CN117560448A

CN117560448A - Telecom fraud early warning method, device, equipment and medium

Info

Publication number: CN117560448A
Application number: CN202311452739.1A
Authority: CN
Inventors: 蒋艳军; 赵轶新; 王乾; 肖楠
Original assignee: China Telecom Corp Ltd
Current assignee: China Telecom Corp Ltd
Priority date: 2023-11-02
Filing date: 2023-11-02
Publication date: 2024-02-13

Abstract

The application provides a telecommunication fraud early warning method, a device, equipment and a medium, aiming at improving early warning effect. The method comprises the following steps: acquiring a target user number of which the target fraud number is communicated in a first set communication mode; determining a target grade of the target user number according to the frequency of communication between the target fraud number and the target user number through the first set communication mode, wherein the target grade is used for representing the fraud risk of the target user number; and carrying out early warning on the target user number according to a set target association relation by using an early warning mode associated with the target grade of the target user number, wherein the target association relation comprises association relations between target grades corresponding to the fraud risks with different sizes and different early warning modes.

Description

Telecom fraud early warning method, device, equipment and medium

Technical Field

The present invention relates to the field of communications technologies, and in particular, to a telecommunications fraud early warning method, apparatus, device, and medium.

Background

With the continuous development of the internet industry and the deep popularization of the communication industry, communication terminals such as mobile phones and the like have become indispensable tools for the public. However, with the widespread use of communication terminals, some lawbreakers implement telecommunications fraud by using communication means such as short messages, mails, telephones, etc., which have extremely bad influence on users of the communication terminals.

The traditional telecommunication fraud early warning method only carries out early warning through a short message early warning mode when a user receives information transmitted by a communication mode such as a short message, a mail or a telephone which is marked as a fraud number in advance, and the passive and single early warning mode has the problems that the early warning of the user is omitted, the user is difficult to notice early warning in time and the like, so that the early warning effect on the user is affected.

Disclosure of Invention

In view of the above, embodiments of the present application provide a telecommunications fraud pre-warning method, apparatus, device and medium, so as to overcome or at least partially solve the above-mentioned problems.

In a first aspect of an embodiment of the present application, there is provided a telecommunications fraud pre-warning method, the method including:

acquiring a target user number of which the target fraud number is communicated in a first set communication mode;

determining a target grade of the target user number according to the frequency of communication between the target fraud number and the target user number through the first set communication mode, wherein the target grade is used for representing the fraud risk of the target user number;

and carrying out early warning on the target user number according to a set target association relation by using an early warning mode associated with the target grade of the target user number, wherein the target association relation comprises association relations between target grades corresponding to the fraud risks with different sizes and different early warning modes.

In a second aspect of the embodiments of the present application, there is provided a telecommunications fraud pre-warning device, the device comprising:

the first acquisition module is used for acquiring a target user number of which the target fraud number is communicated in a first set communication mode;

the first processing module is used for determining a target grade of the target user number according to the frequency of the target user number communicating with the target user number through the first set communication mode, wherein the target grade is used for representing the fraud risk of the target user number;

the first early warning module is used for carrying out early warning on the target user number according to a set target association relation by an early warning mode associated with the target grade of the target user number, wherein the target association relation comprises association relations between target grades corresponding to fraud risks of different sizes and different early warning modes.

In a third aspect of the embodiments of the present application, there is provided an electronic device, including a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the telecommunication fraud early warning method according to the first aspect when executing the program.

In a fourth aspect of embodiments of the present application, there is provided a computer readable storage medium having stored thereon a computer program/instruction which, when executed by a processor, implements the steps of the telecommunication fraud pre-warning method as described in the first aspect.

