&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=11949713.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 11,949,713 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Abuse mailbox for facilitating discovery, investigation, and analysis of email-based threats</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Evan Reiser,  San Francisco, CA (US);  Jeremy Kao,  San Francisco, CA (US);  Cheng-Lin Yeh,  San Francisco, CA (US);  Yea So Jung,  San Francisco, CA (US);  Kai Jing Jiang,  San Francisco, CA (US);  Abhijit Bagri,  San Francisco, CA (US);  Su Li Debbie Tan,  San Francisco, CA (US);  Venkatram Kishnamoorthi,  San Francisco, CA (US); and  Feng Shuo Deng,  San Francisco, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Abnormal Security Corporation,  San Francisco, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Abnormal Security Corporation,  San Francisco, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Dec.  14, 2021, as Appl. No. 17/550,848.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 17/550,848 is a continuation of application No. 17/155,843, filed on Jan.  22, 2021, granted, now 11,252,189.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Claims priority of provisional application 62/984,098, filed on Mar.  2, 2020.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2022/0255961 A1, Aug.  11, 2022</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>This patent is subject to a terminal disclaimer.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 9/40</b></i> (2022.01); <i><b>G06F 16/9035</b></i> (2019.01); <i><b>G06Q 10/107</b></i> (2023.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 63/1483</b></i> (2013.01)&#xa0;[<i><b>G06F 16/9035</b></i> (2019.01); <i><b>G06Q 10/107</b></i> (2013.01); <i><b>H04L 63/1416</b></i> (2013.01); <i><b>H04L 63/1425</b></i> (2013.01)]</td>
            <td class="table_data" align="right"><b>42 Claims</b></td>
          </tr>
        </table>
        <center><img src="US11949713-20240402-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method comprising:<div class="claim_text">determining, via an application programming interface, that a first email is present in a mailbox to which employees of an enterprise are able to forward emails deemed suspicious for analysis, and in response to determining that the first email is present in the mailbox, determining whether the first email is representative of a threat to the enterprise based at least in part by applying a trained model to the first email; and</div>
                <div class="claim_text">in response to establishing that the first email represents a threat to the enterprise:<div class="claim_text">generating a record of the threat by populating a data structure with information related to the first email; and</div>
                  <div class="claim_text">applying the data structure to inboxes of a plurality of the employees to determine whether the first email is part of a campaign, and in response to determining that the first email is part of a campaign, applying the data structure as a filter to inbound emails addressed to the employees.</div>
                </div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>