US 12,105,816 B2
Dynamically controlling access to linked content in electronic communications
Conor Brian Hayes, Monte Sereno, CA (US); Michael Edward Jones, Fallbrook, CA (US); Alina V. Khayms, Sunnyvale, CA (US); Kenny Lee, Seattle, WA (US); David Jonathan Melnick, Los Angeles, CA (US); and Adrian Knox Roston, Las Vegas, NV (US)
Assigned to Proofpoint, Inc., Sunnyvale, CA (US)
Filed by Proofpoint, Inc., Sunnyvale, CA (US)
Filed on May 15, 2020, as Appl. No. 16/875,118.
Claims priority of provisional application 62/863,991, filed on Jun. 20, 2019.
Prior Publication US 2020/0404000 A1, Dec. 24, 2020
Int. Cl. H04L 9/00 (2022.01); G06F 21/53 (2013.01); G06F 21/56 (2013.01); G06F 21/62 (2013.01); G06N 20/00 (2019.01); H04L 9/40 (2022.01); H04L 51/08 (2022.01); H04L 51/212 (2022.01); H04L 51/42 (2022.01)
CPC G06F 21/62 (2013.01) [G06F 21/53 (2013.01); G06F 21/567 (2013.01); G06N 20/00 (2019.01); H04L 51/08 (2013.01); H04L 51/212 (2022.05); H04L 51/42 (2022.05); H04L 63/08 (2013.01); H04L 63/10 (2013.01); H04L 63/105 (2013.01); H04L 63/1416 (2013.01); H04L 63/1483 (2013.01); G06F 2221/034 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computing platform, comprising:
at least one hardware processor;
a communication interface; and
memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to:
receive, via the communication interface, from a first user computing device associated with an enterprise organization, a first request to open a first uniform resource locator associated with a first email message;
identify that the first uniform resource locator associated with the first email message corresponds to a first potentially-malicious site;
in response to identifying that the first uniform resource locator associated with the first email message corresponds to the first potentially-malicious site, determine, based on features of the first uniform resource locator, a risk profile for the first request to open the first uniform resource locator received from the first user computing device, wherein determining the risk profile associated with the first request to open the first uniform resource locator received from the first user computing device includes identifying a web category associated with the first uniform resource locator and identifying that a user of the first user computing device is included in a very attacked persons group associated with the enterprise organization and dynamically determined, on a periodic basis, from an enterprise organization-specific index of users and wherein determining the risk profile associated with the first request to open the first uniform resource locator received from the first user computing device further includes determining that the first uniform resource locator associated with the first email message is associated with a specific web category by matching header content of a page corresponding to a site associated with the first uniform resource locator with information defined in one or more category templates; and
based on the risk profile associated with the first request to open the first uniform resource locator received from the first user computing device, execute an isolation method to provide limited access to the first uniform resource locator associated with the first email message.