Invented by Mirzaei; Omid, Shukla; Sachin, Kapoor; Shray

Email threats are changing fast. Hackers keep finding new ways to sneak dangerous messages past our filters. One big reason? They use email templates over and over, making small changes to trick security tools. Today, we’ll explore a powerful new invention for finding these sneaky emails by how they look, not just what they say. Let’s break down why this matters, how it works, and what sets it apart from old methods.

Background and Market Context

Emails are everywhere. We use them for work, shopping, talking to friends, and signing up for websites. Because of this, email is one of the main ways bad actors try to steal information, spread viruses, or trick people into giving up passwords. Over the years, security companies have built tools to catch these threats. They scan emails for bad words, odd links, or known patterns. But, as these tools get smarter, attackers get even smarter.

Today, it’s easy to buy a kit online for making phishing emails. These kits give hackers a bunch of ready-to-use email templates. The attacker just fills in a few details and clicks send. This means the same basic email can be sent to thousands of people, with only tiny changes like a new logo or a different sender name. Because the words and links might be slightly different each time, older security tools sometimes miss these emails. They don’t realize that, even if the text changes, the email still looks almost the same as the last attack.

This problem is getting bigger. Research shows that big clusters of “lookalike” emails can go undetected for days. For example, in one test, over 1,500 phishing emails slipped past old filters in just one month, all using similar templates. That’s a huge risk for companies and for people. When just one of these emails gets through, it can cause big problems—like data leaks, stolen money, or lost trust.

Security teams need better ways to spot these tricky emails. They need tools that don’t just read the words, but actually “see” the email the way a human does. That’s what this new invention is all about: finding emails that look the same, even when the words or links are a little different. By focusing on how the email looks, not just what it says, this tool promises to catch many more threats before they reach your inbox.

Scientific Rationale and Prior Art

Let’s talk about how email security has worked up until now. Most email filters use text analysis. They look for known bad sentences, odd links, or strange sender addresses. Some use “fuzzy hashing,” which means they try to find emails that are almost the same as known spam, even if a few words are changed. Some filters also check the sender’s history. If an email comes from a new or suspicious domain, it gets flagged.

These methods work well against simple spam or known threats. But they struggle when hackers use visual tricks. For example, a phishing email might use a fake login page that looks exactly like a real company’s website. The attacker can change the sender address or tweak the text, but as long as the email looks the same, people will fall for it. The old filters might not catch this because they don’t “see” the email like a person would—they only read the code.

Some companies have tried using image analysis before. For example, they might scan for known company logos or check for certain colors. But these methods are limited. They can be fooled by changing the image just a little bit, or by using images in new ways. Plus, these old methods are slow and don’t work well at scale—meaning they can’t handle the millions of emails sent every day.

Machine learning has helped a bit. Some security tools use “neural networks” to find patterns in emails. But even these tools often focus on text, not images. When they do use images, they may look for known pictures or simple shapes, but not the whole layout of the email.

The big problem is that hackers can reuse email kits to make lots of emails that look the same, but have small tweaks. The only way to catch these is to look at the email’s whole appearance—its colors, layout, images, and style. This needs a smart system that can “see” emails and remember what dangerous ones look like, even if the text or sender changes.

Until now, there has not been a good tool that can do this quickly and for lots of emails at once. That’s what makes this new invention different. It uses advanced image processing and pattern recognition to find lookalike emails, no matter how the text or sender changes. It learns from past attacks and builds a “memory” of what bad emails look like, so it can catch new threats right away.

Invention Description and Key Innovations

This new invention is a smart tool for finding emails that look the same. It uses a clever mix of image processing, machine learning, and pattern recognition. Here’s how it works, step by step, in simple words:

First, it turns emails into pictures. When an email arrives, the tool “renders” it—this means it creates a picture of what the email would look like if you opened it. It does this for both old (historic) emails and new emails coming in. If the email is in HTML format, it uses the code to make a clear image, just like you’d see on your screen.

Next, it improves these pictures. The tool processes each email picture to make it easier to compare. It does things like:

– Normalizing the image, so the colors and lighting are all even. This makes sure that different emails are compared fairly, even if the colors are a bit different.

– Sharpening the image, so edges and details stand out. This helps the tool see small things, like lines and shapes.

– Cropping out parts that don’t matter, like the email header or extra white space. That way, it focuses on the real content of the email.

Then, it finds special features in each picture. The tool uses smart models (like neural networks or vision transformers) to pull out important details from each image. These details might be things like shapes, lines, colors, or unique parts of the layout. Each picture turns into a “vector”—which is just a list of numbers that represents how the email looks.

After that, it stores these vectors in a knowledge base. This is like a memory bank. Every email that has been checked gets its own vector saved in this bank, along with a label (like “spam,” “phishing,” or “normal”). Over time, the knowledge base grows and gets smarter, learning from both old attacks and new ones.

When a new email comes in, it’s checked the same way. Its picture is made, processed, and turned into a vector. Then, the tool compares this new vector to all the old ones in the knowledge base. If it finds vectors that are very close—meaning the emails look almost the same—it knows there’s a match. This is done using fast search methods that can handle lots of emails at once.

If the new email matches a known bad one, it gets flagged right away. The tool groups similar emails together using smart matching (like clustering or similarity thresholds). If an email matches a group of known phishing emails, it can be blocked or reported before anyone clicks on it.

This method has a few smart tricks built in:

– It only checks emails that have visual parts (like images, logos, or colors), so plain text emails don’t slow it down.

– It learns from mistakes. If a dangerous email slips through and gets caught later, it’s added to the knowledge base, making the tool better for next time.

– It can handle lots of emails at once. This means it works for big companies with thousands of emails every day.

– It doesn’t just check for exact copies. Even if an attacker changes the logo or moves things around, the tool can still spot the match by looking at the whole layout and style.

Here are some real-world benefits:

– Security teams don’t have to rely only on words or sender info. They can find threats by how the email looks, just like a human would.

– The tool can spot new attacks that copy old ones—catching bad actors who reuse the same kits.

– It can help train other machine learning tools by giving them a clean set of unique emails, with duplicates removed.

– Security analysts can search for emails that look like a screenshot from a blog or report, helping them find related attacks faster.

With this system, companies can finally keep up with attackers who use visual tricks. It’s a big step forward for keeping inboxes safe and stopping phishing before it spreads.

Conclusion

Email threats are always changing, and attackers are getting better at sneaking past old security tools. This new invention offers a fresh way to fight back. By turning emails into pictures and looking for visual similarities, it catches dangerous emails that slip through other filters. It learns from each attack, gets smarter over time, and can handle huge volumes of messages. For anyone serious about email security, this tool is a must-have for the future. It’s simple, smart, and ready for the next wave of threats.

Click here https://ppubs.uspto.gov/pubwebapp/ and search 20250220034.