CPC H04L 63/1416 (2013.01) [G06F 21/53 (2013.01); G06F 21/566 (2013.01); H04L 63/0236 (2013.01); H04L 63/101 (2013.01); H04L 63/1425 (2013.01); H04L 63/1441 (2013.01); H04L 63/1466 (2013.01); G06F 2221/034 (2013.01); H04L 63/145 (2013.01)] | 19 Claims |
1. A method for protecting users from malicious content, the method comprising:
retrieving, by a hardware processor of a server system, a Uniform Resource Locator (URL) link from an electronic message sent to a user in a user computer environment and intercepted by the server system, the URL link pointing at linked digital content residing at a resource location, the server system configured for intercepting messages before receipt by a mail server or a user;
determining, for the URL link retrieved from the electronic message, a plurality of selection criteria factors for determining whether to sandbox the URL link, each of the plurality of selection criteria factors having a respective factor threshold, wherein the plurality of selection criteria factors comprises a number of electronic messages that is tracked by the server system and that includes the URL link such that the method processes the URL link retrieved from the electronic message and not the linked digital content to which the URL link points;
for each of the plurality of selection criteria factors:
comparing the respective factor threshold of the selection criteria factor to a corresponding factor threshold previously established in the server system; and
based on the comparing, determining whether the respective factor threshold of the selection criteria factor exceeds the corresponding factor threshold previously established in the sever system; and
responsive to any of the respective factor threshold of the selection criteria factors exceeds the corresponding factor threshold previously established in the server system, automatically queuing the URL link for preemptive sandboxing the URL to prevent the user from clicking the linked digital content residing at the resource location, the sandboxing including analyzing behavior of the URL link in another computer environment separate from the user computer environment.
|