Protecting against suspect social entities

US 9,191,411 B2
Filed: 07/09/2014
Issued: 11/17/2015
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

scanning data that is maintained on multiple social networks, wherein scanning data that is maintained on multiple social networks comprises identifying, by one or more processors, data that is associated with a social entity, and wherein scanning data that is maintained on multiple social networks is performed on a continuous basis, without user initiation;

determining one or more characteristics of the identified data;

generating, for each of the one or more characteristics, a reference to the identified data that indicates the characteristic;

comparing one or more of the generated references to one or more stored references, wherein the one or more stored references are references to one or more characteristics associated with a protected user;

determining, based on an algorithmic comparison of the one or more generated references and the one or more stored references, a profile score for the suspect social entity, wherein determining the profile score comprises identifying a match between one or more of the generated references and one or more of the stored references, wherein the one or more generated references that are compared to the one or more stored references are dynamically determined, being selected from a group of generated references, and wherein the algorithmic comparison comprises;

determining one or more match scores by comparing the one or more generated references to the one or more stored references;

generating a weight for each match score; and

generating a weighted average based on the weighted match scores;

comparing the profile score for the suspect social entity determined by the algorithmic comparison to a threshold;

identifying the suspect social entity as an imposter of the protected social entity if the profile score exceeds the threshold;

monitoring the activity of the identified imposter across the multiple social networks, wherein monitoring the activity of the identified imposter comprises identifying data that is associated with the identified imposter;

determining that the identified data associated with the identified imposter is malicious;

generating an alert; and

providing the alert to the protected social entity.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes identifying data on a social network that is associated with a suspect social entity, and determining one or more characteristics of the identified data. A reference to the identified data is generated for each of the one or more characteristics. One or more of the generated references are compared to one or more stored references, where the one or more stored references are associated with a protected social entity. A profile score for the suspect social entity is determined based on the comparison. Determining the profile score includes identifying a match between one or more of the generated references and one or more of the stored references.

55 Citations

View as Search Results

22 Claims

1. A method comprising:
- scanning data that is maintained on multiple social networks, wherein scanning data that is maintained on multiple social networks comprises identifying, by one or more processors, data that is associated with a social entity, and wherein scanning data that is maintained on multiple social networks is performed on a continuous basis, without user initiation;
  
  determining one or more characteristics of the identified data;
  
  generating, for each of the one or more characteristics, a reference to the identified data that indicates the characteristic;
  
  comparing one or more of the generated references to one or more stored references, wherein the one or more stored references are references to one or more characteristics associated with a protected user;
  
  determining, based on an algorithmic comparison of the one or more generated references and the one or more stored references, a profile score for the suspect social entity, wherein determining the profile score comprises identifying a match between one or more of the generated references and one or more of the stored references, wherein the one or more generated references that are compared to the one or more stored references are dynamically determined, being selected from a group of generated references, and wherein the algorithmic comparison comprises;
  
  determining one or more match scores by comparing the one or more generated references to the one or more stored references;
  
  generating a weight for each match score; and
  
  generating a weighted average based on the weighted match scores;
  
  comparing the profile score for the suspect social entity determined by the algorithmic comparison to a threshold;
  
  identifying the suspect social entity as an imposter of the protected social entity if the profile score exceeds the threshold;
  
  monitoring the activity of the identified imposter across the multiple social networks, wherein monitoring the activity of the identified imposter comprises identifying data that is associated with the identified imposter;
  
  determining that the identified data associated with the identified imposter is malicious;
  
  generating an alert; and
  
  providing the alert to the protected social entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein the alert identifies the suspect social entity.
  - 3. The method of claim 1 wherein providing the alert to the protected social entity comprises providing a computer-based alert to the protected social entity.
  - 4. The method of claim 3 wherein providing a computer-based alert to the protected social entity comprises emailing the protected social entity.
  - 5. The method of claim 3 wherein providing a computer-based alert to the protected social entity comprises providing a web-based alert to the protected social entity.
  - 6. The method of claim 1 wherein the alert indicates fraud, impersonation, or social engineering.
  - 7. The method of claim 1, wherein the group of generated references includes generated references that indicate name, date of birth, gender, location, email address, education, and organization.
  - 8. The method of claim 1, wherein the one or more characteristics include an image, and wherein generating a reference to the image comprises deriving data from the image.
  - 9. The method of claim 8, wherein deriving data from the image comprises hashing the image for comparison.
  - 10. The method of claim 8, wherein deriving data from the image comprises determining one or more facial characteristics of an individual included in the image.
  - 11. The method of claim 1, wherein the algorithmic comparison comprises generation of a weighted average.

