CN111416801A - Mail processing method and device - Google Patents
Mail processing method and device Download PDFInfo
- Publication number
- CN111416801A CN111416801A CN202010166774.7A CN202010166774A CN111416801A CN 111416801 A CN111416801 A CN 111416801A CN 202010166774 A CN202010166774 A CN 202010166774A CN 111416801 A CN111416801 A CN 111416801A
- Authority
- CN
- China
- Prior art keywords
- tested
- phishing
- information
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/42—Mailbox-related aspects, e.g. synchronisation of mailboxes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The embodiment of the invention discloses a mail processing method and a device, wherein the method comprises the following steps: receiving a mail sending task, reading mail configuration information and a pre-established phishing mail template; constructing at least one phishing mail aiming at least one user to be tested according to the mail configuration information and the phishing mail template; updating the addressee parameter information into mail address information of any user to be tested; updating the link parameter information of the phishing page into the phishing page link information containing the identification information of the user to be tested; sending at least one phishing mail to at least one user to be tested; and acquiring the identification information of the users to be tested carried in the request for counting according to the request of triggering the phishing page link in the phishing mail by any one or more users to be tested. By the aid of the mail sending task and the phishing mail template, the phishing mails for the users to be tested are automatically constructed, and workload of manually constructing the phishing mails is reduced.
Description
Technical Field
The embodiment of the invention relates to the technical field of mails, in particular to a mail processing method and a mail processing device.
Background
With the continuous development of the times, the internet becomes an indispensable part of daily life, and the network security is more and more emphasized. Especially in internet enterprises, the safety consciousness of various workers and research and development personnel is concerned with the internet safety of the enterprises, the knowledge safety, the property safety and the like of the enterprises. Common means in APT (Advanced Persistent thread) attacks include, for example, phishing mails, puddle attacks, and the like. The phishing mail is to utilize a disguised e-mail to deceive a receiver and steal information such as an account number, a password and the like of the receiver. The water pit attack is that a 'water pit (trap)' is arranged on a necessary path of a victim. If the online activity rule of the attack target is analyzed, the weak point of the website frequently visited by the attack target is searched, the website is firstly broken and the attack code is implanted, and once the attack target visits the website, the attack target wins the website.
When enterprise personnel suffer from the APT attack, if the APT attack cannot be prevented in time, adverse effects can be caused to the enterprise, and even enterprise loss can be caused. Therefore, it is imperative to develop safety awareness for business personnel.
Disclosure of Invention
In view of the above problems, embodiments of the present invention are proposed to provide a mail processing method and apparatus that overcome or at least partially solve the above problems.
According to an aspect of an embodiment of the present invention, there is provided a mail processing method including:
receiving a mail sending task, reading mail configuration information and a pre-established phishing mail template; the phishing mail template comprises link parameter information and message receiving number information of a phishing page;
constructing at least one phishing mail aiming at least one user to be tested according to the mail configuration information and the phishing mail template; updating addressee parameter information into mail address information of any user to be tested aiming at the user to be tested; updating the link parameter information of the phishing page into the phishing page link information containing the identification information of the user to be tested;
sending at least one phishing mail to at least one user to be tested;
and acquiring the identification information of the users to be tested carried in the request for counting according to the request of triggering the phishing page link in the phishing mail by any one or more users to be tested.
Optionally, before receiving the mail sending task, reading the mail configuration information and the pre-created phishing mail template, the method further comprises:
generating at least one piece of user information to be tested; the information of the user to be tested comprises mail address information, identification information and/or group information.
Optionally, before receiving the mail sending task, reading the mail configuration information and the pre-created phishing mail template, the method further comprises:
and selecting at least one user to be tested and/or at least one group of users to be tested, and using the selected information of the users to be tested as mail configuration information of a mail sending task.
Optionally, the mail configuration information further includes link information specifying a phishing page;
constructing at least one phishing mail for at least one user to be tested according to the mail configuration information and the phishing mail template further comprises:
constructing at least one phishing mail aiming at least one user to be tested in batch according to the information of the user to be tested in the mail configuration information; updating the addressee parameter information into mail address information of any user to be tested; and updating the link parameter information of the phishing page by taking the identification information of the user to be tested as the transmission parameter of the link information of the specified phishing page.
Optionally, the mail configuration information further includes a plurality of mail server information;
sending the at least one phishing mail to the at least one user to be tested further comprises:
and sending by utilizing a plurality of mail servers in turn so as to respectively send a plurality of phishing mails to corresponding users to be tested.
Optionally, the obtaining, according to a request that any one or more users to be tested trigger a phishing page link in a phishing mail, the to-be-tested user identification information carried in the request for statistics further includes:
according to a request that any one or more users to be tested trigger a phishing page link in a phishing mail, analyzing a transmission parameter carried in the request to obtain identification information of the users to be tested who click the phishing page;
and counting the click quantity, the click time and/or the information of the user to be tested clicking the phishing page according to the identification information of the user to be tested.
Optionally, the obtaining, according to a request that any one or more users to be tested trigger a phishing page link in a phishing mail, the to-be-tested user identification information carried in the request for statistics further includes:
monitoring and counting to obtain the input information of any one or more users to be tested on the phishing page.
Optionally, the phishing mail template further comprises address information of the specified picture;
the method further comprises the following steps:
and monitoring and counting the loading times of the specified pictures to be used as the total opening times of the phishing mails.