Embodiments of the present application include the following advantages: the method comprises the steps of actively acquiring the target user number which is communicated based on a first set communication mode to perform early warning, converting a passive early warning mode into an active early warning mode, reducing omission of early warning of a user, evaluating the risk of the target user number suffering from telecommunication fraud according to the communication frequency of the target user number and the target user number in the first set communication mode, reasonably determining the target user number according to the target user number, and early warning the target user numbers with different target grades in different early warning modes so as to enable the user to notice early warning timely as much as possible, thereby improving early warning effect and guaranteeing property safety of the user.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments of the present application will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

FIG. 1 is a flowchart of an implementation of a telecommunications fraud pre-warning method in an embodiment of the present application;

FIG. 2 is a schematic diagram of a process for determining a target level in an embodiment of the present application;

FIG. 3 is a flowchart of an implementation of a method for determining a target level in an embodiment of the present application;

fig. 4 is a flowchart of an implementation of a method for obtaining a target user number in an embodiment of the present application;

fig. 5 is a flowchart of an implementation of an early warning method for a target user number in an embodiment of the present application;

FIG. 6 is a flowchart of an implementation of a method for verifying suspected fraud numbers in an embodiment of the present application;

fig. 7 is a flowchart of an implementation of a method for obtaining suspected fraud numbers in an embodiment of the present application;

FIG. 8 is a flowchart of an implementation of a method of preprocessing a suspected fraud number in an embodiment of the present application;

FIG. 9 is a schematic diagram of an implementation process of a telecommunications fraud pre-warning method in an embodiment of the present application;

FIG. 10 is a schematic diagram of a telecommunication fraud pre-warning device according to an embodiment of the present application;

fig. 11 is a schematic diagram of an electronic device in an embodiment of the application.

Detailed Description

In order that the above-recited objects, features and advantages of the present application will become more readily apparent, a more particular description of the invention briefly described above will be rendered by reference to specific embodiments that are illustrated in the appended drawings.

With the continuous development of the internet industry and the deep popularization of the mobile communication industry, communication terminals such as mobile phones and the like have become indispensable tools for the public. Communication services in communication modes such as short messages, mails and telephones related to communication terminals are widely applied to the Internet and the mobile communication industry, and play an important role. However, with the widespread use of communication terminals, some lawbreakers conduct advertisement propagation by means of short messages, mails, telephones, etc., and even implement telecommunication fraud, so that great trouble is brought to users of the communication terminals. The junk short messages, junk phones, junk mails and other information delay the time of the user, influence the normal work and life of the user, cause great waste of social resources and cause extremely bad influence on the user. How to more effectively prevent users from harassment by fraud information and ensure the property safety of the users to the greatest extent becomes a problem to be solved urgently.

The traditional telecommunication fraud early warning method only carries out early warning through a short message early warning mode when a user receives information transmitted by communication modes such as short messages, mails or telephones which are marked as fraud numbers in advance.

Taking a fraud short message early warning method as an example, currently, fraud number marking is mainly performed through keywords or short message sending behaviors (such as whether the short message sending frequency or the amount of money is greater than a set threshold value), and when a user receives a short message marked as a fraud number, early warning is performed on the user through the short message. The fraud short message early warning method has the following problems:

1. only when the user receives the short message marked as the fraud number in advance, the short message is sent to remind the user of the safety risk; for users who send fraud messages before a certain number is marked as a fraud number, the passive early warning mode cannot realize early warning on the part of users, so that the early warning omission of the users is caused.

2. Only using the short message to remind the user may have received the fraud short message, but some users may not be sensitive to the short message, and this single early warning mode easily reduces the sensitivity of the user to early warning, so that the user is likely to fail to notice early warning in time, resulting in property loss.

3. Only the fraud number is marked and the short message is reminded, no further action is taken, and the influence of telecommunication fraud on the user is difficult to effectively control.

Aiming at the problems in the related art, the embodiment of the application provides a multidimensional early warning scheme, which realizes an active early warning function on an information receiver (namely a target user number) related to the fraud number and can reduce the omission of early warning of the user; the multi-dimensional early warning for distinguishing the risk of fraud is carried out according to the target grade of the target user number, so that the attention of the user to the early warning can be improved, the user can notice the early warning in time, the early warning effect can be improved, and the property safety of the user is ensured; and the influence of telecommunication fraud on the user can be effectively controlled by timely closing and stopping the fraud number.

