Beagle, a visualization tool, helps catch email scammers

Beagle, a new visualization tool, helps law enforcement agencies trace the trail of email scammers. The new software speeds up forensic email investigations and helps bring cyber criminals to justice. In other words, it helps catch email scammers.

Scammers are people who carry out scams. A scam is a scheme that tricks victims. In other words, scams con people. The victim loses something of value, usually money.

Beagle is the result of a collaboration between researchers at the New York University Tandon School of Engineering and Agari. Agari is a Silicon Valley-based data security company which specializes in email security products.

Team leader, Enrico Bertini, called the tool ‘Beagle’ – a play on the sharp search skills of the dog. Beagles are good at sniffing out evidence in criminal investigations. Bertini is an Associate Professor at NYU’s Tandon School of Engineering in the Department of Computer Science and Engineering.

Prof. Bertini and colleagues wrote about their work in the journal IEEE Transactions on Visualization and Computer Graphics (citation below). The other authors were Markus Jakobsson, Hossein Siadati, Cristian Felix, and Jay Koven.

Beagle – a free tool

The researchers have already started sharing the tool with law enforcement agencies free of charge to help in their investigations. They say they will continue refining its capabilities based on real-world feedback.

The tools that law enforcement agencies used for forensic email investigations pre-Beagle are surprisingly primitive. They often rely on common email clients’ search functions. These search functions retrieve results on specific queries. They are only really useful when the investigators know where to look. In other words, when they know what to look for.

Beagle helps catch email scammers
In an Abstract preceding the main article in the journal, the authors wrote: “We developed Beagle as a forensic tool for email datasets that allows investigators to flexibly form complex queries in order to discover important information in email data. Beagle was successfully deployed at a security firm which had a large email dataset that was difficult to properly investigate.”

Knowing where to look is not easy when the case involves a large number of scammers and hundreds of thousands of emails.

Prof. Bertini explains that Beagle creates a visual analytical interface. The interface can return queries, summarize emails, and highlight commonalities. It can even do this in fields that investigators might otherwise have overlooked. Investigators may have overlooked, for example, keywords, the victims’ geographical location, and the time an email was sent.

Building pictures from data

Prof. Bertini said:

“Beagle builds pictures from the data, making it much easier to connect the dots and ultimately understand how scam networks operate, from first contact with a victim through what are often multiple rounds of extortion.”

Researchers developed Beagle in a two-year iterative process using a database of over 100,000 emails. Agari had intercepted them from real-life scammers. An iterative process uses ‘iteration,’ i.e., the repetition of a process.

John Wilson, Agari’s Field CTO (Chief Technology Officer), said:

“Business email compromise and other forms of email fraud are being perpetuated by multinational criminal organizations on a global scale. Beagle has enhanced our ability to monitor and track these criminal organizations, painting a fuller picture of the individuals involved and their relationships between one another.”

Beagle has already been used to reveal an entire network of victims and scammers. It started with emails from a single known scammer. It eventually encompassed several scammers and a cohort of victims. Researchers subsequently shared their data with law enforcement agencies.

Beagle can build evidence

Prof. Beagle said:

“We were surprised to discover that Beagle can actually build evidence.”

He noted that the tool can enhance the analytical process by surfacing connections that lead to further queries and data enrichment.


Lessons Learned Developing a Visual Analytics Solution for Investigative Analysis of Scamming Activities,” Jay Koven, Cristian Felix, Hossein Siadati, Markus Jakobsson, and Enrico Bertini. IEEE Transactions on Visualization and Computer Graphics (2018). Print ISSN: 1077-2626, Electronic ISSN: 1941-0506, CD-ROM ISSN: 2160-9306. DOI: 10.1109/TVCG.2018.2865023.