US 12,328,338 B2
Methods and software for training users to discern electronic phishing messages and for building phishing knowledgebases for automated electronic-message filtering
Samuel Cavallaro, New London, NH (US); Catherine Porter, Hartford, VT (US); Samuel Fielder, North Pomfret, VT (US); Mitch Davis, Cornish, NH (US); and William Cowen, Quechee, VT (US)
Assigned to Trustees of Dartmouth College, Hanover, NH (US)
Filed by Trustees of Dartmouth College, Hanover, NH (US)
Filed on Sep. 9, 2022, as Appl. No. 17/941,833.
Claims priority of provisional application 63/242,258, filed on Sep. 9, 2021.
Prior Publication US 2023/0073905 A1, Mar. 9, 2023
Int. Cl. H04L 29/06 (2006.01); G09B 5/06 (2006.01); H04L 9/40 (2022.01)
CPC H04L 63/1483 (2013.01) [G09B 5/065 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method of identifying and reporting original reports of electronic phishing messages reported by a plurality of users each having a corresponding electronic-message inbox, wherein each electronic-message inbox stores metadata for each message that the user inbox receives, the method being performed automatically by a computing system, the method comprising:
receiving suspected phishing electronic messages forwarded by the users from the corresponding electronic-message inboxes;
for each of the suspected phishing electronic messages:
electronically collecting phishing-analysis data from the suspected phishing electronic message;
executing a phishing-analysis computer algorithm that operates on the phishing-analysis data and on an electronic phishing knowledgebase to determine whether or not the suspected phishing electronic message is an electronic phishing message;
electronically collecting message-identifying data from the suspected phishing electronic message for uniquely identifying the suspected phishing electronic message;
using the message-identifying data, electronically retrieving metadata for the suspected phishing electronic message from the electronic-message inbox of the user that forwarded the suspected phishing electronic message;
executing a reporting-analysis computer algorithm that operates on the message-identifying data and the metadata to determine whether or not the forwarding of the suspected phishing electronic message is an original reporting; and
when the phishing-analysis computer algorithm determines that the suspected phishing electronic message is an electronic phishing message and the reporting-analysis computer algorithm determines that the reporting of the suspected phishing electronic message is an original reporting, electronically reporting the suspected phishing electronic message to a phishing agent as an original reporting:
wherein each suspected phishing electronic message includes at least one user-annotation identifying one or more indicia that the suspected phishing electronic message is a phishing electronic message, and the method further comprises for each of the suspected phishing electronic messages:
electronically retrieving the at least one user-annotation from the suspected phishing electronic message; and
executing an assessment and scoring computer algorithm that operates on the retrieved at least one user-annotation to determine correctness of the at least one user-annotation and assign an assessment value based on the correctness;
wherein the electronic reporting to the phishing agent includes reporting to the point-tallying system a point value that includes the assessment value.