Optionally, the method further comprises:
displaying a fishing data statistical result in a statistical page; the fishing data statistical result comprises the number of users to be tested, the number of mail sending tasks, the number of successful sending of the mail sending tasks, the number of failed sending of the mail sending tasks, the click quantity of the fishing page, the click growth trend, the click time of the fishing page, the information of the users to be tested clicking the fishing page, the input information of the users to be tested on the fishing page and/or the total opening times of the fishing mail.
According to another aspect of the embodiments of the present invention, there is provided a mail processing apparatus including:
the reading module is suitable for receiving a mail sending task, reading mail configuration information and a pre-established phishing mail template; the phishing mail template comprises link parameter information and message receiving number information of a phishing page;
the construction module is suitable for constructing at least one phishing mail aiming at least one user to be tested according to the mail configuration information and the phishing mail template; updating addressee parameter information into mail address information of any user to be tested aiming at the user to be tested; updating the link parameter information of the phishing page into the phishing page link information containing the identification information of the user to be tested;
the sending module is suitable for sending the at least one phishing mail to at least one user to be tested;
the first statistical module is suitable for acquiring the identification information of the users to be tested carried in the request to perform statistics according to the request that any one or more users to be tested trigger the phishing page link in the phishing mail.
Optionally, the apparatus further comprises:
the user information module is suitable for generating at least one piece of user information to be tested; the information of the user to be tested comprises mail address information, identification information and/or group information.
Optionally, the apparatus further comprises:
the configuration module is suitable for selecting at least one user to be tested and/or at least one group of users to be tested and using the selected information of the users to be tested as the mail configuration information of the mail sending task.
Optionally, the mail configuration information further includes link information specifying a phishing page;
the construction module is further adapted to:
constructing at least one phishing mail aiming at least one user to be tested in batch according to the information of the user to be tested in the mail configuration information; updating the addressee parameter information into mail address information of any user to be tested; and updating the link parameter information of the phishing page by taking the identification information of the user to be tested as the transmission parameter of the link information of the specified phishing page.
Optionally, the mail configuration information further includes a plurality of mail server information;
the sending module is further adapted to:
and sending by utilizing a plurality of mail servers in turn so as to respectively send a plurality of phishing mails to corresponding users to be tested.
Optionally, the first statistics module is further adapted to:
according to a request that any one or more users to be tested trigger a phishing page link in a phishing mail, analyzing a transmission parameter carried in the request to obtain identification information of the users to be tested who click the phishing page;
and counting the click quantity, the click time and/or the information of the user to be tested clicking the phishing page according to the identification information of the user to be tested.
Optionally, the first statistics module is further adapted to:
monitoring and counting to obtain the input information of any one or more users to be tested on the phishing page.
Optionally, the phishing mail template further comprises address information of the specified picture;
the device still includes:
and the second statistical module is suitable for monitoring and counting the loading times of the obtained appointed pictures as the total opening times of the phishing mails.
Optionally, the apparatus further comprises:
the display module is suitable for displaying the fishing data statistical result in the statistical page; the fishing data statistical result comprises the number of users to be tested, the number of mail sending tasks, the number of successful sending of the mail sending tasks, the number of failed sending of the mail sending tasks, the click quantity of the fishing page, the click growth trend, the click time of the fishing page, the information of the users to be tested clicking the fishing page, the input information of the users to be tested on the fishing page and/or the total opening times of the fishing mail.
According to still another aspect of an embodiment of the present invention, there is provided a computing device including: the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation corresponding to the mail processing method.
According to another aspect of the embodiments of the present invention, there is provided a computer storage medium, in which at least one executable instruction is stored, and the executable instruction causes a processor to execute operations corresponding to the above-mentioned mail processing method.
According to the mail processing method and the device provided by the embodiment of the invention, a mail sending task is received, and mail configuration information and a pre-established phishing mail template are read; the phishing mail template comprises link parameter information and message receiving number information of a phishing page; constructing at least one phishing mail aiming at least one user to be tested according to the mail configuration information and the phishing mail template; updating addressee parameter information into mail address information of any user to be tested aiming at the user to be tested; updating the link parameter information of the phishing page into the phishing page link information containing the identification information of the user to be tested; sending at least one phishing mail to at least one user to be tested; and acquiring the identification information of the users to be tested carried in the request for counting according to the request of triggering the phishing page link in the phishing mail by any one or more users to be tested. By the aid of the mail sending task and the fishing mail template, the fishing mails for the users to be tested are automatically constructed, workload of manually constructing the fishing mails is reduced, repeated construction is facilitated, and time and labor cost are saved. Furthermore, the link information of the phishing page of the phishing mail contains identification information of the user to be tested, so that the user to be tested who clicks the phishing page can be directly determined conveniently according to the triggered request of the phishing page link, and the safety consciousness of the user to be tested can be more accurately grasped.
The foregoing description is only an overview of the technical solutions of the embodiments of the present invention, and the embodiments of the present invention can be implemented according to the content of the description in order to make the technical means of the embodiments of the present invention more clearly understood, and the detailed description of the embodiments of the present invention is provided below in order to make the foregoing and other objects, features, and advantages of the embodiments of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the embodiments of the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 shows a flow diagram of a mail processing method according to one embodiment of the invention;
FIG. 2 is a flow diagram illustrating a mail processing method according to another embodiment of the present invention;
FIGS. 3a and 3b are schematic diagrams illustrating the statistical page display effect according to an embodiment of the present invention;
FIG. 4 is a block diagram showing the construction of a mail processing apparatus according to an embodiment of the present invention;
FIG. 5 illustrates a schematic structural diagram of a computing device, according to an embodiment of the invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Based on the rapid development of the internet, network security awareness is becoming more important. Especially in internet enterprises, the safety awareness of various workers and research and development personnel also concerns the normal operation of the enterprises and the like. Although the phishing mails can be sent for testing in a manual mode or scripts can be written manually for testing, the above testing modes all need to be operated manually for one user to be tested, the operation process is complicated, batch processing is not supported, and the specific clicking operation of the user to be tested cannot be accurately positioned. Based on the above problems, embodiments of the present invention provide a mail processing method to solve the above problems.
