Determining authenticity of reported user action in cybersecurity risk assessment

Assignee

• Proofpoint, Inc. · US

Inventors

• Kurt Wescoe · Pittsburgh, US
• Trevor T. Hawthorn · East Stroudsburg, US
• Alan Himler · Pittsburgh, US
• Patrick H. Veverka · Virginia Beach, US
• John T. Campbell · Via Enrico Fermi, US
• Dustin D. Brungart · Imperial, US
• Norman Sadeh-Koniecpol · Pittsburgh, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1441
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

An electronic device will identify an electronic message received by a messaging client that is associated with a first recipient, and it will analyze the electronic message to determine whether the electronic message is a simulated malicious message. Upon determining that electronic message is a simulated malicious message, the device will identify an actuatable element in the electronic message. The actuatable element will include a service address. The device will modify the electronic message by appending a user identifier of the first recipient to the service address of the actuatable element. Then, when the actutable element is actuated, the system may determine whether the first recipient actuated the actuatable element or an alternate recipient did so based on whether the user identifier of the first recipient is still appended (or is the only user identifier appended) to the actuatable element.