公开(公告)号：US20240333761A1

公开(公告)日：2024-10-03

申请号：US18126827

申请日：2023-03-27

Applicant: Cisco Technology, Inc.

Inventor： Fahim Abbasi ,  Abhishek Singh

IPC: H04L9/40

CPC classification number: H04L63/1483 ,  H04L63/0236

Abstract: Techniques and architecture are described for detecting a compromised mailbox as an email account compromise (EAC) involved in lateral phishing, lateral scam, lateral BEC, outbound scam, lateral and inbound fraudulent money transfer requests. For example, the techniques and architecture provide a method that comprises scanning, by a pre-filter, electronic mail messages (emails) within an organization, wherein the emails originate within the organization. The pre-filter analyzes the emails with respect to known fraudulent email practices and determines that an email is a questionable email. A retrospective behavior engine analyzes the questionable email with respect to one or more historical traits to provide a feature set. Based at least in part on the feature set, the verdict correlation engine determines that the questionable email belongs in a class of emails from multiple classes of emails. Based at least in part on the class, the verdict correlation engine performs a responsive action.

公开(公告)号：US12238054B2

公开(公告)日：2025-02-25

申请号：US17699579

申请日：2022-03-21

Applicant: Cisco Technology, Inc.

Inventor： Fahim Abbasi ,  Abhishek Singh ,  Muhammad Sachedina

IPC: H04L51/212 ,  G06N20/00 ,  H04L9/40 ,  H04L51/42

Abstract: Techniques for an email-security system to detect multi-stage email scam attacks, and engage an attacker to obtain additional information. The system may analyze emails for users and identify scam emails by analyzing metadata of the emails. The system may then classify the scam emails into particular classes from among a group of scam-email classes. The system may then engage the attacker that sent the scam email. In some instances, the scam emails may be multi-stage attacks, and the system may automatically engage the attacker to move to the next stage of the scam attack. For instance, the system may send a lure email that is responsive to the particular scam class to prompt or provoke the attacker to send more sensitive information, such as a phone number, a bank account, etc. The system may then harvest this sensitive information of the attacker, and use that information for various remedial actions.

公开(公告)号：US20230171213A1

公开(公告)日：2023-06-01

申请号：US17699579

申请日：2022-03-21

Applicant: Cisco Technology, Inc.

Inventor： Fahim Abbasi ,  Abhishek Singh ,  Muhammad Sachedina

IPC: H04L51/00 ,  H04L51/42 ,  H04L9/40

CPC classification number: H04L51/12 ,  H04L51/22 ,  H04L63/1433 ,  G06N20/00

Abstract: Techniques for an email-security system to detect multi-stage email scam attacks, and engage an attacker to obtain additional information. The system may analyze emails for users and identify scam emails by analyzing metadata of the emails. The system may then classify the scam emails into particular classes from among a group of scam-email classes. The system may then engage the attacker that sent the scam email. In some instances, the scam emails may be multi-stage attacks, and the system may automatically engage the attacker to move to the next stage of the scam attack. For instance, the system may send a lure email that is responsive to the particular scam class to prompt or provoke the attacker to send more sensitive information, such as a phone number, a bank account, etc. The system may then harvest this sensitive information of the attacker, and use that information for various remedial actions.