Email clusters

Updated on 17.01.24
3 minutes to read
Copy link


While fraudsters often work with hundreds of fake email addresses, not all patterns are obvious. Some are complex, like 12hcfs122, 34hdte133, 58trdx988, while others are simpler, like j.ohndoe, jo.hndoe, joh.ndoe, john.doe - but it’s hard to  tell if any of these are real or newly created mailboxes as part of a fraud ring activity.

Humans aren't always good at spotting patterns, especially when there is a mass of data to review – but AI is. SEON's email clustering does precisely that. Email clustering was designed to enhance your fraud detection capabilities by identifying and grouping likely algorithmically generated email addresses, using data from the past 30 days.


Finding email clusters

Email clustering operates continually without the need for manual activation. Running on a weekly frequency, it groups similar, likely algorithmically generated email addresses, leveraging data from the previous 30 days. 

The algorithm focuses on the most suspicious email addresses: when it recognizes anything irregular, it can group other addresses that are in some way similar.

To access this feature, simply navigate to the Email Clusters tab on the Monitoring page to view any identified clusters in your system.


Reviewing email clusters

Under the Email Clusters tab of the Monitoring page, we display all identified clusters along with corresponding details - the number of emails in the cluster, the number of generated rules for them, and the last date the list was updated.

Email clusters tab of the Monitoring page

The interface also allows you to filter between current and outdated clusters.
Clicking on a specific cluster opens up its Details page, showing all related emails, users, number of transactions, total amount involved, and the last activity associated with that cluster. 

Our feature facilitates transaction filtering for further investigation, and by clicking the user icon, you can access the Customer Details page. You also have the ability to filter transactions for a specific email address in the cluster.

Email cluster details window

Click on Review transactions to see a list of all transactions associated with the email cluster. You can select certain or all transactions and change their state, assign, export or add them to a list all at once by using the icons in the bottom toolbar. 


Machine learning rules for email clusters

While identifying patterns is crucial, effectively blocking potential fraudsters is equally important. However, manually blocking every single email can be time-consuming and inefficient, and fraudsters could just generate more fake emails. Our solution is to use machine learning. When additional connected data points are discovered, our system generates rules to block potential fraudsters. These rules are based on an analysis of all transactions linked to the cluster. They are readable, easily usable rules that will be able to recognize similar patterns later on too. Rest assured, you have full control over this feature; these rules are not automatically activated.

Utilizing email clustering rules can save your fraud team countless hours of manual reviews, while also safeguarding your revenue. As an advanced fraud investigation and analysis tool, Email Clustering provides a robust solution to combat fraudsters.