公开(公告)号：US20240089285A1

公开(公告)日：2024-03-14

申请号：US18465947

申请日：2023-09-12

Applicant: Agari Data, Inc.

Inventor： Bjorn Markus Jakobsson ,  Jacob Rudee Rideout

IPC: H04L9/40 ,  H04L51/212 ,  H04L51/42

CPC classification number: H04L63/1433 ,  H04L51/212 ,  H04L51/42 ,  H04L63/1425 ,  H04L12/66

Abstract: A received message sent from a first message account to a second message account is received. A security risk associated with the received message is determined. It is determined that the security risk associated with the received message meets one or more criteria. Based on the determination that the security risk associated with the received message meets the one or more criteria, a responsive message in response to the received message is automatically generated and sent. An interaction with the responsive message is analyzed. Based on a result of the analysis of the interaction with the responsive message, a security risk associated with the first message account is classified.

公开(公告)号：US11019076B1

公开(公告)日：2021-05-25

申请号：US15958648

申请日：2018-04-20

Applicant: Agari Data, Inc.

Inventor： Bjorn Markus Jakobsson ,  John M. Wilson, III

IPC: H04L29/06 ,  H04L12/58

Abstract: An identity profile of a user is tracked using previous message communications of the user. A message identified as potentially from the user is received. The identity profile of the user is identified and obtained. Information is extracted from a header of the received message. A security risk assessment of the received message is determined at least in part by comparing the extracted information with one or more corresponding entries of the identity profile of the user. A security action is performed based on the determined security risk assessment.

公开(公告)号：US10805314B2

公开(公告)日：2020-10-13

申请号：US15980566

申请日：2018-05-15

Applicant: Agari Data, Inc.

Inventor： Bjorn Markus Jakobsson ,  Scot Free Kennedy ,  Patrick Richard Peterson

IPC: H04L29/06 ,  H04L12/58 ,  G06F16/955 ,  G06F21/55

Abstract: Information of an electronic message to be delivered to an intended recipient is received. For an original resource identifier included in the electronic message, a corresponding alternative resource identifier that can be at least in part used to obtain the original resource identifier and obtain context information associated with the electronic message is determined. The original resource identifier included in the electronic message is replaced with the alternative resource identifier to generate a modified electronic message. The modified electronic message with the alternative resource identifier is allowed to be delivered to the intended recipient instead of the electronic message with the original resource identifier. A request made using the alternative resource identifier in the modified message triggers a security action based at least in part on the context information associated with the electronic message.

公开(公告)号：US10715543B2

公开(公告)日：2020-07-14

申请号：US15823196

申请日：2017-11-27

Applicant: Agari Data, Inc.

Inventor： Bjorn Markus Jakobsson

IPC: H04L29/06 ,  G06Q50/00 ,  G06N7/00

Abstract: Information about an electronic message that is from a sender for an intended recipient is received. It is determined whether an electronic message account of the sender of the electronic message is likely an independently controlled account. In response to the determination that the electronic message account of the sender of the electronic message is likely an independently controlled account, the electronic message is analyzed to determine whether the message is an automatically generated message. In response to the determination that the message is an automatically generated message, a security action is performed.

公开(公告)号：US20190260713A1

公开(公告)日：2019-08-22

申请号：US16399801

申请日：2019-04-30

Applicant: Agari Data, Inc.

Inventor： Bjorn Markus Jakobsson ,  Theodore C. Loder ,  Jacob R. Rideout ,  Arthur Kwan Jakobsson ,  Michael L. Jones

IPC: H04L29/06

Abstract: At least one of a measure of trust or a measure of spoofing risk associated with a sender of a message is determined. A measure of similarity between an identifier of the sender of the message and an identifier of at least one trusted contact of a recipient of the message is determined. The measure of similarity is combined with at least one of the measure of trust or the measure of spoofing risk to at least in part determine a combined measure of risk associated with the message. The sender of the message is not included in the at least one trusted contact of the recipient of the message. Based at least in part on the combined measure of risk associated with the message, the message is modified to alter content of a data field that includes an identification of the sender of the message.

公开(公告)号：US11936604B2

公开(公告)日：2024-03-19

申请号：US15786126

申请日：2017-10-17

Applicant: Agari Data, Inc.

