	US 12,243,020 B2
	Detecting fraud by calculating email address prefix mean keyboard distances using machine learning optimization
Noah Eyal Altman, Rishon Le'zion (IL); Or Basson, Tel Aviv (IL); Yehezkel Shraga Resheff, Tel Aviv (IL); and Yair Horesh, Kfar-Saba (IL)
Assigned to Intuit Inc., Mountain View, CA (US)
Filed by Intuit Inc., Mountain View, CA (US)
Filed on Mar. 19, 2020, as Appl. No. 16/823,642.
Prior Publication US 2021/0295179 A1, Sep. 23, 2021
Int. Cl. G06Q 10/107 (2023.01); G06F 18/2135 (2023.01); G06N 5/04 (2023.01); G06N 20/00 (2019.01); G06Q 10/04 (2023.01); G06Q 30/018 (2023.01)

CPC G06Q 10/107 (2013.01) [G06F 18/21355 (2023.01); G06N 5/04 (2013.01); G06N 20/00 (2019.01); G06Q 10/04 (2013.01); G06Q 30/0185 (2013.01)]

20 Claims

1. A method of identifying fraudulent emails, the method performed by one or more processors of a computing device and comprising:

receiving an email comprising a prefix including a number of characters and characterized by a prefix length indicative of the number of characters in the prefix;

identifying each of a number of bigrams within the prefix, each bigram of the number of bigrams consisting of two consecutive characters of the prefix;

determining, for the each bigram of the number of bigrams, a row distance and a column distance between the two consecutive characters of the each bigram as positioned on a keyboard;

calculating, for the each bigram of the number of bigrams, an Euclidean distance between the two consecutive characters of the each bigram based on the determined row and column distances;

determining a normalized distance based on the prefix length and an average of the Euclidean distances calculated for the number of bigrams in the prefix;

comparing the normalized distance with a value; and

classifying the email as suspicious or as not suspicious based at least in part on the comparing.