| CPC H04L 63/1416 (2013.01) [G06F 40/30 (2020.01); H04L 63/1433 (2013.01); H04L 63/1483 (2013.01); H04L 67/306 (2013.01)] | 20 Claims |
|
1. One or more computing devices comprising:
one or more processors; and
one or more computer-readable media storing computer-executable instructions that, when executed, cause the one or more processors to perform acts comprising:
training at least one model based at least in part on interactions between one or more users and electronic messages sent to addresses associated with the one or more users, the at least one model being trained to output susceptibility scores indicating likelihoods that the one or more users are to fall victim to malicious electronic messages;
receiving a first electronic message sent to a first address associated with a first user;
performing natural-language-processing (NLP) analysis on the first electronic message to identify text of the first electronic message;
generating first feature data based at least in part on the text obtained from the NLP analysis of the first electronic message;
generating second feature data based at least in part on one or more characteristics of the first user;
inputting, to the at least one model, the first feature data and the second feature data;
receiving a plurality of susceptibility scores comprising:
receiving, as output of the at least one model, a first susceptibility score indicating a likelihood that the first user is to fall victim to malicious data included in the first electronic message based at least in part on past behavior of the first user; and
receiving a second susceptibility score indicating a likelihood that the first user is to fall victim to malicious data included in the first electronic message based at least in part on past behaviors of a group of users with which the first user is associated; and
outputting, to the first user, a warning regarding the first electronic message based at least in part on the first susceptibility score and the second susceptibility score.
|