Collaborative phishing attack detection

  • US 9,591,017 B1
  • Filed: 04/25/2016
  • Issued: 03/07/2017
  • Est. Priority Date: 02/08/2013
  • Status: Active Grant
First Claim
Patent Images

1. A method for identifying and processing email messages received at a remote computing device in connection with a simulated phishing email campaign, comprising:

  • generating, by a network device, a simulated phishing email, wherein the simulated phishing email is a non-malicious email that resembles a real phishing attack by attempting to lure an individual into performing a target action on the remote computing device, wherein the simulated phishing email comprises at least one embedded hyperlink, and wherein if the individual performs the target action, performance of the target action does not compromise the remote computing device or personal information of the individual;

    causing the simulated phishing email to be transmitted over a communications network to the remote computing device, the simulated phishing email comprising an identifying header, wherein the identifying header identifies the simulated phishing email as a non-malicious simulated phishing email sent by the network device;

    providing a plug-in for an email client at the remote computing device, the plug-in configurable for executing computer instructions for;

    receiving a graphical user interface action performed by the individual indicating that an email, the email being either the simulated phishing email or another email, delivered in an email account associated with the individual has been identified by the individual as a possible phishing attack;

    determining whether the identified email is a known simulated phishing attack by comparing one or more headers of the identified email to stored information identifying at least one known simulated phishing attack;

    when the identified email is determined to be a known simulated phishing attack based on the comparison of the one or more headers of the identified email to stored information identifying at least one known simulated phishing attack, providing a graphically displayed feedback to the individual confirming that the identified email was a simulated phishing attack; and

    when the identified email is determined not to be a known simulated phishing attack based on the comparison of the one or more headers of the identified email to the stored information identifying at least one known simulated phishing attack, causing the plugin to send the identified email for analysis or detection of whether or not the identified email is a phishing attack;

    wherein the plugin is further configurable to provide a graphical user interface element that, when selected, causes a notification to be sent to the network device, the notification triggered by the user interface action by the individual that the email delivered in the email account associated with the individual has been identified by the individual as a possible phishing attack;

    receiving the notification over the communications network by the network device from the remote computing device;

    if the identified email is determined to be a known simulated phishing attack based on the comparison of the one or more headers of the identified email to stored information identifying at least one known simulated phishing attack, electronically recording data indicating that the email has been identified as a simulated phishing attack;

    if the identified email is determined not to be a known simulated phishing attack based on the comparison of the one or more headers of the identified email to stored information identifying at least one known simulated phishing attack, electronically recording data indicating that the email has been identified as a potential phishing attack; and

    causing the provisioning of an electronic training to the individual if the individual clicks on the embedded hyperlink in the simulated phishing email.

View all claims
    ×
    ×

    Thank you for your feedback

    ×
    ×