Fig. 1 shows a flow diagram of a mail processing method according to an embodiment of the invention, as shown in fig. 1, the method comprises the following steps:
step S101, receiving a mail sending task, reading mail configuration information and a pre-created phishing mail template.
The phishing mail in the present embodiment can be constructed by a pre-created phishing mail template. The fishing mail template comprises link parameter information and message receiving number information of a fishing page. The link parameter information and the addressee parameter information of the phishing page are variable parameter information. The phishing template can be written in html code, as follows:
< p > respected% < p > - - -% s is the number of the received ginseng
< p > please click < a href [% s "] here </a > completion test </p- - - -% s is the link parameter information of the phishing page
The link parameter information and the addressee parameter information of the phishing page can be updated and replaced according to specific user information to be tested when a specific phishing mail is constructed.
In order to facilitate that the phishing mails can be sent to different users to be tested in batches at one time, the embodiment adopts a mode of establishing a mail sending task, and realizes batch sending of the phishing mails by executing the mail sending task.
Specifically, in order to conveniently manage the users to be tested, corresponding user information to be tested is generated for the users to be tested. If a user management page to be tested is created, the information of the mail address information, the identification information, the name and the like of the user to be tested is input into the page. The mail address information is specifically a mailbox of a user to be tested, the identification information can be an ID of the user to be tested, and the identification information uniquely identifies one user to be tested. In addition, the information of the users to be tested also comprises group information, the users to be tested can be grouped according to different categories such as departments where the users to be tested are located and projects where the users to be tested are located, and the users to be tested belonging to the same group are classified into the same group. The group can be managed by adding, modifying, deleting and the like.
After generating the information of the user to be tested, a specific mail sending task is created, and corresponding mail configuration information is configured for the user to be tested, for example, the mail sending task is established in a page, file or other ways. For ease of understanding, the description is made herein by way of example in a page format. When the mail sending task is created, the name of the mail sending task can be set, and the mail sending task can be confirmed conveniently according to the name. The created mail sending task aims at specific users to be tested, here, any one or more users to be tested can be selected from the users to be tested, and the selected information of the users to be tested is used as the testing users in the mail configuration information of the mail sending task; and selecting at least one group of users to be tested from the users to be tested according to the group, and using the information of the users to be tested of all the users to be tested contained in the selected group as the testing user in the mail configuration information of the mail sending task.
When a mail sending task is created, a plurality of mail sending tasks can be created, different mail sending tasks can select different users to be tested to send phishing mails for testing, the same users to be tested can also select the same users to be tested to carry out testing for multiple times, the mail sending tasks can be managed in a task list page and other modes, different mail sending tasks are checked, task states of the mail sending tasks are recorded (if the mail sending tasks are sent), the created mail sending tasks are modified, deleted and other processing, the mail sending tasks are triggered to be executed, and the like, and the method is not limited here. After the mail sending task is created, the mail sending task can be executed at regular time, and the execution of the mail sending task can also be triggered in real time. When the mail sending task is executed, an asynchronous execution mode can be adopted, and the response of the task list page to the execution of the mail sending task is not influenced.
When the mail sending task is executed, the corresponding mail configuration information is read and obtained according to the received mail sending task, and meanwhile, a pre-created phishing mail template is obtained.
And step S102, constructing at least one phishing mail aiming at least one user to be tested according to the mail configuration information and the phishing mail template.
And constructing at least one phishing mail aiming at least one user to be tested according to the user information to be tested included in the mail configuration information. Specifically, the phishing mail template including the link parameter information and the addressee parameter information of the phishing page is updated and replaced. And updating the addressee parameter information in the phishing mail template into mail address information of any user to be tested, and updating the link parameter information of the phishing page in the phishing mail template into the phishing page link information containing the identification information of the user to be tested. The display effect of the fishing mail constructed after the update is as follows:
respected XXX: -XXX is the mail address information of the user to be tested
Please click onHere, theTest is completed- -here, clickable link, link pointing to phishing page, click here to jump to phishing page.
And if the mail configuration information comprises a plurality of pieces of information of the users to be tested, carrying out batch processing, and executing the operation aiming at each user to be tested to finish the construction of the phishing mails of the users to be tested.
Further, the use of a fixed phishing page for testing is not beneficial to improving the safety awareness of the user to be tested, and the user to be tested can be vigilant to the phishing page in one click, but does not indicate that the user can be vigilant to other phishing pages. Therefore, the present embodiment can also specify link information of a different phishing page each time when creating a mail sending task. When the phishing mail is constructed, the identification information of the user to be tested is used as the transmission parameter information of the link information of the specified phishing page to update the link parameter information of the phishing page. And if the link information of the specified phishing page is XXX, taking the identification information such as id of the user to be tested as the transmission parameter, and obtaining the link parameter information of the phishing page as XXX + id. And updating the link parameter information of the phishing page in the phishing mail template, clicking the 'here' by the user to be tested, jumping to the specified phishing page, and simultaneously carrying identification information such as id of the user to be tested in the request triggered by the specified phishing page.
