Identifying e-mail security threats

US 9,967,268 B1
Filed: 04/19/2016
Issued: 05/08/2018
Est. Priority Date: 04/19/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by one or more processors of a computing device and from one or more social-network servers, social-network data that identifies at least one potentially malicious source accessing a plurality of social-network profiles for a group of users, wherein the social-network data comprises page-view information associated with accessed social-network profiles of the plurality of social-network profiles;

upon determining that a count of the accessed social-network profiles exceeds a threshold level, generating, by the one or more processors and based on the social-network data, a source profile associated with the at least one potentially malicious source;

receiving, by the one or more processors and from one or more e-mail servers, e-mail data associated with a plurality of e-mail messages received by the group of users;

determining, by the one or more processors and based on the e-mail data and the source profile, that an e-mail message of the plurality of e-mail messages is from the at least one potentially malicious source; and

outputting, by the one or more processors, information identifying the e-mail message as being from the potentially malicious source.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One or more processors receive, from one or more social-network sources, social-network data that identifies at least one potentially malicious source accessing a plurality of social-network profiles for a group of users. The one or more processors receive, from one or more e-mail servers, e-mail data associated with a plurality of e-mail messages received by the group of users. The one or more processors determine, based on the social-network data and the e-mail data, that an e-mail message of the plurality of e-mail messages is from the at least one potentially malicious source. The one or more processors output information identifying the e-mail message as being from the potentially malicious source.

29 Citations

View as Search Results

17 Claims

1. A method comprising:
- receiving, by one or more processors of a computing device and from one or more social-network servers, social-network data that identifies at least one potentially malicious source accessing a plurality of social-network profiles for a group of users, wherein the social-network data comprises page-view information associated with accessed social-network profiles of the plurality of social-network profiles;
  
  upon determining that a count of the accessed social-network profiles exceeds a threshold level, generating, by the one or more processors and based on the social-network data, a source profile associated with the at least one potentially malicious source;
  
  receiving, by the one or more processors and from one or more e-mail servers, e-mail data associated with a plurality of e-mail messages received by the group of users;
  
  determining, by the one or more processors and based on the e-mail data and the source profile, that an e-mail message of the plurality of e-mail messages is from the at least one potentially malicious source; and
  
  outputting, by the one or more processors, information identifying the e-mail message as being from the potentially malicious source.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprisingstoring the source profile in one or more databases.
  - 3. The method of claim 1,wherein the social-network data comprises profile-content information associated with accessed social-network profiles of the plurality of social-network profiles;
    - andwherein determining that the e-mail message is from the at least one potentially malicious source comprises comparing information included in the e-mail message with the profile-content information.
  - 4. The method of claim 1, wherein determining that the e-mail message is from the at least one potentially malicious source comprises:
    - identifying at least one Internet Protocol (IP) address associated with the at least one potentially malicious source based on the social-network data; and
      
      determining that the e-mail message is sent from the at least one IP address associated with the at least one potentially malicious source.
  - 5. The method of claim 1, wherein outputting the information identifying the e-mail message as being from the potentially malicious source comprises indicating a type of processing for the e-mail message, wherein the type of processing comprises one of blocking, filtering, highlighting, or labeling the e-mail message.
  - 6. The method of claim 1, wherein the social-network data comprises relationship information associating a first one of the plurality of social-network profiles with a second one of the plurality of social-network profiles.
  - 7. The method of claim 1, wherein the plurality of social-network profiles comprise profiles from at least one of:
    - a company directory;
      
      ora public social-network website.

