Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Email Sender and Reply-To Authentication to Prevent Interception of Email Replies

a technology for replying and email senders, applied in the field of electronic messaging security, can solve the problems of social media social media, easy to miss whaling attacks, and difficult to detect standard phishing attacks

Inactive Publication Date: 2018-01-11
KHAN ZAFAR
View PDF11 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

The present invention is an electronic messaging system that can review and verify the content of inbound and outbound email messages. The system can detect if the elements of the header fields match or do not match, and can initiate an alert message or take other appropriate actions, such as moving the message to a different folder or sending an alert to both the email address in the To and From fields. The invention can also review and verify the content of inbound message headers after the recipient clicks the REPLY button or the REPLY-ALL button. The technical effects of the invention include improved email message management and verification, as well as improved security and efficiency in email communication.

Problems solved by technology

Phishing is a continual threat, and the risk is even larger in social media such as Facebook, Twitter, and Google+.
Due to their focused nature, whaling attacks are often harder to detect than standard phishing attacks.
However, such training is often ineffective in reducing the occurrence of personal data due to a carefully constructed whaling attack.
Fraudulent transfers have been reported going to 72 countries; however, the majority of the transfers go to Asian banks located within China and Hong Kong.
In these schemes, the victim clicks on the link, causing it to download malware to the victim's computer, allowing the actor(s) unfettered access to the victim's data, including passwords or financial account information.
However, there are no solutions described that mitigate the particular type of whaling attack from which the various embodiments of the present invention protects.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Email Sender and Reply-To Authentication to Prevent Interception of Email Replies
  • Email Sender and Reply-To Authentication to Prevent Interception of Email Replies
  • Email Sender and Reply-To Authentication to Prevent Interception of Email Replies

Examples

Experimental program
Comparison scheme
Effect test

second embodiment

[0176]FIG. 6 is a flow chart illustrating the processes carried out by the invention. In this embodiment, the recipient desires a higher level of risk mitigation to avoid responding to a fraudulent received email message.

[0177]In this embodiment, the fraudulent email arrives in the target recipient's email inbox of the recipient's email client in box 100. If the target recipient opens the email and then clicks on the Reply or Reply-All buttons of the email client in box 102, the command to compose a reply message is intercepted by the programming commands of the first embodiment of the invention, and they analyzed to determine if the Reply-To email header field of the message contains an email address in box 104. If the Reply-To email header field does not contain an email address, the programming commands of the second embodiment of the invention terminate and the email client displays a typical reply email message format to the recipient, and then continues with normal electronic ...

third embodiment

[0182]Where the user wants a higher level of risk mitigation automated with actions taken before the sent message from the Internet criminal reaches that target recipient, software embodying the invention may be installed on a server separate from the sender that receives email before reaching the target recipient email box.

[0183]FIG. 7 is a graphic representation of email flow in the case where an email appears to come from an authentic sender, but in actuality comes from an Internet Criminal. Here, an email is sent from the Internet Criminal with Authentic Sender “From” information, and with the Internet Criminal's “Reply-To” information to a target recipient in box 130. The email is intercepted by a server that is located remote from the sender's email client in box 132. The server, operated by programming commands embodying the third embodiment of the invention, analyzes the header information of the email at box 134. If the server determines that the email is not fraudulent, th...

fourth embodiment

[0189]FIG. 9 is a flow chart illustrating an the various methods, processes, and logic carried out by the invention. As stated previously, these methods, processes, and logic are embodiment in software and hardware that runs on a recipient's email client.

[0190]In the fourth embodiment, the fraudulent email arrives in the target recipient's email inbox of the recipient's email client in box 160. If the target recipient opens the email and then clicks on the Reply or Reply-All buttons of the email client in box 162, the command to compose a reply message is intercepted by the programming commands of the first embodiment of the invention, and they analyzed to determine if the Reply-To email header field of the message contains an email address in box 164. If the Reply-To email header field does not contain an email address, the programming commands of the fourth embodiment of the invention terminate and the email client displays a typical reply email message format to the recipient, an...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

An electronic messaging system that reviews content of inbound messages, verifies elements of header fields, and initiates an action if Name (N) and Address (A) of From (F) and Reply-To (R) elements of header fields match or do not match, those elements being NF=NR and AF≠AR, to protect recipients against inadvertent routing of their reply email to an imposter of the named From sender, thereby mitigating risk of recipients falling prey to what is referred to herein as “Reply-To Whaling” attacks, within the email security category of anti-phishing.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS[0001]This application claims the benefit of priority to the earlier filed U.S. Provisional Application No. 62 / 313,672, filed on Mar. 25, 2016, entitled “EMAIL SENDER AND REPLY-TO AUTHENTICATION”, and U.S. Provisional Application No. 62 / 317,263, filed on Apr. 1, 2016, entitled “EMAIL SENDER AND REPLY-TO AUTHENTICATION TO PREVENT INTERCEPTION OF EMAIL REPLIES”, which are incorporated reference herein in their entireties.FIELD OF THE INVENTION[0002]This invention relates to electronic messaging security within the category of anti-phishing, and the sub-category of anti-whaling, in terms of protecting the recipient of an electronic message from inadvertent routing of a reply message to an imposter of the named sender, using the invention's automated sender authentication and alert system.BACKGROUND OF THE INVENTION[0003]Mail assumed electronic format in 1965 and was given the name “Email”. Email started as a way for multiple users of a time-sharin...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/58G06Q10/10H04L29/06
CPCH04L51/30H04L63/08H04L63/0442G06Q10/107H04L63/1483H04L51/23H04L51/212
Inventor KHAN, ZAFAR
Owner KHAN ZAFAR
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com