Furthermore, the number of the phishing mail templates can be multiple, different display effects can be adopted in different phishing mail templates, the phishing mail templates need to contain the link parameter information and the number information of the received message of the replaceable phishing page, and updating and replacement can be conveniently carried out according to specific information of a user to be tested when a specific phishing mail is constructed. The mail sending task can select different fishing mail templates during creation, and corresponding fishing mails are constructed according to the selected fishing mail templates.
After the content part of the phishing mail is constructed according to the mail configuration information and the phishing mail template, the mail header information is required to be constructed. When creating a mail sending task, the relevant mail server is also configured. And constructing a mail header according to the mail server information in the mail configuration information and the mail address information of the user to be tested to obtain a complete phishing mail.
And step S103, sending the at least one phishing mail to at least one user to be tested.
And after the phishing mails are constructed, sending the corresponding phishing mails to the corresponding users to be tested according to the mail addresses of the users to be tested.
Further, in order to avoid the possibility that the user to be tested sets to prohibit receiving a plurality of phishing mails sent by using the same mail server, when a mail sending task is created, a plurality of pieces of mail server information can be configured for the mail sending task at one time, namely the mail configuration information comprises a plurality of pieces of mail server information. When at least one phishing mail is sent to at least one user to be tested, a plurality of phishing mails can be sent to corresponding users to be tested respectively by utilizing a mode of sending the phishing mails by turns by a plurality of mail servers. And a plurality of mail servers send in turn, so that the risk of forbidding the mail servers is reduced.
And step S104, acquiring the identification information of the users to be tested carried in the request for counting according to the request that any one or more users to be tested trigger the phishing page link in the phishing mail.
After the phishing mails are sent to the users to be tested, the identification information of the users to be tested carried in the request can be obtained for statistics according to the request that any one or more users to be tested trigger the phishing page link in the phishing mails. If the user to be tested opens the phishing mail and clicks 'here' to jump to the phishing page, the transmission parameters carried in the request can be analyzed according to the request that any one or more users to be tested trigger the phishing page link in the phishing mail, and the identification information of the user to be tested who clicks the phishing page is obtained. Counting clicked users to be tested according to the identification information of the users to be tested, wherein the clicked amount of the fishing page, namely the total number of the users to be tested clicking the fishing page, is obtained through counting; and obtaining the information of the user to be tested, such as a name and the like, of the clicked phishing page according to the identification information of the user to be tested. According to the click of the user to be tested, the information such as the client equipment information and the IP address used by the user to be tested can be determined, and the information such as the click time of each user to be tested for clicking the phishing page can be counted and recorded. Furthermore, the click growth trend within a certain time can be counted according to the click time, the click amount and the like, for example, the click amount is increased by 7 times within 30 days.
The method can be built on a cloud server platform, if the user information to be tested is generated, a mail sending task is built, a fishing page and the like can be built on the cloud server platform, a fishing mail template can also be stored on the cloud server platform, a background of the cloud server platform can conveniently construct fishing mails according to the mail sending task and the fishing mail template, the fishing mails can be analyzed according to requests of the user to be tested for triggering the fishing page link in the fishing mails, the identification information of the user to be tested is obtained, and statistics is carried out on the user to be tested. Further, the embodiment can be operated by a user with the cloud server platform operation authority. If the user with the cloud server platform operation authority aims at the staff (the user to be tested) of the enterprise, a mail sending task is created, and the execution of the mail sending task is triggered. After the cloud server platform receives the mail sending task, the cloud server platform constructs and sends fishing mails in batches according to the mail sending task and the fishing mail module to perform security test on each employee of the enterprise, so that the security awareness of the enterprise employees is improved. The user with the cloud server platform operation authority is specifically a security manager of an enterprise, and here, management and maintenance can be performed on the security manager of the enterprise. For example, the management of security management personnel of an enterprise, the user information management and login record management of security management personnel are created, and the operation of non-security management personnel of the enterprise is avoided.
According to the mail processing method provided by the embodiment of the invention, a mail sending task is received, and mail configuration information and a pre-established phishing mail template are read; the phishing mail template comprises link parameter information and message receiving number information of a phishing page; constructing at least one phishing mail aiming at least one user to be tested according to the mail configuration information and the phishing mail template; updating addressee parameter information into mail address information of any user to be tested aiming at the user to be tested; updating the link parameter information of the phishing page into the phishing page link information containing the identification information of the user to be tested; sending at least one phishing mail to at least one user to be tested; and acquiring the identification information of the users to be tested carried in the request for counting according to the request of triggering the phishing page link in the phishing mail by any one or more users to be tested. By the aid of the mail sending task and the fishing mail template, the fishing mails for the users to be tested are automatically constructed, workload of manually constructing the fishing mails is reduced, repeated construction is facilitated, and time and labor cost are saved. Furthermore, the link information of the phishing page of the phishing mail contains identification information of the user to be tested, so that the user to be tested who clicks the phishing page can be directly determined conveniently according to the triggered request of the phishing page link, and the safety consciousness of the user to be tested can be more accurately grasped.
Fig. 2 shows a flow chart of a mail processing method according to another embodiment of the invention, as shown in fig. 2, the method comprises the following steps:
step S201, receiving a mail sending task, reading mail configuration information and a pre-created phishing mail template.
