Patent attributes
A computer-implemented method of detecting an email spoofing and spear phishing attack may comprise generating a contact model of a sender of emails; determining, by a hardware processor, a statistical dispersion of the generated contact model that is indicative of a spread of a distribution of data in the generated model and receiving, over a computer network, an email from the sender. If the determined statistical dispersion is lower than a dispersion threshold, the received email may be evaluated in the processor against a plurality of conditions associated with email spoofing and spear phishing attacks, using the generated contact model, to generate a features vector that is constituted of a plurality of numeric values and a plurality of dispersion values between 0 and 1, and using at least the generated features vector to classify with a supervised learning algorithm the received email as a likely legitimate email or as a likely malicious email spear phishing attack; and notifying a recipient of the email when the received email is classified as a likely malicious email spear phishing attack.