Identifying e-mail security threats
First Claim
Patent Images
1. A method comprising:
- receiving, by one or more processors of a computing device and from one or more social-network servers, social-network data that identifies at least one potentially malicious source accessing a plurality of social-network profiles for a group of users, wherein the social-network data comprises page-view information associated with accessed social-network profiles of the plurality of social-network profiles;
upon determining that a count of the accessed social-network profiles exceeds a threshold level, generating, by the one or more processors and based on the social-network data, a source profile associated with the at least one potentially malicious source;
receiving, by the one or more processors and from one or more e-mail servers, e-mail data associated with a plurality of e-mail messages received by the group of users;
determining, by the one or more processors and based on the e-mail data and the source profile, that an e-mail message of the plurality of e-mail messages is from the at least one potentially malicious source; and
outputting, by the one or more processors, information identifying the e-mail message as being from the potentially malicious source.
1 Assignment
0 Petitions
Accused Products
Abstract
One or more processors receive, from one or more social-network sources, social-network data that identifies at least one potentially malicious source accessing a plurality of social-network profiles for a group of users. The one or more processors receive, from one or more e-mail servers, e-mail data associated with a plurality of e-mail messages received by the group of users. The one or more processors determine, based on the social-network data and the e-mail data, that an e-mail message of the plurality of e-mail messages is from the at least one potentially malicious source. The one or more processors output information identifying the e-mail message as being from the potentially malicious source.
29 Citations
17 Claims
-
1. A method comprising:
-
receiving, by one or more processors of a computing device and from one or more social-network servers, social-network data that identifies at least one potentially malicious source accessing a plurality of social-network profiles for a group of users, wherein the social-network data comprises page-view information associated with accessed social-network profiles of the plurality of social-network profiles; upon determining that a count of the accessed social-network profiles exceeds a threshold level, generating, by the one or more processors and based on the social-network data, a source profile associated with the at least one potentially malicious source; receiving, by the one or more processors and from one or more e-mail servers, e-mail data associated with a plurality of e-mail messages received by the group of users; determining, by the one or more processors and based on the e-mail data and the source profile, that an e-mail message of the plurality of e-mail messages is from the at least one potentially malicious source; and outputting, by the one or more processors, information identifying the e-mail message as being from the potentially malicious source. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computing device comprising:
-
one or more storage unit devices; and one or more hardware processors in communication with the storage unit devices and configured to; receive, from one or more social-network sources, social-network data that identifies at least one potentially malicious source accessing a plurality of social-network profiles for a group of users, wherein the social-network data comprises page-view information associated with accessed social-network profiles of the plurality of social-network profiles; upon determining that a count of the accessed social-network profiles exceeds a threshold level, generate, based on the social-network data, a source profile associated with the at least one potentially malicious source; receive, from one or more e-mail servers, e-mail data associated with a plurality of e-mail messages received by the group of users; determine, based on the e-mail data and the source profile, that an e-mail message of the plurality of e-mail messages is from the at least one potentially malicious source; and output information identifying the e-mail message as being from the potentially malicious source. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable storage medium having stored thereon instructions that, when executed, cause a processor to:
-
receive, from one or more social-network sources, social-network data that identifies at least one potentially malicious source accessing a plurality of social-network profiles for a group of users, wherein the social-network data comprises page-view information associated with accessed social-network profiles of the plurality of social-network profiles; upon determining that a count of the accessed social-network profiles exceeds a threshold level, generate, based on the social-network data, a source profile associated with the at least one potentially malicious source; receive, from one or more e-mail servers, e-mail data associated with a plurality of e-mail messages received by the group of users; determine, based on the e-mail data and the source profile, that an e-mail message of the plurality of e-mail messages is from the at least one potentially malicious source; and output information identifying the e-mail message as being from the potentially malicious source. - View Dependent Claims (16, 17)
-
Specification