Email-based attacks present significant risks for enterprises and individuals. For example, phishing attacks generally refers to an effort to acquire sensitive information from unsuspecting victims. Email-based phishing-schemes represent up to one-out of every 4,500 emails. Research groups routinely identify tens of millions of phishing attacks every month. Often, these efforts are conducted by attackers posing as legitimate and trustworthy entities.
In the related art, various types of detection mechanisms have been developed. However, these systems fail to automatically recognize many phishing schemes, and incorrectly flag numerous valid (i.e., non-phishing) emails as phishing attacks. Successful phishing campaigns are typically successful within hours of launching. However, detection by related art public or proprietary systems may not be updated to detect new campaigns for up to several weeks. Thus, individuals and organizations continue to be exposed to email-based attacks, and must expend valuable resources (e.g., time, man-power, and computing power), organizing and assessing incorrectly flagged emails.
For example, in related art systems, filters and other tools used to screen incoming e-mails for an enterprise may fail to block all malicious emails to employees of the enterprise. Enterprises may train employees to help identify malicious e-mails that get through the filters and may provide a mechanism to report the same to technology security. However, employees regularly fail to accurately and consistently identify all malicious emails and/or fail to report some they correctly identify. Additionally, a significant percentage of reported emails (i.e., emails identified by employees as malicious) are often false-positives (e.g., legitimate emails, even if undesired by the reporter). In some enterprises, analysts may manually review each reported email, which is time consuming, error prone, and often requires review of redundant (copied) emails. This process may take days or weeks from the time of reporting to identify malicious emails.
Accordingly, there is a need for improved systems and methods to provide more efficient and effective email-attack detection. Embodiments of the present disclosure are directed to this and other considerations.