| 发明名称 | Collaborative phishing attack detection | ||
| 摘要 | Described herein are methods, network devices and machine-readable storage media for detecting whether a message is a phishing attack based on the collective responses from one or more individuals who have received that message. The individuals may flag the message as a possible phishing attack, and/or may provide a numerical ranking indicating the likelihood that the message is a possible phishing attack. As responses from different individuals may have a different degree of reliability, each response from an individual may be weighted with a corresponding trustworthiness level of that individual, in an overall determination as to whether a message is a phishing attack. A trustworthiness level of an individual may indicate a degree to which the response of that individual can be trusted and/or relied upon, and may be determined by how well that individual recognized simulated phishing attacks. | ||
| 申请公布号 | US9325730(B2) | 申请公布日期 | 2016.04.26 |
| 申请号 | US201514620245 | 申请日期 | 2015.02.12 |
| 申请人 | PHISHME, INC. | 发明人 | Higbee Aaron;Belani Rohyt;Greaux Scott |
| 分类号 | H04L29/06 | 主分类号 | H04L29/06 |
| 代理机构 | CipherLaw | 代理人 | CipherLaw |
| 主权项 | 1. A method, comprising: generating a simulated phishing message, the message comprising a predetermined identifier in the message or in metadata of the message; electronically storing the predetermined identifier in a computerized data store; receiving a notification triggered by a user action by an individual that a message delivered in an account associated with the individual has been identified by the individual as a possible phishing attack; determining whether the identified message is a known simulated phishing attack by comparing the predetermined identifier to an identifier from the message or to the metadata of the message; if the message is determined to be a known simulated phishing attack based on the comparison of the identifier, providing feedback to the individual confirming that the message was a simulated phishing attack; and if the message is determined not to be a known simulated phishing attack based on the comparison of the identifier, forwarding the message for threat analysis; wherein determining whether the message is a known simulated phishing attack comprises comparing a characteristic or identifier of the message with a characteristic or identifier of a transmitted simulated phishing attack. | ||
| 地址 | Leesburg VA US | ||