Step S202, at least one phishing mail aiming at least one user to be tested is constructed according to the mail configuration information and the phishing mail template.
Step S203, at least one phishing mail is sent to at least one user to be tested.
The above description referring to steps S101-S103 of the embodiment of fig. 1 is not repeated herein.
And step S204, monitoring and counting the loading times of the specified pictures as the total opening times of the phishing mails.
The phishing mail template also comprises address information of the specified pictures, preferably, the specified pictures are blank pictures, and the loading of the blank pictures does not influence the display effect of the phishing mails. The phishing mail template is as follows:
< p > respected% < p > - - -% s is the number of the received ginseng
< p > please click < a href [% s "] here </a > completion test </p- - - -% s is the link parameter information of the phishing page
< p > < img src >.
And after the phishing mail is constructed and sent to the user to be tested, when the user to be tested opens the phishing mail, the specified picture is loaded according to the address information of the specified picture. By monitoring the loading times of the appointed pictures, the total opening times of the phishing mails of the user to be tested can be obtained and used as the total opening times of the phishing mails.
Here, it is necessary to distinguish between a user to be tested who opens a phishing mail and a user to be tested who clicks a phishing page. And after the user to be tested receives the phishing mail, the user can determine to open the phishing mail according to the loading of the specified picture. And when a request of the phishing page link is received, the user to be tested can be determined to be the user to be tested who clicks the phishing page.
Step S205, according to the request that any one or more users to be tested trigger the phishing page link in the phishing mail, the identification information of the users to be tested carried in the request is obtained for statistics.
According to the method, the phishing page link in the phishing mail is triggered by any one or more users to be tested, the fact that the phishing page is clicked and opened by the users to be tested can be confirmed, the fact that the security consciousness of the users to be tested is poor can be confirmed, and the users to be tested can directly click and open the phishing page.
Furthermore, if inductive information exists in the phishing webpage, when the user to be tested is induced to input information such as a user name, a password and the like, the input information of any one or more users to be tested on the phishing webpage can be obtained through monitoring the request submitted by the phishing webpage. The safety consciousness of the user to be tested who inputs information on the fishing page is poor, and the input information of the user to be tested on the fishing page is counted, so that safety consciousness training and the like are conducted on the user to be tested, and the safety consciousness of the user to be tested is improved.
And step S206, displaying the fishing data statistical result in the statistical page.
And monitoring phishing mails, phishing pages and the like to obtain related phishing data statistical results. The fishing data statistical result comprises the number of users to be tested, namely the total number of users needing to be tested, and the number of the users to be tested can be obtained through the management of the users to be tested; the number of the mail sending tasks, the number of successful sending of the mail sending tasks and the number of failed sending of the mail sending tasks are obtained according to the success and failure states of the mail sending tasks, and the number of successful sending of the mail sending tasks and the number of failed sending of the mail sending tasks can be obtained, so that the current sending condition of the phishing mails of the user to be tested can be conveniently known; the total opening times of the phishing mails are the times of opening the phishing mails of the user to be tested after the phishing mails are sent; the click rate of the phishing page is the total times of clicking the phishing page link in the phishing mail by the user to be tested; the click time of the phishing page is determined according to the time of the user to be tested clicking the phishing page link in the phishing mail, and can be recorded with the information of the user to be tested clicking the phishing page at the same time, such as recording the name, the client equipment information, the IP address, the click time and the like of the user to be tested clicking the phishing page; the click growth trend can be counted according to the click time and the click amount of the phishing page, and the click growth trend within a certain time is determined, for example, the click amount is increased by 7 times within 30 days; the input information of the user to be tested on the phishing page can monitor the submission request of the phishing page, and the input information of the user to be tested is obtained.
When the statistical page shows the statistical result of the fishing data, as shown in fig. 3a and 3b, the safety awareness of the user to be tested can be conveniently and clearly known. Fig. 3a shows the number of users to be tested, the number of mail sending tasks, the number of successful sending of mail sending tasks, the number of failed sending of mail sending tasks, the click rate of phishing pages, the click growth trend and the like, and fig. 3b shows the information of users to be tested, the click time and the like of clicking phishing pages. The above is an example, and the specific display mode may be set according to an actual implementation situation, and is not limited herein.
According to the mail processing method provided by the embodiment of the invention, the phishing mails aiming at the user to be tested are automatically constructed through the mail sending task and the phishing mail template, so that the workload of manually constructing the phishing mails is reduced. By monitoring the loading times of the specified pictures in the phishing mails and monitoring the phishing page link requests and the submission requests in the phishing pages, the statistical results of the phishing data can be obtained. The fishing data statistical result is displayed in the statistical page, so that the safety consciousness condition of the user to be tested can be visually known, the safety consciousness training of the user to be tested is conveniently performed on the user to be tested, and the safety consciousness of the user to be tested is improved.
Fig. 4 shows a block diagram of a mail processing apparatus according to an embodiment of the present invention, and as shown in fig. 4, the mail processing apparatus includes the following modules:
the reading module 410 is adapted to: receiving a mail sending task, reading mail configuration information and a pre-established phishing mail template; the phishing mail template comprises link parameter information and message receiving number information of a phishing page;
the construction module 420 is adapted to: constructing at least one phishing mail aiming at least one user to be tested according to the mail configuration information and the phishing mail template; updating addressee parameter information into mail address information of any user to be tested aiming at the user to be tested; updating the link parameter information of the phishing page into the phishing page link information containing the identification information of the user to be tested;
the sending module 430 is adapted to: sending at least one phishing mail to at least one user to be tested;
the first statistics module 440 is adapted to: and acquiring the identification information of the users to be tested carried in the request for counting according to the request of triggering the phishing page link in the phishing mail by any one or more users to be tested.
