发明名称 |
Collaborative phishing attack detection |
摘要 |
Described herein are methods, network devices and machine-readable storage media for detecting whether a message is a phishing attack based on the collective responses from one or more individuals who have received that message. The individuals may flag the message as a possible phishing attack, and/or may provide a numerical ranking indicating the likelihood that the message is a possible phishing attack. As responses from different individuals may have a different degree of reliability, each response from an individual may be weighted with a corresponding trustworthiness level of that individual, in an overall determination as to whether a message is a phishing attack. A trustworthiness level of an individual may indicate a degree to which the response of that individual can be trusted and/or relied upon, and may be determined by how well that individual recognized simulated phishing attacks. |
申请公布号 |
US9325730(B2) |
申请公布日期 |
2016.04.26 |
申请号 |
US201514620245 |
申请日期 |
2015.02.12 |
申请人 |
PHISHME, INC. |
发明人 |
Higbee Aaron;Belani Rohyt;Greaux Scott |
分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
代理机构 |
CipherLaw |
代理人 |
CipherLaw |
主权项 |
1. A method, comprising:
generating a simulated phishing message, the message comprising a predetermined identifier in the message or in metadata of the message; electronically storing the predetermined identifier in a computerized data store; receiving a notification triggered by a user action by an individual that a message delivered in an account associated with the individual has been identified by the individual as a possible phishing attack; determining whether the identified message is a known simulated phishing attack by comparing the predetermined identifier to an identifier from the message or to the metadata of the message; if the message is determined to be a known simulated phishing attack based on the comparison of the identifier, providing feedback to the individual confirming that the message was a simulated phishing attack; and if the message is determined not to be a known simulated phishing attack based on the comparison of the identifier, forwarding the message for threat analysis; wherein determining whether the message is a known simulated phishing attack comprises comparing a characteristic or identifier of the message with a characteristic or identifier of a transmitted simulated phishing attack. |
地址 |
Leesburg VA US |