Automated account maintenance and fraud mitigation tool
US-2022309516-A1 · Sep 29, 2022 · US
Identifying and protecting against malicious electronic messages that deceptively appear to originate from a trusted source
US12101352B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-12101352-B1 |
| Application number | US-202117368347-A |
| Country | US |
| Kind code | B1 |
| Filing date | Jul 6, 2021 |
| Priority date | Jul 6, 2021 |
| Publication date | Sep 24, 2024 |
| Grant date | Sep 24, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Identifying and protecting against malicious electronic messages that deceptively appear to originate from a trusted source. An authentic writing style contained within a legitimate electronic message that originates from a vender may be identified. The authentic writing style may be stored in a database. A new electronic message may be received that appears to originate from the vendor. The new electronic message may contain a new writing style. The new writing style may be compared with the authentic writing style stored in the database to identify any differences between the new writing style and the authentic writing style. A determination may be made that the new electronic message does not originate from the vender based, at least on part, on one or more differences identified between the writing styles. A security action may then be performed to protect against the new electronic message.
First claim
Opening claim text (preview).
The invention claimed is: 1. A computer-implemented method for identifying and protecting against malicious electronic messages that deceptively appear to originate from a trusted source, at least a portion of the method being performed by a computing device comprising one or more processors, the computer-implemented method comprising: identifying an authentic writing style contained within one or more legitimate electronic messages that originate from a vender, the legitimate electronic messages being used by the vender to communicate with customers; assigning a confidence level to the authentic writing style, wherein the confidence level is assigned based at least in part on a number of times that the authentic writing style is identified in the one or more legitimate electronic messages; storing the authentic writing style in a database; receiving a new electronic message that appears to originate from the vender, the new electronic message containing a new writing style and a selectable link; comparing the new writing style contained within the new electronic message with the authentic writing style stored in the database to identify any differences between the new writing style and the authentic writing style; determining that the new electronic message does not originate from the vender based, at least in part, on one or more differences identified between the new writing style and the authentic writing style and the confidence level assigned to the authentic writing style; and protecting against the new electronic message by performing a security action, wherein the security action includes disabling the link so that it cannot be selected by an intended recipient. 2. The computer-implemented method of claim 1 , wherein the security action further includes modifying the new electronic message to include a notification that the new electronic message does not originate from the vender. 3. The computer-implemented method of claim 1 , wherein the authentic writing style includes standard language that is routinely used by the vender in communications with customers. 4. The computer-implemented method of claim 1 , wherein the new electronic message is a text message that is received over a cellular network and the text message appears to originate from a number that is associated with the vender. 5. The computer-implemented method of claim 4 , wherein the text message appears within a chain that includes the one or more legitimate electronic messages. 6. The computer-implemented method of claim 1 , wherein the one or more differences identified between the new writing style and the authentic writing style includes a use of different words, a different spelling of a word, or a different sequence of words. 7. One or more non-transitory computer-readable media comprising one or more computer-readable instructions that, when executed by one or more processors of a security server, cause the security server to perform a method for identifying and protecting against malicious electronic messages that deceptively appear to originate from a trusted source, the method comprising: identifying an authentic writing style contained within one or more legitimate electronic messages that originate from a vender, the legitimate electronic messages being used by the vender to communicate with customers; assigning a confidence level to the authentic writing style, wherein the confidence level is assigned based at least in part on a number of times that the authentic writing style is identified in the one or more legitimate electronic messages; storing the authentic writing style in a database; receiving a new electronic message that appears to originate from the vender, the new electronic message containing a new writing style and a selectable link; comparing the new writing style contained within the new electronic message with the authentic writing style stored in the database to identify any differences between the new writing style and the authentic writing style; determining that the new electronic message does not originate from the vender based, at least in part, on one or more differences identified between the new writing style and the authentic writing style and the confidence level assigned to the authentic writing style; and protecting against the new electronic message by performing a security action, wherein the security action includes disabling the link so that it cannot be selected by an intended recipient. 8. The one or more non-transitory computer-readable media of claim 7 , wherein the security action further includes modifying the new electronic message to include a notification that the new electronic message does not originate from the vender. 9. The one or more non-transitory computer-readable media of claim 7 , wherein the authentic writing style includes standard language that is routinely used by the vender in communications with customers. 10. The one or more non-transitory computer-readable media of claim 7 , wherein the new electronic message is a text message that is received over a cellular network and the text message appears to originate from a number that is associated with the vender. 11. The one or more non-transitory computer-readable media of claim 10 , wherein the text message appears within a chain that includes the one or more legitimate electronic messages. 12. The one or more non-transitory computer-readable media of claim 7 , wherein the one or more differences identified between the new writing style and the authentic writing style includes a use of different words, a different spelling of a word, or a different sequence of words. 13. A computing device comprising: one or more processors; and one or more non-transitory computer-readable media comprising one or more computer-readable instructions that, when executed by the one or more processors, cause the computing device to perform a method for identifying and protecting against malicious electronic messages that deceptively appear to originate from a trusted source, the method comprising: identifying an authentic writing style contained within one or more legitimate electronic messages that originate from a vender, the legitimate electronic messages being used by the vender to communicate with customers; assigning a confidence level to the authentic writing style, wherein the confidence level is assigned based at least in part on a number of times that the authentic writing style is identified in the one or more legitimate electronic messages; storing the authentic writing style in a database; receiving a new electronic message that appears to originate from the vender, the new electronic message containing a new writing style and a selectable link; comparing the new writing style contained within the new electronic message with the authentic writing style stored in the database to identify any differences between the new writing style and the authentic writing style; determining that the new electronic message does not originate from the vender based, at least in part, on one or more differences identified between the new writing style and the authentic writing style and the confidence level assigned to the authentic writing style; and protecting against the new electronic message by performing a security action, wherein the security action includes disabling the link so that it cannot be selected by an intended recipient. 14. The computing device of claim 13 , wherein the security action is further includes modifying the new electronic message to include a notification that the new electronic message does not originate from the vender.
Assignees
Inventors
Classifications
using filtering or selective blocking · CPC title
- H04L63/1483Primary
service impersonation, e.g. phishing, pharming or web spoofing (detection of rogue wireless access points H04W12/12) · CPC title
Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD] · CPC title
Message adaptation for wireless communication · CPC title
- H04L63/1416Primary
Event detection, e.g. attack signature detection · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12101352B1 cover?
- Identifying and protecting against malicious electronic messages that deceptively appear to originate from a trusted source. An authentic writing style contained within a legitimate electronic message that originates from a vender may be identified. The authentic writing style may be stored in a database. A new electronic message may be received that appears to originate from the vendor. The ne…
- Who is the assignee on this patent?
- Nortonlifelock Inc, Gen Digital Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1483. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 24 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).