Optionally, the apparatus further comprises: the user information module 450 is adapted to: generating at least one piece of user information to be tested; the information of the user to be tested comprises mail address information, identification information and/or group information.
Optionally, the apparatus further comprises: the configuration module 460 is adapted to: and selecting at least one user to be tested and/or at least one group of users to be tested, and using the selected information of the users to be tested as mail configuration information of a mail sending task.
Optionally, the mail configuration information further includes link information specifying a phishing page;
the construction module 420 is further adapted to: constructing at least one phishing mail aiming at least one user to be tested in batch according to the information of the user to be tested in the mail configuration information; updating the addressee parameter information into mail address information of any user to be tested; and updating the link parameter information of the phishing page by taking the identification information of the user to be tested as the transmission parameter of the link information of the specified phishing page.
Optionally, the mail configuration information further includes a plurality of mail server information;
the sending module 430 is further adapted to: and sending by utilizing a plurality of mail servers in turn so as to respectively send a plurality of phishing mails to corresponding users to be tested.
Optionally, the first statistics module 440 is further adapted to: according to a request that any one or more users to be tested trigger a phishing page link in a phishing mail, analyzing a transmission parameter carried in the request to obtain identification information of the users to be tested who click the phishing page; and counting the click quantity, the click time and/or the information of the user to be tested clicking the phishing page according to the identification information of the user to be tested.
Optionally, the first statistics module 440 is further adapted to: monitoring and counting to obtain the input information of any one or more users to be tested on the phishing page.
Optionally, the phishing mail template further comprises address information of the specified picture;
the device still includes: the second statistics module 470 is adapted to: and monitoring and counting the loading times of the specified pictures to be used as the total opening times of the phishing mails.
Optionally, the apparatus further comprises: the display module 480 is adapted to: displaying a fishing data statistical result in a statistical page; the fishing data statistical result comprises the number of users to be tested, the number of mail sending tasks, the number of successful sending of the mail sending tasks, the number of failed sending of the mail sending tasks, the click quantity of the fishing page, the click growth trend, the click time of the fishing page, the information of the users to be tested clicking the fishing page, the input information of the users to be tested on the fishing page and/or the total opening times of the fishing mail.
The descriptions of the modules refer to the corresponding descriptions in the method embodiments, and are not repeated herein.
According to the mail processing device provided by the embodiment of the invention, a mail sending task is received, and mail configuration information and a pre-established phishing mail template are read; the phishing mail template comprises link parameter information and message receiving number information of a phishing page; constructing at least one phishing mail aiming at least one user to be tested according to the mail configuration information and the phishing mail template; updating addressee parameter information into mail address information of any user to be tested aiming at the user to be tested; updating the link parameter information of the phishing page into the phishing page link information containing the identification information of the user to be tested; sending at least one phishing mail to at least one user to be tested; and acquiring the identification information of the users to be tested carried in the request for counting according to the request of triggering the phishing page link in the phishing mail by any one or more users to be tested. By the aid of the mail sending task and the fishing mail template, the fishing mails for the users to be tested are automatically constructed, workload of manually constructing the fishing mails is reduced, repeated construction is facilitated, and time and labor cost are saved. Furthermore, the link information of the phishing page of the phishing mail contains identification information of the user to be tested, so that the user to be tested who clicks the phishing page can be directly determined conveniently according to the triggered request of the phishing page link, and the safety consciousness of the user to be tested can be more accurately grasped.
The embodiment of the invention also provides a nonvolatile computer storage medium, wherein the computer storage medium stores at least one executable instruction, and the executable instruction can execute the mail processing method in any method embodiment.
Fig. 5 is a schematic structural diagram of a computing device according to an embodiment of the present invention, and a specific embodiment of the present invention does not limit a specific implementation of the computing device.
As shown in fig. 5, the computing device may include: a processor (processor)502, a Communications Interface 504, a memory 506, and a communication bus 508.
Wherein:
the processor 502, communication interface 504, and memory 506 communicate with one another via a communication bus 508.
A communication interface 504 for communicating with network elements of other devices, such as clients or other servers.
The processor 502 is configured to execute the program 510, and may specifically execute relevant steps in the above-described mail processing method embodiment.
In particular, program 510 may include program code that includes computer operating instructions.
The processor 502 may be a central processing unit CPU, or an application specific Integrated circuit asic, or one or more Integrated circuits configured to implement embodiments of the present invention. The computing device includes one or more processors, which may be the same type of processor, such as one or more CPUs; or may be different types of processors such as one or more CPUs and one or more ASICs.