Inventor： Bjorn Markus Jakobsson

IPC: H04L9/00 ,  H04L9/40 ,  H04L51/212 ,  H04L51/08 ,  H04L51/18 ,  H04L51/42

CPC classification number: H04L51/212 ,  H04L63/1408 ,  H04L63/1441 ,  H04L63/1483 ,  H04L51/08 ,  H04L51/18 ,  H04L51/42

Abstract: An initial risk of an electronic message is determined. Based on the initial risk, it is determined whether to modify the electronic message. In an event it is determined to modify the electronic message: the electronic message is modified; the modified electronic message is allowed to be delivered to an intended recipient of the electronic message; a secondary computer security risk assessment of the electronic message is automatically performed; and based on the secondary computer security risk assessment, the modified message is updated.

公开(公告)号：US11102244B1

公开(公告)日：2021-08-24

申请号：US15992752

申请日：2018-05-30

Applicant: Agari Data, Inc.

Inventor： Bjorn Markus Jakobsson ,  John M. Wilson, III ,  Patrick Richard Peterson ,  SeyedHossein Siadati

IPC: H04L29/06 ,  H04L12/58

Abstract: In one example, intelligence is gathered about an attacker that is attempting an attack via a malicious exploit message by exploiting the attacker's belief that the attack is succeeding. A received message (e.g., malicious message) sent from a first message account (e.g., attacker) to a second message account (e.g., intended victim) is received. A security risk associated with the received message is determined. It is determined that the security risk associated with the received message meets one or more criteria. Based on the determination that the security risk associated with the received message meets the one or more criteria, a responsive message is sent in response to the received message from a third message account (e.g., security service) to the first message account. The responsive message includes a content reference identified as referring to a content for a user of the first message account. In response to receiving a request made by the user of the first message account using the content reference, access to a message repository associated with the first message account is requested. Once access is granted, the message repository can be analyzed and intelligence about the first message account can be gathered and reported.

公开(公告)号：US10992645B2

公开(公告)日：2021-04-27

申请号：US16399801

申请日：2019-04-30

Applicant: Agari Data, Inc.

Inventor： Bjorn Markus Jakobsson ,  Theodore C. Loder ,  Jacob R. Rideout ,  Arthur Kwan Jakobsson ,  Michael L. Jones

IPC: H04L29/06

Abstract: At least one of a measure of trust or a measure of spoofing risk associated with a sender of a message is determined. A measure of similarity between an identifier of the sender of the message and an identifier of at least one trusted contact of a recipient of the message is determined. The measure of similarity is combined with at least one of the measure of trust or the measure of spoofing risk to at least in part determine a combined measure of risk associated with the message. The sender of the message is not included in the at least one trusted contact of the recipient of the message. Based at least in part on the combined measure of risk associated with the message, the message is modified to alter content of a data field that includes an identification of the sender of the message.

公开(公告)号：US10326735B2

公开(公告)日：2019-06-18

申请号：US15723524

申请日：2017-10-03

Applicant: Agari Data, Inc.

Inventor： Bjorn Markus Jakobsson ,  Theodore C. Loder ,  Jacob R. Rideout ,  Arthur Kwan Jakobsson ,  Michael L. Jones

IPC: H04L29/06

Abstract: A measure of similarity between an identifier of a sender of the message and each identifier of one or more identifiers of each trusted contact of a plurality of trusted contacts of a recipient of the message is determined. In the event the sender of the message is not any of the trusted contacts but at least one of the measure of similarity between the identifier of the sender of the message and a selected identifier of a selected trusted contact of the plurality of trusted contacts meets a threshold, the message is modified, if applicable, to alter content of a data field that includes an identification of the sender of the message. The data field is one of a plurality of data fields included in a header of the message.

公开(公告)号：US12074850B2

公开(公告)日：2024-08-27

申请号：US16941326

申请日：2020-07-28

Applicant: Agari Data, Inc.

Inventor： Bjorn Markus Jakobsson ,  Theodore C. Loder ,  Jacob R. Rideout ,  Arthur Kwan Jakobsson ,  Michael L. Jones

IPC: H04L9/40

CPC classification number: H04L63/0263 ,  H04L63/0245 ,  H04L63/0254 ,  H04L63/1433 ,  H04L63/1483

Abstract: A first risk analysis of a message is performed. In the event the first risk analysis results in a determination that the message meets a first criteria, at least a portion of the message is modified prior to sending a modified version of the message to a specified recipient of the message, and a second risk analysis of the message is performed. The first risk analysis is performed before sending the modified version of the message and the modified version of the message is sent to the specified recipient of the message prior to a conclusion of the second risk analysis. In the event the second risk analysis results in a determination that the message meets a second criteria, content of the message that was previously prevented from being accessed by the specified recipient is provided to the specified recipient of the message.