US Patent 12132757 Preventing cloud-based phishing attacks using shared documents with malicious links

The technology disclosed prevents phishing attacks where a malicious attacker creates a malicious file in a cloud-based store and shares it with endpoint users. A user, opening the shared document, is redirected to a malicious website where a corporation's critical data may be compromised. The cloud-based method applies a set of rules and policies to allow the shared document or block the shared document from the network, based on identifying the ownership or originator of the shared document. Documents from blacklisted websites are blocked. Documents from trusted sources are allowed access to the network. Unknown documents are blocked and threat-scanned to determine if they contain malicious content. If analysis proves a blocked document to be safe, it may be released into the network along with subsequent documents having the same ownership or originator.