Phish and Chips: Language-agnostic classification of unsolicited emails.

Email remains a popular communication tool despite the emergence of new messaging systems, however, this popularity also attracts individuals with malicious intentions. Despite the efforts of current email filtering to keep up with the email-based threat vectors, unsolicited emails still keep reaching millions of targets. The current solutions are mainly focused on distinguishing ham from spam/phishing, leaving a gap in the identification and analysis of other unsolicited emails such as scams and adult content. In this paper, we present a study on the development of a more granular approach for sanitizing and categorizing unsolicited emails, specifically focusing on spam, phishing, scam and adult content. We design and evaluate a method for classifying unsolicited emails that can aid incident response teams in extracting contextual potential Threat Indicators (TIs). We train a machine learning language-agnostic classifier that achieves high accuracy with a novel set features such as attachments and TIs characteristics. Our results show that spam continues to drive a great portion of unsolicited emails together with phishing. Our analysis of URLs extracted from unsolicited emails revealed a surprising finding - over 80% of these TIs were not flagged as malicious by other threat feeds. This highlights the need for more effective methods of sharing malicious emails and their associated TIs.