The costliest attacks often carry no malware at all. Business email compromise, executive impersonation, and pretexting work by manipulating a person into wiring money or handing over credentials — there is no malicious file for an antivirus to catch. Detecting them means reading communications for manipulation, not payloads.
Social Safeguard, Inc.'s US11936686B2, “System, device and method for detecting social engineering attacks in digital communications” (issued March 19, 2024; CPC H04L 63/1466 — attacks involving impersonation, and H04L 63/1483 — phishing protection), describes detecting social-engineering attacks in digital communications. Read it at US11936686B2.
Mechanically, the system analyzes communications for the linguistic and contextual signals of manipulation — urgency, impersonation cues, anomalous requests — rather than scanning for known-bad attachments or links. The CPC tag H04L 63/1466, attacks involving impersonation, is the precise classification: this is detection aimed at the human-targeting layer of an attack.
Why this is a business story: business email compromise is consistently among the highest-dollar-loss categories the FBI tracks, which created a whole market — Abnormal Security, Tessian, and others — selling behavioral email security on exactly this premise. The rise of AI-generated, grammatically perfect phishing has only raised the stakes, making intent-based detection a growth segment. Patents on detecting manipulation, not malware, mark where that money is flowing.
The grounded read: social-engineering detection reads communications for manipulation because the attack targets the person, not the machine. Social Safeguard's 2024 grant names that intent-focused detection — the basis of the fast-growing behavioral email-security market.