Method and system for email phishing attempts identification and notification through organizational cognitive solutions

Assignee

• International Business Machines Corporation · US

Inventors

• Allon Adir · Kiryat Tivon, IL
• Omri Soceanu · Haifa, IL
• Lev Greenberg · Haifa, IL

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L51/222
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Embodiments of the present invention may detect, identify, and notify of email phishing attacks. For example, a method may comprise constructing at least one behavioral model for an organization based on features extracted from a plurality of email messages and based on information relating to the organization, including analyzing behavioral patterns of emails in the organization, analyzing a plurality of new email messages using the behavioral model to determine non-binary scores representing analysis of features of the messages, including behavioral patterns of the new emails in the organization with regard to the features, determining whether any of the plurality of new email messages are malicious email messages based on the non-binary scores for the new email messages indicating that the new email messages deviate from the behavioral patterns of emails in the organization included in the behavioral model, and transmitting a notification that a message is a malicious email message.