主权项 |
1. A method of detecting a suspicious entity in a communication network, the method comprising:
at a receiving device, receiving a message from a sender; using a processor, obtaining one of domain information or a user identity, and further contact information from data contained in a body of the message; sending to a Network Reputation Server a reputation query message, the reputation query message including one of the domain information or the user identity; receiving from the Network Reputation Server a reply message, the reply message indicating that the domain information is related to the suspicious entity; associating the further contact information with the suspicious entity; sending the further contact information to a remote server, wherein at the remote server: associating the further contact information with the suspicious entity; receiving a communication from a device using the further contact information, the communication destined for a further receiving device; taking further action selected from blocking the communication, quarantining the communication and alerting the further receiving device that the communication has been sent using contact information associated with the suspicious entity. |