12. A system comprising:
- one or more processing devices; and
  
  one or more non-transitory computer-readable media coupled to the one or more processing devices having instructions stored thereon which, when executed by the one or more processing devices, cause the one or more processing devices to perform operations comprising;
  
  scanning data that is maintained on multiple social networks, wherein scanning data that is maintained on multiple social networks comprises identifying, by one or more processors, data that is associated with a social entity, and wherein scanning data that is maintained on multiple social networks is performed on a continuous basis, without user initiation;
  
  determining one or more characteristics of the identified data;
  
  generating, for each of the one or more characteristics, a reference to the identified data that indicates the characteristic;
  
  comparing one or more of the generated references to one or more stored references, wherein the one or more stored references are references to one or more characteristics associated with a protected user; and
  
  determining, based on an algorithmic comparison of the one or more generated references and the one or more stored references, a profile score for the suspect social entity, wherein determining the profile score comprises identifying a match between one or more of the generated references and one or more of the stored references, wherein the one or more generated references that are compared to the one or more stored references are dynamically determined, being selected from a group of generated references, and wherein the algorithmic comparison comprises;
  
  determining one or more match scores by comparing the one or more generated references to the one or more stored references;
  
  generating a weight for each match score; and
  
  generating a weighted average based on the weighted match scores;
  
  comparing the profile score for the suspect social entity determined by the algorithmic comparison to a threshold;
  
  identifying the suspect social entity as an imposter of the protected social entity if the profile score exceeds the threshold;
  
  monitoring the activity of the identified imposter across the multiple social networks, wherein monitoring the activity of the identified imposter comprises identifying data that is associated with the identified imposter;
  
  determining that the identified data associated with the identified imposter is malicious;
  
  generating an alert; and
  
  providing the alert to the protected social entity.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The system of claim 12 wherein the alert identifies the suspect social entity.
  - 14. The system of claim 12 wherein providing the alert to the protected social entity comprises providing a computer-based alert to the protected social entity.
  - 15. The system of claim of 14 wherein providing the alert to the protected social entity comprises emailing the protected social entity.
  - 16. The system of claim 14 wherein providing computer-based alerts to the protected social entity comprises providing a web-based alert to the protected social entity.
  - 17. The system of claim 12 wherein the alert indicates fraud, impersonation, or social engineering.
  - 18. The system of claim 12, wherein the group of generated references includes generated references that indicate name, date of birth, gender, location, email address, education, and organization.
  - 19. The system of claim 12, wherein the one or more characteristics include an image, and wherein generating a reference to the image comprises deriving data from the image.
  - 20. The system of claim 19, wherein deriving data from the image comprises hashing the image.
  - 21. The system of claim 19, wherein deriving data from the image comprises determining one or more facial characteristics of an individual included in the image.

22. A non-transitory computer-readable storage medium storing software comprising instructions executable by one or more computers which, upon such execution, cause the one or more computers to perform operations comprising:
- scanning data that is maintained on multiple social networks, wherein scanning data that is maintained on multiple social networks comprises identifying, by one or more processors, data that is associated with a social entity, and wherein scanning data that is maintained on multiple social networks is performed on a continuous basis, without user initiation;
  
  determining one or more characteristics of the identified data;
  
  generating, for each of the one or more characteristics, a reference to the identified data that indicates the characteristic;
  
  comparing one or more of the generated references to one or more stored references, wherein the one or more stored references are references to one or more characteristics associated with a protected user; and
  
  determining, based on an algorithmic comparison of the one or more generated references and the one or more stored references, a profile score for the suspect social entity, wherein determining the profile score comprises identifying a match between one or more of the generated references and one or more of the stored references, wherein the one or more generated references that are compared to the one or more stored references are dynamically determined, being selected from a group of generated references, and wherein the algorithmic comparison comprises;
  
  determining one or more match scores by comparing the one or more generated references to the one or more stored references;
  
  generating a weight for each match score; and
  
  generating a weighted average based on the weighted match scores;
  
  comparing the profile score for the suspect social entity determined by the algorithmic comparison to a threshold;
  
  identifying the suspect social entity as an imposter of the protected social entity if the profile score exceeds the threshold;
  
  monitoring the activity of the identified imposter across the multiple social networks, wherein monitoring the activity of the identified imposter comprises identifying data that is associated with the identified imposter;
  
  determining that the identified data associated with the identified imposter is malicious;
  
  generating an alert; and
  
  providing the alert to the protected social entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ZeroFOX, Inc. (ZeroFox Holdings, Inc.)
Original Assignee
ZeroFOX, Inc. (ZeroFox Holdings, Inc.)
Inventors
Foster, James C., Cullison, Christopher B., Francis, Robert, Blair, Evan
Primary Examiner(s)
Rahman, Mahfuzur

Application Number

US14/327,068
Publication Number

US 20140325662A1
Time in Patent Office

496 Days
Field of Search

726/22
US Class Current

1/1
CPC Class Codes

H04L 63/20 for managing network securi...

Protecting against suspect social entities

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

55 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting against suspect social entities

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links