\
Yesterday a friend of mine called me sharing his CEO mailed him asking for his personal financial details with CTA on a shortened URL. He was about to click the URL but by chance checked the mail domain name before clicking. He was about to get tricked by hackers. I told him it was a standard CEO Fraud.

## Do you know about CEO Fraud?

It is a spear-phishing email attack in which the attacker impersonates the CEO, tricks staff into transferring money, sending confidential HR information, or revealing sensitive information.

 ![CEO Fraud](https://miro.medium.com/max/1400/0\*Zc6788uRI_lLFq9Z)

## Email Fraud and Importance of Defender System

Email impersonation trick is an old technique of fraud but still, people get tricked by it. In general, an email defender system is not required if everyone checks mail attachment format, email sender domain, inspects links on the mail (phishing links), etc. People who get 1 mail per day can do the above sanity check exercise but for those who get 100s or 1000s of emails per day, this checking is a tedious task. You can be 100 times right but 1 mistake/wrong click can hit you hard to a great loss.

## What is a Phishing Link?

Phishing links is a malicious website address designed to steal personal, financial, or account information. Phishing links may initiate malware downloads or browser-based script attacks.

 ![Email Fraud Trap (Image Source Twitter)](https://miro.medium.com/max/1400/0\*uZfUemDzqN3w6Le3)

## Building Defender System

The Defender system is an alert system that reads emails from the mailbox of the client and shows the severity of fraud with the reason why a mail is marked as fraud. The model returns a probability of fraud, and based on your business needs one can tweak the probability of an alert being raised.

*Email Fraud is a problem that needs a Low False Negative i.e.* ***Recall > Precision*** *(high recall metric).*

> ***To Read Mail use*** ***[Gmail API](https://developers.google.com/gmail/api)***

## Model Steps:

* **Basic Checks**: sender mail domain, attachment format type, URL shortened, etc.
* **Advance Checks**: Subject line and Mail body tagging


1. Urgency Detection
2. Transaction/Payment reference
3. Mailer Location — Historical Check
4. Mailer send time — Historical Check

> *The modeling part over mail text is a standard text classification & mail tagging task. We shall build a probabilistic model of whether a mail is fraud or not with mail text and other information.*

If someone wants a check-out reference of text classification code one can check out my previous Newsletter (google colab code link inside [Newsletter](https://www.linkedin.com/pulse/building-job-recommendation-strategy-linkedin-xing-part1-uppal)).

## High-Level Design

Let us design the architecture of the Product — Defender. Below is a High-Level Design of the Model/Pipeline.

 ![ML System Design](https://miro.medium.com/max/1340/0\*YgTV0uVGNNAv2MOy)

> **With the above framework in place, we can raise alerts on the client’s mailbox whenever we suspect an incoming fraudulent mail.**

 ![Image Source Tessian](https://miro.medium.com/max/1400/0\*9Ip0ixSJT14MqEFR)

Above is a sample alert that can be raised to a user.

* Shortened URL historic usage pattern and destination of a shortened URL can be shown (pythonic way of getting destination of a shortened URL).

 ![Code Snippet to get Destination URL](https://miro.medium.com/max/1400/0\*5h9ZWU9_XVQs_Czs)

* Historic location patterns — To get the location of a Mail ( one can extract the IP Address and [IPLookUp with the extracted IP Address](https://gsuite.tools/ip-location) ).

 ![Sender IP from Email (Right Side: Click Show Original on any mail on Gmail)](https://miro.medium.com/max/1400/0\*uaURadjDDOMzv9ia)

## **Conclusion**

CEO Fraud (Email Impersonation), Phishing URLs, and Malicious attachments are very common these days and a system like the above (Defender) can protect or reduce to 99% probability (even sanitizer does not kill 100% germs 😂 pun intended ) of you being trapped by a potential fraud.

While my intent is to share more about when, why, and, how data science can help in real-world problems there is always more to it so rack your brains on the problem and if you have more ideas on this, I would love to read it please share in the comments section.


---

I hope you learned something new from this post. If you liked it, hit 👏, subscribe to my newsletter, and share this with others. Stay tuned for the next one!

\
Thanks to [Founder’s Book](https://foundersbook.co/?via=shaurya) for Sponsoring this Newsletter.

 ![](https://miro.medium.com/max/1400/1\*wsFXHenK2nfjm4VACQBqVg.png)

> *Connect, Follow or Endorse me on* ***[LinkedIn](https://www.linkedin.com/in/shaurya-uppal/)*** *if you found this read useful. If you are building an AI or a data product or service, you are invited to become a sponsor of one of the future* ***[newsletter](https://www.linkedin.com/newsletters/problem-solving-data-science-6874965456701198336/)*** *editions. Feel free to reach out to shauryauppal97@gmail.com for more details on sponsorships.*

\
**AUTHOR:** [https://www.linkedin.com/in/shaurya-uppal/](https://www.linkedin.com/in/shaurya-uppal/?ref=hackernoon.com)

**Newsletter:** [https://www.linkedin.com/newsletters/problem-solving-data-science-6874965456701198336/](https://www.linkedin.com/newsletters/problem-solving-data-science-6874965456701198336/?ref=hackernoon.com)

## Other Recommended Reads:

\[1\] [Experimentation when you can’t A/B Test | Beyond A/B Testing — Switchbacks & Synthetic Control Group](https://www.linkedin.com/pulse/experimentation-when-you-cant-ab-test-beyond-testing-shaurya-uppal/)

\[2\] [Mastering A/B Testing by understanding Pitfalls](https://www.linkedin.com/pulse/ab-testing-netflix-uber-pinterest-google-linkedin-spotify-uppal/)

\[3\] [Data Science in Ride-Hailing at Ola, Uber, Rapido, etc.](https://www.linkedin.com/pulse/ola-lyft-gojek-grab-uber-bikes-ride-demand-data-science-shaurya-uppal)


---


:::tip
This story was first [published here.](https://shauryauppal.medium.com/ceo-fraud-protection-with-defender-system-protect-your-emails-from-phishing-attack-55b3485d6586)

:::

\


Google

Lyft

Netflix

Twitter

Uber

2022 - Best Data Science Newsletter

2022 - Data Science Demon

2022 - HackerNoon Contributor of the Year - Data Science

2022 - HackerNoon Contributor of the Year - India

Master Data Science Skills

Nominated for 2022 - Best Data Science Newsletter

Nominated for 2022 - HackerNoon Contributor of the Year - Data

Nominated for 2022 - Data Science Demon

Nominated for 2022 - HackerNoon Contributor of the Year - Data Science

Nominated for 2022 - HackerNoon Contributor of the Year - India

Too Long; Didn't Read

Automatically Support Sites You Love in Real Time

Protecting Yourself From CEO Fraud

Protecting Yourself From CEO Fraud

Too Long; Didn't Read

Companies Mentioned

@shauryauppal

RELATED STORIES