The telecommunication fraud early warning method, the device, the equipment and the medium provided by the embodiment of the application are described in detail below by means of some embodiments and application scenes of the embodiments with reference to the accompanying drawings.

In a first aspect, referring to fig. 1, a flowchart of an implementation of a telecommunications fraud early warning method according to an embodiment of the present application is shown, where the method may include the following steps:

step S11: and obtaining the target user number of which the target fraud number is communicated through the first set communication mode.

In the implementation, the first setting communication mode may be set as a communication mode such as a short message, a mail, or a phone according to actual requirements. After the first set communication mode is determined, the fraud-related number can be identified according to the keyword identification or the communication behavior (such as communication frequency, communication amount and the like) identification and the like, any identified fraud-related number is used as a target fraud-related number, the user number (such as the user number which receives communication information such as a short message, mail or telephone voice from the target fraud-related number in the last week) of which the target fraud-related number is communicated through the first set communication mode is found, and any found user number is used as a target user number so as to perform active early warning on the target user number later, so that the omission of user early warning is reduced.

Step S12: and determining a target grade of the target user number according to the frequency of the target fraud number communicating with the target user number through the first set communication mode, wherein the target grade is used for representing the fraud risk of the target user number.

In particular implementation, considering that the greater the frequency of communication between the target fraud number and the target user number, the greater the probability that the target user number is subject to telecommunication fraud (i.e. the risk of fraud), the embodiment of the present application reasonably determines the target grade of the target user number according to the frequency of communication between the target fraud number and the target user number, so as to pre-warn the target user number in a suitable pre-warning manner according to the target grade.

For example, a positive correlation (or a negative correlation) between the level of the risk of fraud and the level of the target may be set, and a threshold value may be set, if the frequency is greater than the threshold value, which indicates that the risk of fraud of the target user number is greater, the target level of the target user number is correspondingly set to be a higher target level (e.g. 2); if the frequency is not greater than the threshold value, the risk of fraud related to the target user number is smaller, and the target grade of the target user number is correspondingly set to be a lower target grade (such as 1). Similarly, the association relationship between the target grade and the frequency can be refined by setting a plurality of threshold values and the like, for example, the association relationship between the communication frequency with different value ranges and the target grade is determined, so that more refined multidimensional early warning on the target user number is realized according to the target grade.

Step S13: and carrying out early warning on the target user number according to a set target association relation by using an early warning mode associated with the target grade of the target user number, wherein the target association relation comprises association relations between target grades corresponding to the fraud risks with different sizes and different early warning modes.

The target association relationship may be defined in a system configuration table, so that the target association relationship is convenient to maintain and update later.

In the specific implementation, the early warning modes of the target user numbers associated with different target grades can be flexibly set and adjusted according to actual requirements through the target association relation, so that the influence of a single and fixed early warning mode on the early warning sensitivity of the user is avoided.

For example, for a target grade corresponding to a larger fraud risk, the target grade may be associated with a telephone early warning mode, or the target grade may be associated with a plurality of early warning modes, so as to ensure that a target user number with a larger fraud risk can notice early warning in time as much as possible; for the target grade corresponding to the target user number with smaller fraud risk, the target grade can be associated with other early warning modes except the telephone early warning mode or the target grade can be associated with one or a few types of early warning modes, so that the sensitivity of the user to early warning is improved by carrying out early warning on the target user numbers with different target grades in different early warning modes, and the user (particularly the user with larger fraud risk) can timely notice the early warning, thereby improving the early warning effect.

By adopting the technical scheme of the embodiment of the application, the target user numbers, which are communicated based on the first set communication mode, are actively acquired for early warning, so that the passive early warning mode is converted into the active early warning mode, missing of early warning of users can be reduced, the risk of the target user numbers suffering from telecommunication fraud is evaluated according to the communication frequency of the target user numbers and the target user numbers in the first set communication mode, reasonable determination of target grades is realized for the target user numbers, early warning is carried out on the target user numbers with different target grades in different early warning modes, and users can notice early warning timely as much as possible, so that the early warning effect is improved, and the property safety of the users is guaranteed.