And a memory 506 for storing a program 510. The memory 506 may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The program 510 may specifically be configured to cause the processor 502 to execute the mail processing method in any of the above-described method embodiments. For specific implementation of each step in the program 510, reference may be made to corresponding steps and corresponding descriptions in units in the foregoing mail processing embodiments, which are not described herein again. It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described devices and modules may refer to the corresponding process descriptions in the foregoing method embodiments, and are not described herein again.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. In addition, embodiments of the present invention are not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of embodiments of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best modes of embodiments of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the embodiments of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that is, the claimed embodiments of the invention require more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of an embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of and form different embodiments of the invention. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functionality of some or all of the components in accordance with embodiments of the present invention. Embodiments of the invention may also be implemented as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing embodiments of the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the embodiments of the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. Embodiments of the invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
Claims (10)
1. A mail processing method, comprising:
receiving a mail sending task, reading mail configuration information and a pre-established phishing mail template; the phishing mail template comprises link parameter information and addressee number information of a phishing page;
constructing at least one phishing mail aiming at least one user to be tested according to the mail configuration information and the phishing mail template; updating the addressee parameter information into mail address information of any user to be tested; updating the link parameter information of the phishing page into the phishing page link information containing the identification information of the user to be tested;
sending at least one phishing mail to at least one user to be tested;
and acquiring the identification information of the users to be tested carried in the request for counting according to the request of triggering the phishing page link in the phishing mail by any one or more users to be tested.
2. The method of claim 1, wherein prior to the receiving a mail sending task, reading mail configuration information and a pre-created phishing mail template, the method further comprises:
generating at least one piece of user information to be tested; the information of the user to be tested comprises mail address information, identification information and/or group information.
3. The method of claim 2, wherein prior to the receiving a mail sending task, reading mail configuration information and a pre-created phishing mail template, the method further comprises:
and selecting at least one user to be tested and/or at least one group of users to be tested, and using the selected information of the users to be tested as mail configuration information of a mail sending task.
4. The method according to claim 3, wherein the mail configuration information further includes link information specifying a phishing page;
the constructing at least one phishing mail for at least one user to be tested according to the mail configuration information and the phishing mail template further comprises the following steps:
constructing at least one phishing mail aiming at least one user to be tested in batches according to the information of the user to be tested in the mail configuration information; aiming at any user to be tested, updating the addressee parameter information into mail address information of the user to be tested; and updating the link parameter information of the phishing page by taking the identification information of the user to be tested as the transmission parameter of the link information of the appointed phishing page.
5. The method of claim 3, wherein the mail configuration information further includes a plurality of mail server information;
the sending of the at least one phishing mail to the at least one user to be tested further comprises:
and sending by utilizing a plurality of mail servers in turn so as to respectively send a plurality of phishing mails to corresponding users to be tested.
6. The method according to any one of claims 1-5, wherein the obtaining the identification information of the users to be tested carried in the request for counting according to the request of any one or more users to be tested for triggering the phishing page link in the phishing mail further comprises:
analyzing the transmission parameters carried in the request according to the request that any one or more users to be tested trigger the phishing page link in the phishing mail to obtain the identification information of the users to be tested who click the phishing page;
and counting the click quantity, the click time and/or the information of the user to be tested clicking the phishing page according to the identification information of the user to be tested.
7. The method of claim 6, wherein the obtaining the identification information of the users to be tested carried in the request for counting according to the request of any one or more users to be tested triggering the phishing page link in the phishing mail further comprises:
and monitoring and counting to obtain the input information of any one or more users to be tested on the phishing page.
8. A mail processing apparatus, comprising:
the reading module is suitable for receiving a mail sending task, reading mail configuration information and a pre-established phishing mail template; the phishing mail template comprises link parameter information and addressee number information of a phishing page;
the construction module is suitable for constructing at least one phishing mail aiming at least one user to be tested according to the mail configuration information and the phishing mail template; updating the addressee parameter information into mail address information of any user to be tested; updating the link parameter information of the phishing page into the phishing page link information containing the identification information of the user to be tested;
the sending module is suitable for sending the at least one phishing mail to at least one user to be tested;
and the first statistical module is suitable for acquiring the identification information of the users to be tested carried in the request for statistics according to the request that any one or more users to be tested trigger the phishing page link in the phishing mail.
9. A computing device, comprising: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction which causes the processor to execute the operation corresponding to the mail processing method of any one of claims 1-7.