8. A computing device comprising:
- one or more storage unit devices; and
  
  one or more hardware processors in communication with the storage unit devices and configured to;
  
  receive, from one or more social-network sources, social-network data that identifies at least one potentially malicious source accessing a plurality of social-network profiles for a group of users, wherein the social-network data comprises page-view information associated with accessed social-network profiles of the plurality of social-network profiles;
  
  upon determining that a count of the accessed social-network profiles exceeds a threshold level, generate, based on the social-network data, a source profile associated with the at least one potentially malicious source;
  
  receive, from one or more e-mail servers, e-mail data associated with a plurality of e-mail messages received by the group of users;
  
  determine, based on the e-mail data and the source profile, that an e-mail message of the plurality of e-mail messages is from the at least one potentially malicious source; and
  
  output information identifying the e-mail message as being from the potentially malicious source.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computing device of claim 8, wherein the one or more hardware processors are further configured tostore the source profile in one or more databases.
  - 10. The computing device of claim 8,wherein the social-network data comprises profile-content information associated with accessed social-network profiles of the plurality of social-network profiles;
    - andwherein the one or more hardware processors are further configured to determine that the e-mail message is from the at least one potentially malicious source by comparing information included in the e-mail message with the profile-content information.
  - 11. The computing device of claim 8, wherein, to determine that the e-mail message is from the at least one potentially malicious source, the one or more hardware processors are further configured to:
    - identify at least one Internet Protocol (IP) address associated with the at least one potentially malicious source based on the social-network data; and
      
      determine that the e-mail message is sent from the at least one IP address associated with the at least one potentially malicious source.
  - 12. The computing device of claim 8, wherein, to output the information identifying the e-mail message as being from the potentially malicious source, the one or more hardware processors are further configured to indicate a type of processing for the e-mail message, wherein the type of processing comprises one of blocking, filtering, highlighting, or labeling the e-mail message.
  - 13. The computing device of claim 8, wherein the social-network data comprises relationship information associating a first one of the plurality of social-network profiles with a second one of the plurality of social-network profiles.
  - 14. The computing device of claim 8, wherein the plurality of social-network profiles comprises profiles from at least one of:
    - a company directory;
      
      ora public social-network website.

15. A non-transitory computer-readable storage medium having stored thereon instructions that, when executed, cause a processor to:
- receive, from one or more social-network sources, social-network data that identifies at least one potentially malicious source accessing a plurality of social-network profiles for a group of users, wherein the social-network data comprises page-view information associated with accessed social-network profiles of the plurality of social-network profiles;
  
  upon determining that a count of the accessed social-network profiles exceeds a threshold level, generate, based on the social-network data, a source profile associated with the at least one potentially malicious source;
  
  receive, from one or more e-mail servers, e-mail data associated with a plurality of e-mail messages received by the group of users;
  
  determine, based on the e-mail data and the source profile, that an e-mail message of the plurality of e-mail messages is from the at least one potentially malicious source; and
  
  output information identifying the e-mail message as being from the potentially malicious source.
- View Dependent Claims (16, 17)
- - 16. The non-transitory computer-readable storage medium of claim 15, further having stored thereon instructions that, when executed, cause a processor tostore the source profile in one or more databases.
  - 17. The non-transitory computer-readable storage medium of claim 15,wherein the social-network data comprises profile-content information associated with accessed social-network profiles of the plurality of social-network profiles;
    - andwherein the non-transitory computer-readable storage medium further has stored thereon instructions that, when executed, cause the processor to determine that the e-mail message is from the at least one potentially malicious source by comparing information included in the e-mail message with the profile-content information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wells Fargo Bank NA (Wells Fargo & Company)
Original Assignee
Wells Fargo Bank NA (Wells Fargo & Company)
Inventors
Hewitt, Aimee J., Kaluzny, Joseph R., Rambo, Douglas C., Trudeau, Steven M., Hall, Bryan, Garner, IV, Andrew J.
Primary Examiner(s)
Chen, Eric

Application Number

US15/133,107
Time in Patent Office

749 Days
Field of Search

None
US Class Current
CPC Class Codes

G06Q 10/107   Computer-aided management o...

G06Q 50/01   Social networking

H04L 51/04   Real-time or near real-time...

H04L 51/212   using filtering or selectiv...

H04L 51/52   for supporting social netwo...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1483   service impersonation, e.g....

Identifying e-mail security threats

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Identifying e-mail security threats

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links