公开(公告)号：US12244562B2

公开(公告)日：2025-03-04

申请号：US17867464

申请日：2022-07-18

Applicant: Cisco Technology, Inc.

Inventor： Durgamadhav Behera ,  Abhishek Singh ,  Muhammad Sachedina

IPC: H04L9/40

Abstract: Techniques for an email-security system to screen emails, extract information from the emails, analyze the information, assign probability scores to the emails, and classify the emails as likely fraudulent or not. The system may analyze emails for users and identify fraudulent emails by analyzing the contents of the emails. The system may evaluate the contents of the emails to determine probability score(s) which may further determine an overall probability score. The system may then classify the email as fraudulent, or not, and may perform actions including blocking the email, allowing the email, flagging the email, etc. In some instances, the screened emails may include legitimate brand domain addresses, names, images, URL(s), and the like. However, the screened emails may contain a reply-to domain address that matches a free email service provider domain. In such instances, the email-security system may assign a probability score indicative that the screened email is fraudulent.

公开(公告)号：US20230328034A1

公开(公告)日：2023-10-12

申请号：US17867464

申请日：2022-07-18

Applicant: Cisco Technology, Inc.

Inventor： Durgamadhav Behera ,  Abhishek Singh ,  Muhammad Sachedina

IPC: H04L9/40

CPC classification number: H04L63/0236 ,  H04L63/1483 ,  H04L63/1408

Abstract: Techniques for an email-security system to screen emails, extract information from the emails, analyze the information, assign probability scores to the emails, and classify the emails as likely fraudulent or not. The system may analyze emails for users and identify fraudulent emails by analyzing the contents of the emails. The system may evaluate the contents of the emails to determine probability score(s) which may further determine an overall probability score. The system may then classify the email as fraudulent, or not, and may perform actions including blocking the email, allowing the email, flagging the email, etc. In some instances, the screened emails may include legitimate brand domain addresses, names, images, URL(s), and the like. However, the screened emails may contain a reply-to domain address that matches a free email service provider domain. In such instances, the email-security system may assign a probability score indicative that the screened email is fraudulent.

公开(公告)号：US12238054B2

公开(公告)日：2025-02-25

申请号：US17699579

申请日：2022-03-21

Applicant: Cisco Technology, Inc.

Inventor： Fahim Abbasi ,  Abhishek Singh ,  Muhammad Sachedina

IPC: H04L51/212 ,  G06N20/00 ,  H04L9/40 ,  H04L51/42

Abstract: Techniques for an email-security system to detect multi-stage email scam attacks, and engage an attacker to obtain additional information. The system may analyze emails for users and identify scam emails by analyzing metadata of the emails. The system may then classify the scam emails into particular classes from among a group of scam-email classes. The system may then engage the attacker that sent the scam email. In some instances, the scam emails may be multi-stage attacks, and the system may automatically engage the attacker to move to the next stage of the scam attack. For instance, the system may send a lure email that is responsive to the particular scam class to prompt or provoke the attacker to send more sensitive information, such as a phone number, a bank account, etc. The system may then harvest this sensitive information of the attacker, and use that information for various remedial actions.

公开(公告)号：US20230171213A1

公开(公告)日：2023-06-01

申请号：US17699579

申请日：2022-03-21

Applicant: Cisco Technology, Inc.

Inventor： Fahim Abbasi ,  Abhishek Singh ,  Muhammad Sachedina

IPC: H04L51/00 ,  H04L51/42 ,  H04L9/40

CPC classification number: H04L51/12 ,  H04L51/22 ,  H04L63/1433 ,  G06N20/00

Abstract: Techniques for an email-security system to detect multi-stage email scam attacks, and engage an attacker to obtain additional information. The system may analyze emails for users and identify scam emails by analyzing metadata of the emails. The system may then classify the scam emails into particular classes from among a group of scam-email classes. The system may then engage the attacker that sent the scam email. In some instances, the scam emails may be multi-stage attacks, and the system may automatically engage the attacker to move to the next stage of the scam attack. For instance, the system may send a lure email that is responsive to the particular scam class to prompt or provoke the attacker to send more sensitive information, such as a phone number, a bank account, etc. The system may then harvest this sensitive information of the attacker, and use that information for various remedial actions.