US Patent 11677783 Analysis of potentially malicious emails

Systems and methods are provided for automatically analyzing emails that have been flagged as being potentially malicious (e.g., phishing attempts) to determine whether the permit or block the email. The systems and methods can use a scoring framework to determine whether the email is part of a phishing attempt. A set of rules are provided, and points are awarded to the email based on which of a set of rules are satisfied for the email. An email that exceeds a scoring threshold can be identified as a phishing attempt for potential evaluation, and can be routed to a security analyst for further analysis and process. After a predetermined period of time, the system can rerun analysis of emails which have not been identified as phishing attempts and determine if such emails now exceed the scoring threshold.