Search

US-12627708-B2 - Systems, methods, and apparatuses for detection of data misappropriation attempts across electronic communication platforms

US12627708B2US 12627708 B2US12627708 B2US 12627708B2US-12627708-B2

Abstract

Systems, computer program products, and methods are described herein for detection of data misappropriation attempts across electronic communication platforms. The present invention is configured to identify a recipient user account, wherein the recipient user account has received a current communication; parse the current communication to identify at least one order for the recipient user account; identify at least one potential outcome based on the at least one order for the recipient user account; determine the potential outcome comprises a misappropriation; apply a misappropriation attempt engine to the current communication; and generate, by the misappropriation attempt engine, a misappropriation attempt rating for the current communication.

Inventors

  • Jinna Zevulun Kim
  • Katherine Kei-Zen Dintenfass
  • Jo-Ann Taylor
  • Christine D. Black
  • Jennifer Tiffany Renckert
  • Vijaya L. Vemireddy

Assignees

  • BANK OF AMERICA CORPORATION

Dates

Publication Date
20260512
Application Date
20221107

Claims (19)

  1. 1 . A system for detection of data misappropriation attempts across electronic communication platforms, the system comprising: a memory device with computer-readable program code stored thereon; at least one processing device operatively coupled to the memory device and at least one communication device, wherein executing the computer-readable program code is configured to cause the at least one processing device to: identify a recipient user account and an associated recipient account identifier, wherein the recipient user account has received a current communication; identify recipient account characteristics associated with the recipient account identifier; parse the current communication to identify at least one order for the recipient user account; identify at least one potential outcome based on the at least one order for the recipient user account; determine the potential outcome comprises a misappropriation; collect a set of previous recipient account identifiers associated with a set of previous threat communications and a set of previous recipient account characteristics associated with the set of previous recipient account identifiers; create a recipient account threat training data set comprising the collected set of previous recipient account identifiers and the set of previous recipient account characteristics; train a misappropriation attempt engine using the recipient account threat training data set; apply the trained misappropriation attempt engine to the current communication, wherein the application of the trained misappropriation attempt engine comprises an analysis of the recipient account characteristics compared to the set of previous recipient account characteristics; determine, by the trained misappropriation attempt engine, one or more of the recipient account characteristics matches at least one of the set of previous recipient account characteristics; and generate, by the misappropriation attempt engine, a misappropriation attempt rating for the current communication based on the potential outcome comprising the misappropriation and the matching, using the trained misappropriation attempt engine, of the one or more recipient account characteristics with at least one of the set of previous recipient account characteristics.
  2. 2 . The system of claim 1 , wherein the current communication comprises at least one of a verbal electronic communication or an electronic message communication.
  3. 3 . The system of claim 1 , wherein the determination the potential outcome comprises a misappropriation further comprises an acceptance by the recipient user account of the at least one order of the current communication.
  4. 4 . The system of claim 1 , wherein the processing device is further configured to: collect a set of previous threat communications, wherein the set of previous threat communications comprise at least one background tactic type; create a background tactic training data set comprising the collected set of previous threat communications; and train the misappropriation attempt engine using the background tactic training data set.
  5. 5 . The system of claim 4 , wherein the at least one background tactic type comprises at least one of a threat communication marker, a threat communication tone, a threat communication language, a threat communication noise, or a threat communication request type.
  6. 6 . The system of claim 5 , wherein the processing device is further configured to: receive at least one current background tactic type associated with the current communication; apply the at least one current background tactic type to the misappropriation attempt engine; and generate, by the misappropriation attempt engine, the misappropriation attempt rating of the current communication based on the at least one current background tactic type.
  7. 7 . The system of claim 1 , wherein the processing device is further configured to: collect a set of previous threat communications, wherein the set of previous threat communications comprise at least one previous order and at least one previous outcome; create a previous outcome training data set comprising the collected set of previous threat communications; and train the misappropriation attempt engine with the previous outcome training data set.
  8. 8 . The system of claim 1 , wherein the processing device is further configured to: identify a current recipient account identifier based on the recipient user account associated with the current communication; apply the current recipient account identifier to the misappropriation attempt engine; and generate, by the misappropriation attempt engine, the misappropriation attempt rating of the current communication based on the current recipient account identifier.
  9. 9 . The system of claim 1 , wherein the processing device is further configured to: collect a set of previous unverified sender account identifiers associated with a set of previous threat communications; create a sender account threat training data set comprising the collected set of previous unverified sender account identifiers; and train the misappropriation attempt engine using the sender account threat training data set.