Optionally, in an embodiment, in step S12, determining the target level of the target user number according to the frequency of the target fraud number communicating with the target user number through the first set communication mode includes:

acquiring a first parameter corresponding to the target fraud number, wherein the first parameter is used for representing the frequency of the target fraud number communicating with the target user number in a set time through the first set communication mode;

Obtaining a second parameter which corresponds to all the fraud numbers in the set time, wherein the second parameter is used for representing the average frequency of the communication of the individual fraud numbers with different user numbers in the set time through the first set communication mode;

and determining the target grade of the target user number according to the first parameter and the second parameter.

The first parameter may be a parameter capable of describing the frequency of communication, such as the total number of times or the average number of times (e.g. the average to the number of times per day) of the communication between the target fraud number and the target user number in a first set communication manner (e.g. a short message, a mail, a phone, etc.) within a set time (e.g. within a week); the second parameter is used to describe that the total frequency of all the fraud numbers communicating with different user numbers in the set time is averaged to the frequency of each fraud number, for example, the second parameter may be a ratio of the total number of times of all the fraud numbers communicating with different user numbers in the set time in the first set communication mode to the number of all the fraud numbers (i.e. the total number of times of communication is averaged according to the number of fraud numbers), or the total number of times of communication may be first averaged according to time (e.g. average to daily), and then a ratio of the total number of times of communication after average corresponding to the day to the number of all the fraud numbers is used as the second parameter.

In a specific implementation, the second parameter can be used for knowing the frequency of each fraud-related number communicating with different user numbers in a first set communication mode, so that according to the first parameter and the second parameter (such as according to the information of the positive and negative of the difference value between the first parameter and the second parameter, and the like), the frequency of the target fraud-related number communicating with the target user number in the first set communication mode can be measured, and relative to the situation that the average frequency of the single fraud-related number communicating with the user number in the set time is too large or too small, if the average frequency is too large, the situation that the target user number has a large fraud-related risk is indicated, and a target grade corresponding to the large fraud-related risk is set for the target user number; if the average frequency is too small, the fact that the target user number has small risk of fraud is indicated, and a target grade corresponding to the small risk of fraud is set for the target user number, so that the reasonable determination of the target grade of the target user number is realized by combining communication frequencies of different fraud numbers in set time.

As a possible implementation manner, before the obtaining the first parameter corresponding to the target fraud number, the method further includes:

Establishing a target mapping relation among the communication times of a single fraud-related number and a single user number through the first set communication mode in the set time, the total communication times of all fraud-related numbers and all user numbers through the first set communication mode in the set time, a set adjusting factor and a first parameter corresponding to the single fraud-related number;

the adjusting factor is used for controlling the communication times corresponding to the single fraud-related number and influencing the first parameter corresponding to the single fraud-related number;

the obtaining the first parameter corresponding to the target fraud number includes:

determining a first parameter corresponding to the target fraud number according to the communication times of the target fraud number communicating with the target user number through the first set communication mode in the set time, the total communication times of all fraud numbers communicating with all user numbers through the first set communication mode in the set time and the target mapping relation.

It can be understood that by introducing the adjustment factor, the influence of the communication times of the communication between the target fraud number and the target user number (i.e. the communication times corresponding to the single fraud number) on the first parameter is conveniently controlled, for example, when the communication times of the communication between the target fraud number and the target user number are greatly increased, the increase amplitude of the first parameter can be reduced by the adjustment factor; or when the communication times of the target fraud number and the target user number are slightly increased, the increase amplitude of the first parameter can be increased through the adjusting factor, so that the communication times corresponding to the target fraud number can be flexibly controlled through the adjusting factor, the influence on the fraud risk judgment of the corresponding target user number (such as reducing the occurrence probability of a target grade corresponding to a larger fraud risk, ensuring the sensitivity of a user to an early warning mode corresponding to the larger fraud risk, and the like) can be further improved, and the actual early warning requirement can be met.

