	US 12,407,724 B2
	Analyzing messages for malicious content using a cloud computing system
Charlene Moss Gorter, Concord, NC (US); Kyle Andrew Mayers, Charlotte, NC (US); Sanjay Arjun Lohar, Charlotte, NC (US); James Siekman, Charlotte, NC (US); and Connor Thomas McCormick, Westminster, CO (US)
Assigned to Bank of America Corporation, Charlotte, NC (US)
Filed by Bank of America Corporation, Charlotte, NC (US)
Filed on Feb. 3, 2023, as Appl. No. 18/164,056.
Prior Publication US 2024/0267410 A1, Aug. 8, 2024
Int. Cl. H04L 9/40 (2022.01)

CPC H04L 63/1483 (2013.01) [H04L 63/1425 (2013.01)]

11 Claims

1. A system comprising:

a user device comprising:

a first memory configured to store a client application; and

a first processor communicatively coupled to the first memory, wherein the first processor, when executing the client application, is configured to:

intercept a message comprising a quick response (QR) code or a uniform resource locator (URL), wherein the QR code corresponds to the URL;

send the message to a cloud computing system;

receive a status of the message from the cloud computing system; and

release the message to be displayed along with the status; and

the cloud computing system communicatively coupled to the user device, wherein the cloud computing system comprises:

a second memory configured to store:

known safe URLs;

known malicious URLs;

known safe sources;

known malicious sources;

known malicious codes; and

hashes of known malicious files; and

a second processor communicatively coupled to the second memory, the second processor configured to:

receive the message from the user device;

determine the status of the message, wherein determining the status of the message comprises:

determining a source of the message;

comparing the source of the message to the known malicious sources;

in response to the source of the message not matching any of the known malicious sources, comparing the source of the message to the known safe sources;

in response to the source of the message not matching any of the known safe sources, comparing the URL to the known malicious URLs; and

in response to the URL matching a respective one of the known malicious URLs, determining the status of the message as malicious;

in response to the URL not matching any of the known malicious URLs, compare the URL to the known safe URLs;

in response to the URL matching a respective one of the known safe URLs, determine the status of the message as safe;

in response to the URL not matching any of the known safe URLs, analyze the URL for spelling errors;

in response to identifying at least one spelling error in the URL, determine the status of the message as suspicious;

in response to identifying no spelling errors in the URL, determine a destination identified by the URL;

in response to determining that the destination identified by the URL is a file, determine a hash of the file;

compare the hash of the file to the hashes of known malicious files; and

in response to the hash of the file matching a hash of one of the known malicious files, determine the status of the message as malicious; and

send the status of the message to the user device.