  10. 10 . The system of claim 9 , wherein the processing device is further configured to: identify a current unverified sender account identifier associated with the current communication; transmit an authentication request to a verified sender user account associated with the unverified sender account identifier; receive an authentication response from the verified sender user account; and generate, based on the authentication response from the verified sender user account, a misappropriation attempt rating of the current communication.
  11. 11 . The system of claim 10 , wherein the misappropriation attempt rating of the current communication comprises a high rating, in an instance the authentication response comprises a negative response.
  12. 12 . The system of claim 10 , wherein the misappropriation attempt rating of the current communication comprises a low rating, in an instance the authentication response comprises a positive response.
  13. 13 . A computer program product for detection of data misappropriation attempts across electronic communication platforms, wherein the computer program product comprises at least one non-transitory computer-readable medium having computer-readable program code portions embodied therein, the computer-readable program code portions which when executed by a processing device are configured to cause the processing device to: identify a recipient user account and an associated recipient account identifier, wherein the recipient user account has received a current communication; identify recipient account characteristics associated with the recipient account identifier; parse the current communication to identify at least one order for the recipient user account; identify at least one potential outcome based on the at least one order for the recipient user account; determine the potential outcome comprises a misappropriation; collect a set of previous recipient account identifiers associated with a set of previous threat communications and a set of previous recipient account characteristics associated with the set of previous recipient account identifiers; create a recipient account threat training data set comprising the collected set of previous recipient account identifiers and the set of previous recipient account characteristics; train a misappropriation attempt engine using the recipient account threat training data set; apply the trained misappropriation attempt engine to the current communication, wherein the application of the trained misappropriation attempt engine comprises an analysis of the recipient account characteristics compared to the set of previous recipient account characteristics; determine, by the trained misappropriation attempt engine, one or more of the recipient account characteristics matches at least one of the set of previous recipient account characteristics; and generate, by the misappropriation attempt engine, a misappropriation attempt rating for the current communication based on the potential outcome comprising the misappropriation and the matching, using the trained misappropriation attempt engine, of the one or more recipient account characteristics with at least one of the set of previous recipient account characteristics.
  14. 14 . The computer program product of claim 13 , wherein the current communication comprises at least one of a verbal electronic communication or an electronic message communication.
  15. 15 . The computer program product of claim 13 , wherein the determination the potential outcome comprises a misappropriation further comprises an acceptance by the recipient user account of the at least one order of the current communication.
  16. 16 . The computer program product of claim 13 , wherein the processing device is further configured to cause the processing device to: collect a set of previous threat communications, wherein the set of previous threat communications comprise at least one background tactic type; create a background tactic training data set comprising the collected set of previous threat communications; and train the misappropriation attempt engine using the background tactic training data set.
  17. 17 . A computer-implemented method for detection of data misappropriation attempts across electronic communication platforms, the computer-implemented method comprising: identifying a recipient user account and an associated recipient account identifier, wherein the recipient user account has received a current communication; identifying recipient account characteristics associated with the recipient account identifier; parsing the current communication to identify at least one order for the recipient user account; identifying at least one potential outcome based on the at least one order for the recipient user account; determining the potential outcome comprises a misappropriation; collecting a set of previous recipient account identifiers associated with a set of previous threat communications and a set of previous recipient account characteristics associated with the set of previous recipient account identifiers; creating a recipient account threat training data set comprising the collected set of previous recipient account identifiers and the set of previous recipient account characteristics; training a misappropriation attempt engine using the recipient account threat training data set; applying the trained misappropriation attempt engine to the current communication, wherein the application of the trained misappropriation attempt engine comprises an analysis of the recipient account characteristics compared to the set of previous recipient account characteristics; determining, by the trained misappropriation attempt engine, one or more of the recipient account characteristics matches at least one of the set of previous recipient account characteristics; and generating, by the misappropriation attempt engine, a misappropriation attempt rating for the current communication based on the potential outcome comprising the misappropriation and the matching, using the trained misappropriation attempt engine, of the one or more recipient account characteristics with at least one of the set of previous recipient account characteristics.
  18. 18 . The computer-implemented method of claim 17 , wherein the current communication comprises at least one of a verbal electronic communication or an electronic message communication.
  19. 19 . The computer-implemented method of claim 17 , wherein the determination the potential outcome comprises a misappropriation further comprises an acceptance by the recipient user account of the at least one order of the current communication.

