Abstract: Apparatus and methods for using deepfakes defensively to detect fake, spoofed, and hoax phone calls and videoconferences are provided. A program may record a target individual reciting exemplary phrases. The program may analyze the recordings to create a baseline. The program may use deepfake algorithms to create exemplar deepfake audiovisual representations of the target individual. The program may store the data in a database. The program may analyze, in real-time, a phone call or videoconference to determine whether they are legitimate or illegitimate by comparing the audio or audiovisual contents of the phone call or videoconference with the exemplar deepfakes. When the program determines the phone call or videoconference is illegitimate, the program may terminate the call or videoconference and inform the recipient and others.

Abstract: Aspects of the disclosure relate to identifying and processing suspicious emails. In some embodiments, a computing device may receive an email associated with an email domain. Subsequently, the computing device may determine a registration date of the email domain. The computing device may then compare the determined registration date to a first threshold date. Thereafter, responsive to determining that the determined registration date is before the first threshold date, the computing device may transmit the email to a recipient address identified in the email. Responsive to determining that the determined registration date is at or after the first threshold date, the computing device may execute a security risk assessment model. The computing device may then determine, based on the security risk assessment model, a security risk level of the email domain. The computing device may filter, based on the security risk level of the email domain, the email.

Abstract: Aspects of the disclosure relate to identifying and processing suspicious emails. In some embodiments, a computing device may receive an email associated with an email domain. Subsequently, the computing device may determine a registration date of the email domain. The computing device may then compare the determined registration date to a first threshold date. Thereafter, responsive to determining that the determined registration date is before the first threshold date, the computing device may transmit the email to a recipient address identified in the email. Responsive to determining that the determined registration date is at or after the first threshold date, the computing device may execute a security risk assessment model. The computing device may then determine, based on the security risk assessment model, a security risk level of the email domain. The computing device may filter, based on the security risk level of the email domain, the email.