10. A computer storage medium having stored therein at least one executable instruction for causing a processor to perform operations corresponding to the mail processing method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010166774.7A CN111416801A (en) | 2020-03-11 | 2020-03-11 | Mail processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010166774.7A CN111416801A (en) | 2020-03-11 | 2020-03-11 | Mail processing method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111416801A true CN111416801A (en) | 2020-07-14 |
Family
ID=71492882
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010166774.7A Pending CN111416801A (en) | 2020-03-11 | 2020-03-11 | Mail processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111416801A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113806740A (en) * | 2021-09-30 | 2021-12-17 | 上海易念信息科技有限公司 | Fishing simulation test method and system and electronic equipment |
| CN114050909A (en) * | 2021-08-30 | 2022-02-15 | 国网思极网安科技(北京)有限公司 | Method and system for drilling simulated mails and electronic equipment |
| CN114499932A (en) * | 2021-12-16 | 2022-05-13 | 山东星维九州安全技术有限公司 | Phishing mail test service supporting method, system and terminal |
| CN116545674A (en) * | 2023-04-27 | 2023-08-04 | 中国人民财产保险股份有限公司 | Email phishing exercise method, system, equipment and medium free of privacy information collection |
| CN116781388A (en) * | 2023-07-17 | 2023-09-19 | 北京中睿天下信息技术有限公司 | Mail phishing-based separation deployment method and device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150294349A1 (en) * | 2014-04-09 | 2015-10-15 | Sailthru, Inc. | Behavioral tracking system and method in support of high-engagement communications |
| CN106033390A (en) * | 2015-03-12 | 2016-10-19 | 阿里巴巴集团控股有限公司 | Mail style testing method and apparatus |
| CN109067637A (en) * | 2018-06-15 | 2018-12-21 | 北京首联信通科技有限公司 | Network information security Consciousness Education method and device, storage medium |
| US20190005428A1 (en) * | 2017-06-20 | 2019-01-03 | KnowBe4, Inc. | Systems and methods for creating and commissioning a security awareness program |
| CN109245988A (en) * | 2018-06-05 | 2019-01-18 | 平安科技(深圳)有限公司 | Monitor mail automatic sending method, system, computer equipment and storage medium |
| CN110855675A (en) * | 2019-11-15 | 2020-02-28 | 恒安嘉新(北京)科技股份公司 | Mail safety consciousness testing method, device, equipment and storage medium |
-
2020
- 2020-03-11 CN CN202010166774.7A patent/CN111416801A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150294349A1 (en) * | 2014-04-09 | 2015-10-15 | Sailthru, Inc. | Behavioral tracking system and method in support of high-engagement communications |
| CN106033390A (en) * | 2015-03-12 | 2016-10-19 | 阿里巴巴集团控股有限公司 | Mail style testing method and apparatus |
| US20190005428A1 (en) * | 2017-06-20 | 2019-01-03 | KnowBe4, Inc. | Systems and methods for creating and commissioning a security awareness program |
| CN109245988A (en) * | 2018-06-05 | 2019-01-18 | 平安科技(深圳)有限公司 | Monitor mail automatic sending method, system, computer equipment and storage medium |
| CN109067637A (en) * | 2018-06-15 | 2018-12-21 | 北京首联信通科技有限公司 | Network information security Consciousness Education method and device, storage medium |
| CN110855675A (en) * | 2019-11-15 | 2020-02-28 | 恒安嘉新(北京)科技股份公司 | Mail safety consciousness testing method, device, equipment and storage medium |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114050909A (en) * | 2021-08-30 | 2022-02-15 | 国网思极网安科技(北京)有限公司 | Method and system for drilling simulated mails and electronic equipment |
| CN114050909B (en) * | 2021-08-30 | 2023-08-18 | 国网思极网安科技(北京)有限公司 | Exercise method, system and electronic device for simulating mail |
| CN113806740A (en) * | 2021-09-30 | 2021-12-17 | 上海易念信息科技有限公司 | Fishing simulation test method and system and electronic equipment |
| CN113806740B (en) * | 2021-09-30 | 2024-04-16 | 上海易念信息科技有限公司 | Fishing simulation test method, system and electronic equipment |
| CN114499932A (en) * | 2021-12-16 | 2022-05-13 | 山东星维九州安全技术有限公司 | Phishing mail test service supporting method, system and terminal |
| CN116545674A (en) * | 2023-04-27 | 2023-08-04 | 中国人民财产保险股份有限公司 | Email phishing exercise method, system, equipment and medium free of privacy information collection |
| CN116545674B (en) * | 2023-04-27 | 2026-02-10 | 中国人民财产保险股份有限公司 | Methods, systems, equipment, and media for email phishing drills that do not collect privacy information |
| CN116781388A (en) * | 2023-07-17 | 2023-09-19 | 北京中睿天下信息技术有限公司 | Mail phishing-based separation deployment method and device |
| CN116781388B (en) * | 2023-07-17 | 2024-04-12 | 北京中睿天下信息技术有限公司 | Mail phishing-based separation deployment method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111416801A (en) | Mail processing method and device | |
| US11245718B2 (en) | Method and system for tracking fraudulent activity | |
| US12052208B2 (en) | System and method for improving detection of bad content by analyzing reported content | |
| US7797579B2 (en) | Method and system for identifying unsafe synthetic transactions and modifying parameters for automated playback | |
| US8826403B2 (en) | Service compliance enforcement using user activity monitoring and work request verification | |
| US7970869B2 (en) | Method and system for automatic skill-gap evaluation | |
| US9521104B2 (en) | Outgoing communications inventory | |
| US9466049B2 (en) | Analyzing activity patterns in online communities | |
| US8898796B2 (en) | Managing network data | |
| US20130198391A1 (en) | System And Method For Main Page Identification In Web Decoding | |
| CN111898023A (en) | Message pushing method and device, readable storage medium and computing equipment | |
| CN106682176A (en) | Page loading method, equipment and device | |
| US20120246293A1 (en) | Fast device classification | |
| US8250138B2 (en) | File transfer security system and method | |
| US20130024505A1 (en) | System, method and computer program product for reconstructing data received by a computer in a manner that is independent of the computer | |
| US20180219808A1 (en) | Optimizing evaluation of effectiveness for multiple versions of electronic messages | |
| CN104579931B (en) | The access method and device of a kind of copending document based on mail | |
| CN110888816A (en) | Program testing method, program testing device and storage medium | |
| US7882179B2 (en) | Computer system tools and method for development and testing | |
| CN114338135A (en) | Remote login behavior processing method and device, computing equipment and storage medium | |
| CN113495498A (en) | Simulation method, simulator, device, and medium for hardware device | |
| Su et al. | Crowdsourcing platform for collaboration management in vulnerability verification | |
| US11119763B2 (en) | Cognitive selection of software developer for software engineering task | |
| KR20070057676A (en) | Computer-implemented methods of managing application record configuration settings, computer program products and data processing systems | |
| Galdi et al. | ThePhish: an Automated Open-Source Phishing Email Analysis Platform. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200714 |