Description

FIELD OF THE INVENTION The present invention embraces a system for detection of data misappropriation attempts across electronic communication platforms. BACKGROUND Users who have user accounts and managers of those user accounts may wish to make sure data associated with the user accounts are not breached or misappropriated. For instance, managers and users associated with the user accounts may have difficulty discerning when a misappropriation attempt is occurring (e.g., by way of electronic communication such as emails, text messages, voicemails, phone calls, and/or the like) and may wish to accurately, efficiently, and dynamically track each communication and determine whether any of the electronic communications may likely lead to the misappropriation of data, identities, user accounts, and/or the like. However, difficulty may arise where the misappropriation attempts comprise social engineering tactics to get the recipient (e.g., the users associated with the user accounts) to believe the sender of the electronic communication should be trusted. A need, therefore, exists, for a system to accurately, efficiently, and dynamically detect misappropriation attempts across electronic communication platforms, such as those platforms used in sending verbal electronic communications and/or electronic message communications. Applicant has identified a number of deficiencies and problems associated with the detection of data misappropriation attempts across electronic communication platforms. Through applied effort, ingenuity, and innovation, many of these identified problems have been solved by developing solutions that are included in embodiments of the present disclosure, many examples of which are described in detail herein. SUMMARY The following presents a simplified summary of one or more embodiments of the present invention, in order to provide a basic understanding of such embodiments. This summary is not an extensive overview of all contemplated embodiments and is intended to neither identify key or critical elements of all embodiments nor delineate the scope of any or all embodiments. Its sole purpose is to present some concepts of one or more embodiments of the present invention in a simplified form as a prelude to the more detailed description that is presented later. In one aspect, a system for detection of data misappropriation attempts across electronic communication platforms is provided. The system may comprise: a memory device with computer-readable program code stored thereon; at least one processing device operatively coupled to the at least one memory device and the at least one communication device, wherein executing the computer-readable code is configured to cause the at least one processing device to: identify a recipient user account, wherein the recipient user account has received a current communication; parse the current communication to identify at least one order for the recipient user account; identify at least one potential outcome based on the at least one order for the recipient user account; determine the potential outcome comprises a misappropriation; apply a misappropriation attempt engine to the current communication; and generate, by the misappropriation attempt engine, a misappropriation attempt rating for the current communication. In some embodiments, the current communication comprises at least one of a verbal electronic communication or an electronic message communication. In some embodiments, the determination the potential outcome comprises a misappropriation further comprises an acceptance by the recipient user account of the at least one order of the current communication. In some embodiments, the processing device is further configured to: collect a set of previous threat communications, wherein the set of previous threat communications comprise at least one background tactic type; create a background tactic training data set comprising the collected set of previous threat communications; and train the misappropriation attempt engine using the background tactic training data set. In some embodiments, the at least one background tactic type comprises at least one of a threat communication marker, a threat communication tone, a threat communication language, a threat communication noise, or a threat communication request type. In some embodiments, the processing device is further configured to: receive at least one current background tactic type associated with the current communication; apply the at least one current background tactic type to the misappropriation attempt engine; and generate, by the misappropriation attempt engine, the misappropriation attempt rating of the current communication based on the at least one current background tactic type. In some embodiments, the processing device is further configured to: collect a set of previous threat communications, wherein the set of previous threat communications comprise at least one previous order and at lea