Abstract: Aspects of the disclosure relate to identifying and processing suspicious emails. In some embodiments, a computing device may receive an email associated with an email domain. Subsequently, the computing device may determine a registration date of the email domain. The computing device may then compare the determined registration date to a first threshold date. Thereafter, responsive to determining that the determined registration date is before the first threshold date, the computing device may transmit the email to a recipient address identified in the email. Responsive to determining that the determined registration date is at or after the first threshold date, the computing device may execute a security risk assessment model. The computing device may then determine, based on the security risk assessment model, a security risk level of the email domain. The computing device may filter, based on the security risk level of the email domain, the email.

Abstract: Aspects of the disclosure relate to identifying and processing suspicious emails. In some embodiments, a computing device may receive an email associated with an email domain. Subsequently, the computing device may determine a registration date of the email domain. The computing device may then compare the determined registration date to a first threshold date. Thereafter, responsive to determining that the determined registration date is before the first threshold date, the computing device may transmit the email to a recipient address identified in the email. Responsive to determining that the determined registration date is at or after the first threshold date, the computing device may execute a security risk assessment model. The computing device may then determine, based on the security risk assessment model, a security risk level of the email domain. The computing device may filter, based on the security risk level of the email domain, the email.

Abstract: Aspects of the disclosure relate to a message processing platform for enhanced phishing message detection. A computing platform may receive a first message from a first source entity, where the first message was flagged as potentially malicious through selection of a malicious message button in a mobile banking application, and where the first message includes content from the first source entity pretending to be a second source entity different than the first source entity. Using one or more machine learning algorithms, the computing platform may parse the first message to identify the second source entity. The computing platform may identify an enterprise security system associated with the second source entity, and may generate a second message that includes the first message as an attachment and indicates that the first message was flagged as potentially malicious. Subsequently, the computing platform may send, to the enterprise security system, the second message.

Abstract: Aspects of the disclosure relate to a message processing platform for enhanced phishing message detection. A computing platform may receive a first message from a first source entity, where the first message was flagged as potentially malicious through selection of a malicious message button in a mobile banking application, and where the first message includes content from the first source entity pretending to be a second source entity different than the first source entity. Using one or more machine learning algorithms, the computing platform may parse the first message to identify the second source entity. The computing platform may identify an enterprise security system associated with the second source entity, and may generate a second message that includes the first message as an attachment and indicates that the first message was flagged as potentially malicious. Subsequently, the computing platform may send, to the enterprise security system, the second message.

Abstract: A malicious email mitigation process provides safe handling of emails and protects users from malicious content such as contained in phishing emails. A mail-delivery agent on a mail server receives an original email from a sender. The mail-delivery agent analyzes whether the sender is inside or outside of a safe zone and/or is a trusted sender. If the sender is inside the safe zone, the server transmits to the client the original email without alteration. If originating from an unsafe zone and/or from a potentially unsafe sender, the server deobfuscates any links in the original email, converts the original email into a sanitized communications file, and creates an image of the original email. The server transmits the sanitized communication file to a mailbox on the client along with the image copy of the original email as an attachment and any original attachments to the original email that are safe.

Abstract: A method for enhancing computer security is provided. The method may include receiving a first dataset including a first plurality of web sites and a second dataset including a second plurality of web sites. The second plurality of web sites may comprise whitelisted websites. The method may include executing a first set of instructions, the first set of instructions including accessing each of the first plurality of websites and, based on the accessing, assigning a confidence score to each of the websites. The method may also include executing a second set of instructions. The second set of instructions may include creating a third dataset including a third list of web sites having a URL that includes a predetermined term. The second set of instructions may also include removing from the third dataset the second plurality of websites to create a modified third dataset.

Abstract: A method for enhancing computer security is provided. The method may include receiving a first dataset including a first plurality of web sites and a second dataset including a second plurality of web sites. The second plurality of web sites may comprise whitelisted websites. The method may include executing a first set of instructions, the first set of instructions including accessing each of the first plurality of websites and, based on the accessing, assigning a confidence score to each of the websites. The method may also include executing a second set of instructions. The second set of instructions may include creating a third dataset including a third list of web sites having a URL that includes a predetermined term. The second set of instructions may also include removing from the third dataset the second plurality of websites to create a modified third dataset.