CEO Fraud Protection with Defender System | Protect your Emails from Phishing Attack

Shaurya Uppal
5 min readJun 22, 2022

--

Email Threats (Image Source Tessian)

Yesterday a friend of mine called me sharing his CEO mailed him asking for his personal financial details with CTA on a shortened URL. He was about to click the URL but by chance checked the mail domain name before clicking. He was about to get tricked by hackers. I told him it was a standard CEO Fraud.

Do you know about CEO Fraud?

It is a spear-phishing email attack in which the attacker impersonates the CEO, tricks staff into transferring money, sending confidential HR information, or revealing sensitive information.

CEO Fraud

Email Fraud and Importance of Defender System

Email impersonation trick is an old technique of fraud but still, people get tricked by it. In general, an email defender system is not required if everyone checks mail attachment format, email sender domain, inspects links on the mail (phishing links), etc. People who get 1 mail per day can do the above sanity check exercise but for those who get 100s or 1000s of emails per day, this checking is a tedious task. You can be 100 times right but 1 mistake/wrong click can hit you hard to a great loss.

This Newsletter is Sponsored by Founder’s Book.

Build and launch your startup with the #1 platform of tools and resources for first-time founders and early-stage startups.

What is a Phishing Link?

Phishing links is a malicious website address designed to steal personal, financial, or account information. Phishing links may initiate malware downloads or browser-based script attacks.

Email Fraud Trap (Image Source Twitter)

Building Defender System

The Defender system is an alert system that reads emails from the mailbox of the client and shows the severity of fraud with the reason why a mail is marked as fraud. The model returns a probability of fraud, and based on your business needs one can tweak the probability of an alert being raised.

Email Fraud is a problem that needs a Low False Negative i.e. Recall > Precision (high recall metric).

To Read Mail use Gmail API

Model Steps:

  • Basic Checks: sender mail domain, attachment format type, URL shortened, etc.
  • Advance Checks: Subject line and Mail body tagging
  1. Urgency Detection
  2. Transaction/Payment reference
  3. Mailer Location — Historical Check
  4. Mailer send time — Historical Check

The modeling part over mail text is a standard text classification & mail tagging task. We shall build a probabilistic model of whether a mail is fraud or not with mail text and other information.

If someone wants a check-out reference of text classification code one can check out my previous Newsletter (google colab code link inside Newsletter).

High-Level Design

Let us design the architecture of the Product — Defender. Below is a High-Level Design of the Model/Pipeline.

ML System Design

With the above framework in place, we can raise alerts on the client’s mailbox whenever we suspect an incoming fraudulent mail.

Image Source Tessian

Above is a sample alert that can be raised to a user.

  • Shortened URL historic usage pattern and destination of a shortened URL can be shown (pythonic way of getting destination of a shortened URL).
Code Snippet to get Destination URL
Sender IP from Email (Right Side: Click Show Original on any mail on Gmail)

Conclusion

CEO Fraud (Email Impersonation), Phishing URLs, and Malicious attachments are very common these days and a system like the above (Defender) can protect or reduce to 99% probability (even sanitizer does not kill 100% germs 😂 pun intended ) of you being trapped by a potential fraud.

While my intent is to share more about when, why, and, how data science can help in real-world problems there is always more to it so rack your brains on the problem and if you have more ideas on this, I would love to read it please share in the comments section.

I hope you learned something new from this post. If you liked it, hit 👏, subscribe to my newsletter, and share this with others. Stay tuned for the next one!

Thanks to Founder’s Book for Sponsoring this Newsletter.

Connect, Follow or Endorse me on LinkedIn if you found this read useful. To learn more about me visit: Here

Not a Medium member yet? Please use this link to become a member because, at no extra cost for you, I earn a small commission for referring you.

I also run a Newsletter Edition. If you are building an AI or a data product or service, you are invited to become a sponsor of one of the future newsletter issues. Feel free to reach out to shauryauppal97@gmail.com for more details on sponsorships.

--

--

Shaurya Uppal
Shaurya Uppal

Written by Shaurya Uppal

Lead Data Scientist @ The Weather Company | ex-Makro, Inmobi, 1mg, epiFi | https://www.linkedin.com/in/shaurya-uppal/ | Shauryauppal97@gmail.com

No responses yet