Suspicious message processing and incident response
First Claim
Patent Images
1. A computerized method for message processing, comprising:
- generating a simulated phishing message for use in a simulation platform, the message comprising an identifier in the message or in metadata of the message, wherein the simulated phishing message is a non-malicious message that resembles a phishing attack, and wherein the identifier is encrypted or encoded by the simulation platform;
receiving a notification triggered by a user action by an individual that a message delivered in an account associated with the individual has been identified by the individual as a possible phishing attack;
providing a computer-executable instructions for a messaging client at, the computer-executable instructions configurable for determining whether the delivered message is a known simulated phishing attack based on the encrypted or encoded identifier of the delivered message;
when the delivered message is determined not to be a known simulated phishing attack based on the encrypted or encoded identifier, then;
receiving the delivered message at the simulation platform;
processing the delivered message at the simulation platform according to a set of electronically stored rules to determine whether the delivered message or attachment data of the delivered message contains defined textual or binary patterns associated with a threat;
assigning a priority to the delivered message based on a likelihood of the delivered message being a real phishing attack;
associating the delivered message with a message cluster based on the processing according to the rules, the message cluster being defined as a group of messages having at least one characteristic in common with the delivered message; and
displaying a graphical representation of the message cluster, each of the group of messages displayed having been determined not to be a known simulated phishing attack.
7 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to methods, network devices, and machine-readable media for an integrated environment for automated processing of reports of suspicious messages, and furthermore, to a network for distributing information about detected phishing attacks.
-
Citations
30 Claims
-
1. A computerized method for message processing, comprising:
-
generating a simulated phishing message for use in a simulation platform, the message comprising an identifier in the message or in metadata of the message, wherein the simulated phishing message is a non-malicious message that resembles a phishing attack, and wherein the identifier is encrypted or encoded by the simulation platform; receiving a notification triggered by a user action by an individual that a message delivered in an account associated with the individual has been identified by the individual as a possible phishing attack; providing a computer-executable instructions for a messaging client at, the computer-executable instructions configurable for determining whether the delivered message is a known simulated phishing attack based on the encrypted or encoded identifier of the delivered message; when the delivered message is determined not to be a known simulated phishing attack based on the encrypted or encoded identifier, then; receiving the delivered message at the simulation platform; processing the delivered message at the simulation platform according to a set of electronically stored rules to determine whether the delivered message or attachment data of the delivered message contains defined textual or binary patterns associated with a threat; assigning a priority to the delivered message based on a likelihood of the delivered message being a real phishing attack; associating the delivered message with a message cluster based on the processing according to the rules, the message cluster being defined as a group of messages having at least one characteristic in common with the delivered message; and displaying a graphical representation of the message cluster, each of the group of messages displayed having been determined not to be a known simulated phishing attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification