructions configured to cause the cybersecurity server processor to generate simulated phishing messages and send the simulated phishing messages to a client computing device; a computer-readable medium portion storing programming instructions that are configured to cause the client computing device to; receive an electronic message via a communications network, and receive a user notification that indicates that a user has reported the received message as a potentially malicious message; and a computer-readable medium portion storing programming instructions that are configured to cause the client computing device or a remote computing device to; determine whether the received message is a legitimate message or-a potentially malicious message, in response to determining that the received message is a legitimate message, further analyze the received message to assign a class from a set of available classes to the received message, wherein; the available classes comprise a simulated phishing message class, a trusted internal sender class, and a trusted external sender class, and the assigned class is the simulated phishing message class, the trusted internal sender class, or the trusted external sender class, and in response to receiving the user notification and determining that the received message is a legitimate message, cause the client computing device to output a prompt to the user so that the prompt indicates that the message is a legitimate message and is associated with the assigned class, wherein; if the assigned class is the simulated phishing message class, then the prompt confirms that the user has properly reported the received message, and if the assigned class is either of the trusted internal sender class or the trusted external sender class, then the prompt conveys that the user has improperly reported the received message as a potentially malicious message so as to train the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of identifying and classifying a non-malicious messages in a cybersecurity reporting system, the method comprising:
-
by a client computing device, receiving an electronic message via a communications network; by the client computing device, receiving a user notification that indicates that a user has reported the received message as a potentially malicious message; by the client computing device or a remote computing device, implementing programming instructions that cause that computing device to; determine whether the received message is a legitimate message or a potentially malicious message, in response to determining that the received message is a legitimate message, further analyzing the received message to assign a class from a set of available classes to the received message, wherein; the available classes comprise a simulated phishing message class, a trusted internal sender class, and a trusted external sender class, and the assigned class is the simulated phishing message class, the trusted internal sender class, or the trusted external sender class, and in response to receiving the user notification and determining that the received message is a legitimate message, cause the client computing device to output a prompt to the user, wherein; the prompt indicates that the message is a legitimate message and is associated with the assigned class, if the assigned class is the simulated phishing message class, then the prompt confirms that the user has properly reported the received message, and if the assigned class is either of the trusted internal sender class or the trusted external sender class, then the prompt conveys that the user has improperly reported the received message as a potentially malicious message so as to train the user. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification