CN109561017A - A kind of counterfeit inspection processing method and processing device of mail - Google Patents
A kind of counterfeit inspection processing method and processing device of mail Download PDFInfo
- Publication number
- CN109561017A CN109561017A CN201811640982.5A CN201811640982A CN109561017A CN 109561017 A CN109561017 A CN 109561017A CN 201811640982 A CN201811640982 A CN 201811640982A CN 109561017 A CN109561017 A CN 109561017A
- Authority
- CN
- China
- Prior art keywords
- inspection
- counterfeit
- rule
- target information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/21—Monitoring or handling of messages
- H04L51/212—Monitoring or handling of messages using filtering or selective blocking
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/42—Mailbox-related aspects, e.g. synchronisation of mailboxes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
The embodiment of the invention discloses a kind of counterfeit inspection processing method and processing devices of mail, if method includes: to receive new mail, in the key message and enterprise contacts for locally obtaining mailbox;According to the key message, the enterprise contacts and check that rule carries out counterfeit inspection to the new mail;If inspection knows that the new mail is counterfeit mail, the target information of the new mail is obtained and shown.The embodiment of the present invention is by checking that rule carries out counterfeit inspection to the key message and enterprise contacts of mailbox local, realize the counterfeit inspection of enterprise's customization, and suitable inspection rule can be formulated according to reality, realization is personalized to be checked, accurately counterfeit mail reminder is obtained.
Description
Technical field
The present embodiments relate to fields of communication technology, and in particular to a kind of counterfeit inspection processing method and dress of mail
It sets.
Background technique
With the rapid development of Internet technology, assault is also frequently occurred, particularly with routine office work and life
The mailbox living for needing frequently to use, counterfeit mail emerge one after another.Counterfeiter can get the normal of target by information stealth mode
With contact information, such as mail contact address, then " customized " extremely difficult identified sender's mail address, is somebody's turn to do
The Mail Contents of counterfeit mail initiate targeted attacks, such as Modify password to user.This attack is for ordinary user's
It identifies that difficulty is high, is difficult to be found by conventional security detection system, causes huge Cyberthreat to user.
Counterfeit inspection in the prior art is all based on the detections of Mail Contents, attachment, metadata, by black and white lists,
Whether the methods of characteristic matching, behavioral value identification mail are malice, but not can determine that whether the mail attacks with specific aim
Property is hit, and personalized check can not be done according to enterprise's concrete condition using unified rule and customized, so as to cause counterfeit result
Inaccurate prompting, be easy mislead user operation.
Summary of the invention
Since existing method is there are the above problem, the embodiment of the present invention propose a kind of mail counterfeit inspection processing method and
Device.
In a first aspect, the embodiment of the present invention proposes a kind of counterfeit inspection processing method of mail, comprising:
If receiving new mail, in the key message and enterprise contacts for locally obtaining mailbox;
According to the key message, the enterprise contacts and check that rule carries out counterfeit inspection to the new mail;
If inspection knows that the new mail is counterfeit mail, the target information of the new mail is obtained and shown.
Optionally, the method also includes:
It is generated according to the target information and trusts option, receive the selection result of user's input, and tie according to the selection
Fruit updates the inspection rule;
Wherein, the selection result includes that the target information trusted or the target information are trustless.
Optionally, the method also includes:
If receiving the modification request of user, according to the modification request to the inspection rule in configurable file
It modifies.
Optionally, the inspection rule supports remote access and modification.
Second aspect, the embodiment of the present invention also propose a kind of counterfeit inspection processing unit of mail, comprising:
Data obtaining module, if for receiving new mail, in the key message and Enterprise linkage for locally obtaining mailbox
People;
Counterfeit inspection module, for regular to the new stamp according to the key message, the enterprise contacts and inspection
Part carries out counterfeit inspection;
Information display module obtains if knowing that the new mail is counterfeit mail for checking and shows the new stamp
The target information of part.
Optionally, described device further include:
Policy Updates module trusts option for generating according to the target information, receives the selection result of user's input,
And the inspection rule is updated according to the selection result;
Wherein, the selection result includes that the target information trusted or the target information are trustless.
Optionally, described device further include:
Rules modification module is requested according to the modification to configurable text if the modification for receiving user is requested
The inspection rule in part is modified.
Optionally, the inspection rule supports remote access and modification.
The third aspect, the embodiment of the present invention also propose a kind of electronic equipment, comprising:
At least one processor;And
At least one processor being connect with the processor communication, in which:
The memory is stored with the program instruction that can be executed by the processor, and the processor calls described program to refer to
Order is able to carry out the above method.
Fourth aspect, the embodiment of the present invention also propose a kind of non-transient computer readable storage medium, the non-transient meter
Calculation machine readable storage medium storing program for executing stores computer program, and the computer program makes the computer execute the above method.
As shown from the above technical solution, the embodiment of the present invention is by checking key message and enterprise of the rule to mailbox local
Contact person carries out counterfeit inspection, realizes the counterfeit inspection of enterprise's customization, and suitable inspection can be formulated according to reality
Rule is looked into, realizes personalized inspection, obtains accurate counterfeit mail reminder.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
Other attached drawings are obtained according to these figures.
Fig. 1 is a kind of flow diagram of the counterfeit inspection processing method for mail that one embodiment of the invention provides;
Fig. 2 be another embodiment of the present invention provides a kind of mail counterfeit inspection processing method flow diagram;
Fig. 3 is a kind of structural schematic diagram of the counterfeit inspection processing unit for mail that one embodiment of the invention provides;
Fig. 4 is the logic diagram for the electronic equipment that one embodiment of the invention provides.
Specific embodiment
With reference to the accompanying drawing, further description of the specific embodiments of the present invention.Following embodiment is only used for more
Technical solution of the present invention is clearly demonstrated, and not intended to limit the protection scope of the present invention.
Fig. 1 shows a kind of flow diagram of the counterfeit inspection processing method of mail provided in this embodiment, comprising:
If S101, receiving new mail, in the key message and enterprise contacts for locally obtaining mailbox.
Wherein, the new mail is that the mailbox of user has received any new mail.
The key message is the important information for each mail that mailbox is locally stored, such as mail address.
The contact information for each mail that the artificial mailbox of Enterprise linkage is locally stored, such as enterprise contacts title.
S102, counterfeit inspection is carried out to the new mail according to the key message, the enterprise contacts and inspection rule
It looks into.
Wherein, described to check rule is whether to meet the rule of counterfeit condition, the inspection rule root for detecting new mail
It is determined according to different enterprise requirements, while supporting to remotely access and modify.
If S103, inspection know that the new mail is counterfeit mail, the target information of the new mail is obtained and shown.
Specifically, as shown in Fig. 2, after starting inspection, mail and contact information are obtained, and judges the mail whether can
Believe in list, if it was not then carrying out counterfeit inspection, and triggers and check that rule is checked, such as check and find that the mail is imitative
Emit mail, then show counterfeit information, user's operation is provided, if the contact person of the users to trust mail, by the contact person and
Corresponding inspection rule is saved in trust list, can provide effective mail counterfeit inspection for enterprise's mailbox.
The present embodiment is realized by checking that rule carries out counterfeit inspection to the key message and enterprise contacts of mailbox local
The counterfeit inspection that enterprise customizes, and can be formulated according to reality it is suitable check rule, realize it is personalized check, obtain
To accurate counterfeit mail reminder.
Further, on the basis of above method embodiment, the method also includes:
S104, it is generated according to the target information and trusts option, receive the selection result of user's input, and according to the choosing
It selects result and updates the inspection rule.
Wherein, the selection result includes that the target information trusted or the target information are trustless.
The trust option provides counterfeit information and user's operation in detail, and user can choose trust or other operations.
The present embodiment can do counterfeit inspection according to Mail Contents and enterprise contacts, and inspection result provides detailed counterfeit
Prompt and subsequent operation reference, user can choose trust operation, customize inspection scheme.
Further, on the basis of above method embodiment, the method also includes:
If S105, the modification request for receiving user, are requested according to the modification to the inspection in configurable file
Rule is looked into modify.
Wherein, the inspection rule is stored in configurable file, and counterfeit check carries out according to configurable rule file
It checks, prevents counterfeit situation for enterprise, the distinctive inspection rule of the enterprise can be formulated, be stored in configurable file, it is subsequent
Counterfeit inspection is carried out by reading configurable file, the configurable file of remotely editor is also convenient for and replaces counterfeit rule, realize and check
The replacement of rule.
For example, using foreign lands mailbox, such as 163 mailboxes, the administrator of counterfeit 360.net mailbox, 163 mailboxes
The pet name is changed to " Admin ", and editor's Mail Contents are " your mailbox password is expired, clicks this link resetting password ", is sent
To the Email Accounts of 360.net, the Email Accounts of 360.net receives display area meeting that mail head issues after mail opens
There is red mark and remind " e-mail sender is doubtful to pretend to be administrator, please enhance your vigilance ", clicks red mark, will pop up
Dialog box, details are " e-mail sender's true address are as follows:<XXX@163.com>doubtful fake admin, please mention Admin
Height is vigilant ", lower section has the blue buttons of " trusting this contact person ".It clicks " trusting this contact person ", prompting frame disappears, mail hair
The place that part people shows will appear green " trust " button, clicks " trust " button, will pop up dialog box and prompt this connection
People has trusted, and there is " cancel and trusting " button in lower section, clicks " cancel and trusting " button, prevents that counterfeit prompt can be shown again.
Fig. 3 shows a kind of structural schematic diagram of the counterfeit inspection processing unit of mail provided in this embodiment, the dress
Set includes: data obtaining module 301, counterfeit inspection module 302 and information display module 303, in which:
If the data obtaining module 301 is for receiving new mail, in key message and the enterprise for locally obtaining mailbox
Industry contact person;
The counterfeit inspection module 302 is used for according to the key message, the enterprise contacts and checks rule to institute
It states new mail and carries out counterfeit inspection;
If the information display module 303 knows that the new mail is counterfeit mail for checking, obtains and show institute
State the target information of new mail.
Specifically, if the data obtaining module 301 receives new mail, locally obtain mailbox key message and
Enterprise contacts;The counterfeit inspection module 302 is according to the key message, the enterprise contacts and checks rule to described
New mail carries out counterfeit inspection;If the inspection of information display module 303 knows that the new mail is counterfeit mail, obtain simultaneously
Show the target information of the new mail.
The present embodiment is realized by checking that rule carries out counterfeit inspection to the key message and enterprise contacts of mailbox local
The counterfeit inspection that enterprise customizes, and can be formulated according to reality it is suitable check rule, realize it is personalized check, obtain
To accurate counterfeit mail reminder.
Further, on the basis of above-mentioned apparatus embodiment, described device further include:
Policy Updates module trusts option for generating according to the target information, receives the selection result of user's input,
And the inspection rule is updated according to the selection result;
Wherein, the selection result includes that the target information trusted or the target information are trustless.
Further, on the basis of above-mentioned apparatus embodiment, described device further include:
Rules modification module is requested according to the modification to configurable text if the modification for receiving user is requested
The inspection rule in part is modified.
Further, on the basis of above-mentioned apparatus embodiment, the inspection rule supports remote access and modification.
The counterfeit inspection processing unit of mail described in the present embodiment can be used for executing above method embodiment, principle
Similar with technical effect, details are not described herein again.
Referring to Fig. 4, the electronic equipment, comprising: processor (processor) 401, memory (memory) 402 and total
Line 403;
Wherein,
The processor 401 and memory 402 complete mutual communication by the bus 403;
The processor 401 is used to call the program instruction in the memory 402, to execute above-mentioned each method embodiment
Provided method.
The present embodiment discloses a kind of computer program product, and the computer program product includes being stored in non-transient calculating
Computer program on machine readable storage medium storing program for executing, the computer program include program instruction, when described program instruction is calculated
When machine executes, computer is able to carry out method provided by above-mentioned each method embodiment.
The present embodiment provides a kind of non-transient computer readable storage medium, the non-transient computer readable storage medium
Computer instruction is stored, the computer instruction makes the computer execute method provided by above-mentioned each method embodiment.
The apparatus embodiments described above are merely exemplary, wherein described, unit can as illustrated by the separation member
It is physically separated with being or may not be, component shown as a unit may or may not be physics list
Member, it can it is in one place, or may be distributed over multiple network units.It can be selected according to the actual needs
In some or all of the modules achieve the purpose of the solution of this embodiment.Those of ordinary skill in the art are not paying creativeness
Labour in the case where, it can understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can
It realizes by means of software and necessary general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on
Stating technical solution, substantially the part that contributes to existing technology can be embodied in the form of software products in other words, should
Computer software product may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, including several fingers
It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation
Method described in certain parts of example or embodiment.
It is noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although reference
Invention is explained in detail for previous embodiment, those skilled in the art should understand that: it still can be right
Technical solution documented by foregoing embodiments is modified or equivalent replacement of some of the technical features;And this
It modifies or replaces, the spirit and model of technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution
It encloses.
Claims (10)
1. a kind of counterfeit inspection processing method of mail characterized by comprising
If receiving new mail, in the key message and enterprise contacts for locally obtaining mailbox;
According to the key message, the enterprise contacts and check that rule carries out counterfeit inspection to the new mail;
If inspection knows that the new mail is counterfeit mail, the target information of the new mail is obtained and shown.
2. the method according to claim 1, wherein the method also includes:
It is generated according to the target information and trusts option, receive the selection result of user's input, and more according to the selection result
The new inspection rule;
Wherein, the selection result includes that the target information trusted or the target information are trustless.
3. the method according to claim 1, wherein the method also includes:
If receiving the modification request of user, the inspection rule in configurable file is carried out according to the modification request
Modification.
4. method according to claim 1-3, which is characterized in that the inspection rule is supported remote access and repaired
Change.
5. a kind of counterfeit inspection processing unit of mail characterized by comprising
Data obtaining module, if for receiving new mail, in the key message and enterprise contacts for locally obtaining mailbox;
Counterfeit inspection module, for according to the key message, the enterprise contacts and check rule to the new mail into
The counterfeit inspection of row;
Information display module obtains if knowing that the new mail is counterfeit mail for checking and shows the new mail
Target information.
6. device according to claim 5, which is characterized in that described device further include:
Policy Updates module trusts option for generating according to the target information, receives the selection result of user's input, and root
The inspection rule is updated according to the selection result;
Wherein, the selection result includes that the target information trusted or the target information are trustless.
7. device according to claim 5, which is characterized in that described device further include:
Rules modification module is requested according to the modification in configurable file if the modification for receiving user is requested
The inspection rule modify.
8. according to the described in any item devices of claim 5-7, which is characterized in that the inspection rule is supported remote access and repaired
Change.
9. a kind of electronic equipment characterized by comprising
At least one processor;And
At least one processor being connect with the processor communication, in which:
The memory is stored with the program instruction that can be executed by the processor, and the processor calls described program to instruct energy
Enough methods executed as described in Claims 1-4 is any.
10. a kind of non-transient computer readable storage medium, which is characterized in that the non-transient computer readable storage medium is deposited
Computer program is stored up, the computer program makes the computer execute the method as described in Claims 1-4 is any.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811640982.5A CN109561017A (en) | 2018-12-29 | 2018-12-29 | A kind of counterfeit inspection processing method and processing device of mail |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811640982.5A CN109561017A (en) | 2018-12-29 | 2018-12-29 | A kind of counterfeit inspection processing method and processing device of mail |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109561017A true CN109561017A (en) | 2019-04-02 |
Family
ID=65871980
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811640982.5A Pending CN109561017A (en) | 2018-12-29 | 2018-12-29 | A kind of counterfeit inspection processing method and processing device of mail |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109561017A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114390016A (en) * | 2022-03-24 | 2022-04-22 | 太平金融科技服务(上海)有限公司深圳分公司 | Mailbox rule management method and device, computer equipment and storage medium |
CN116436663A (en) * | 2023-04-07 | 2023-07-14 | 华能信息技术有限公司 | Mail attack detection method |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2013171473A (en) * | 2012-02-21 | 2013-09-02 | Fujitsu Ltd | Information processing method, information processing device and program |
CN105072137A (en) * | 2015-09-15 | 2015-11-18 | 蔡丝英 | Spear phishing mail detection method and device |
CN106992926A (en) * | 2017-06-13 | 2017-07-28 | 深信服科技股份有限公司 | A kind of method and system for forging mail-detection |
CN108347370A (en) * | 2017-10-19 | 2018-07-31 | 北京安天网络安全技术有限公司 | A kind of detection method and system of targeted attacks mail |
CN108462624A (en) * | 2017-02-17 | 2018-08-28 | 阿里巴巴集团控股有限公司 | A kind of recognition methods of spam, device and electronic equipment |
-
2018
- 2018-12-29 CN CN201811640982.5A patent/CN109561017A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2013171473A (en) * | 2012-02-21 | 2013-09-02 | Fujitsu Ltd | Information processing method, information processing device and program |
CN105072137A (en) * | 2015-09-15 | 2015-11-18 | 蔡丝英 | Spear phishing mail detection method and device |
CN108462624A (en) * | 2017-02-17 | 2018-08-28 | 阿里巴巴集团控股有限公司 | A kind of recognition methods of spam, device and electronic equipment |
CN106992926A (en) * | 2017-06-13 | 2017-07-28 | 深信服科技股份有限公司 | A kind of method and system for forging mail-detection |
CN108347370A (en) * | 2017-10-19 | 2018-07-31 | 北京安天网络安全技术有限公司 | A kind of detection method and system of targeted attacks mail |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114390016A (en) * | 2022-03-24 | 2022-04-22 | 太平金融科技服务(上海)有限公司深圳分公司 | Mailbox rule management method and device, computer equipment and storage medium |
CN116436663A (en) * | 2023-04-07 | 2023-07-14 | 华能信息技术有限公司 | Mail attack detection method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10375093B1 (en) | Suspicious message report processing and threat response | |
US11159545B2 (en) | Message platform for automated threat simulation, reporting, detection, and remediation | |
US9906554B2 (en) | Suspicious message processing and incident response | |
US20230344869A1 (en) | Detecting phishing attempts | |
US10581780B1 (en) | Tertiary classification of communications | |
US11245718B2 (en) | Method and system for tracking fraudulent activity | |
US10027701B1 (en) | Method and system for reducing reporting of non-malicious electronic messages in a cybersecurity system | |
US9674221B1 (en) | Collaborative phishing attack detection | |
US9774626B1 (en) | Method and system for assessing and classifying reported potentially malicious messages in a cybersecurity system | |
US8863244B2 (en) | Communication abuse prevention | |
US7831834B2 (en) | Associating a postmark with a message to indicate trust | |
US20190319905A1 (en) | Mail protection system | |
AU2016246074B2 (en) | Message report processing and threat prioritization | |
CN109561017A (en) | A kind of counterfeit inspection processing method and processing device of mail | |
US20160301701A1 (en) | System and method for authentication of electronic communications | |
Goenka et al. | A comprehensive survey of phishing: mediums, intended targets, attack and defence techniques and a novel taxonomy | |
US20220321518A1 (en) | Email Sender and Reply-To Authentication to Prevent Interception of Email Replies | |
CN107545413A (en) | Event-handling method and device | |
US20210264430A1 (en) | Message Processing Platform for Automated Phish Detection | |
KR20140099389A (en) | System for detecting and preventing a phishing message of banking and method for detecting and preventing a phishing message of banking thereof | |
TWI559237B (en) | Electronic mail control method and system | |
US20230328034A1 (en) | Algorithm to detect malicious emails impersonating brands | |
Marx | The extension and customization of maltego data mining environment into anti-phishing system | |
WO2023196376A1 (en) | Algorithm to detect malicious emails impersonating brands | |
Boers | An automation of mail channels to eliminate junk e-mail |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190402 |