Detecting a suspicious entity in a communication network

摘要

A method and apparatus for detecting a suspicious entity in a communication network. A receiving device receives a message from a sender. A processor obtains domain information or a user identity, and further contact information from data contained in the message. A reputation query message is sent to a Network Reputation Server (NRS), the reputation query message including the domain information or user identity. A reply is received from the NRS that indicates that the domain information or user identity is related to a suspicious entity. The receiving device then associates the contact information with the suspicious entity. In this way, if a user of the receiving device attempts to use the contact information, they can be prevented from doing this or informed that it relates to a suspicious entity.

主权项

1. A method of detecting a suspicious entity in a communication network, the method comprising:
at a receiving device, receiving a message from a sender; using a processor, obtaining one of domain information or a user identity, and further contact information from data contained in a body of the message; sending to a Network Reputation Server a reputation query message, the reputation query message including one of the domain information or the user identity; receiving from the Network Reputation Server a reply message, the reply message indicating that the domain information is related to the suspicious entity; associating the further contact information with the suspicious entity; sending the further contact information to a remote server, wherein at the remote server: associating the further contact information with the suspicious entity; receiving a communication from a device using the further contact information, the communication destined for a further receiving device; taking further action selected from blocking the communication, quarantining the communication and alerting the further receiving device that the communication has been sent using contact information associated with the suspicious entity.