In the implementation, the target mapping relation is obtained by constructing a neural network model, a linear or nonlinear model (i.e. a linear or nonlinear function) and the like, and fitting the communication times of single fraud-related numbers and single user numbers, the total communication times of all fraud-related numbers and all user numbers, a set adjustment factor and a first parameter corresponding to the single fraud-related numbers in a set time and in a first set communication mode; and substituting the communication times of the target fraud number and the target user number (namely the communication times of the single fraud number and the single user number) and the total communication times of all fraud numbers including the target fraud number and all user numbers into the target mapping relation in the first set communication mode, so as to obtain a first parameter corresponding to the target fraud number.

The above-described target mapping relationship may be expressed as follows, for example:

D(X)＝(f/N)*(1-e^(-α*f))

wherein D (X) represents a first parameter, f represents the number of times of communication between a single fraud number and a single user number in a set time through a first set communication mode (for example, the number of times of sending a short message from the fraud number to the user number); n represents the total communication times of all the fraud numbers in the set time through the first set communication mode and all the user numbers (such as the total short message sending times of all the fraud numbers in the set time); e represents the Euler number; alpha represents a set adjustment factor for controlling the degree of influence of the number of communications of the single fraud-related number on the first parameter, and the larger the alpha value is, the larger the influence of the number of communications of the single fraud-related number on the first parameter is, i.e. the probability that the single user number is considered to suffer from telecommunication fraud increases rapidly with increasing number of communications of the single fraud-related number, and the smaller the alpha value is, the smaller the influence of the number of communications of the single fraud-related number on the first parameter is, i.e. the probability that the single user number is considered to suffer from telecommunication fraud increases slowly with increasing number of communications of the single fraud-related number.

The second parameter may be determined by the following formula:

wherein E (X) represents a second parameter (e.g. the total amount of short message transmissions of all the fraud-related numbers in a set time is averaged to the average transmission amount of the short message of each fraud-related number); x1, x2, …, xn represent the total number of communications (such as the total amount of short message sent by a single fraud number in a set time) that each fraud number communicates with a different user number through a first set communication mode in a set time; n represents the number of all fraud-related numbers within the set time.

Based on the above formula, the target user numbers associated with different target fraud numbers can be mapped to the two-dimensional coordinate system taking the first parameter D (X) and the second parameter E (X) as coordinate axes, and a dividing line (shown as an arrow-headed dotted line in fig. 2) is set, the target user numbers associated with different target fraud numbers are divided into the highest and lowest target levels, namely, the target user number associated with the target fraud number in the high fraud level area (i.e. the area above the arrow-headed dotted line) is determined as the target level (i.e. the highest target level) corresponding to the maximum fraud risk, and the target user number associated with the target fraud number not in the high fraud level area (i.e. the area below the arrow-headed dotted line) is determined as the target level (i.e. the lowest target level) corresponding to the minimum fraud risk, wherein when one target user number is associated with a plurality of target fraud numbers, the target fraud levels need to be determined for each associated target fraud number.

Optionally, in an embodiment, in the step S12, before determining the target level of the target user number according to the frequency of the communication between the target fraud number and the target user number through the first set communication manner, the method further includes:

judging whether the target fraud number is communicated with the target user number through a second set communication mode;

under the condition that the target fraud-related number is communicated with the target user number through a second set communication mode, determining the target grade of the target user number as the target grade corresponding to the maximum fraud-related risk in the target association relation;

in the step S12, determining the target level of the target user number according to the frequency of the communication between the target user number and the target fraud number through the first set communication mode includes:

and under the condition that the target fraud number does not communicate with the target user number through the second set communication mode, determining the target grade of the target user number according to the frequency of the target fraud number communicating with the target user number through the first set communication mode.

In specific implementation, one or more communication modes such as a telephone, a mail and the like which are different from the first set communication mode can be set as a second set communication mode according to actual requirements, and the target grade of the target user number which is communicated by using the first set communication mode and the second set communication mode is determined as the target grade corresponding to the maximum fraud risk, so that early warning is carried out on the part of users (namely, the users with the greater fraud risk because of the plurality of communication modes which are concerned with the current scene, the users have important attention), and early warning is carried out through an early warning mode which is related to the target grade corresponding to the maximum fraud risk, so that the part of users can notice early warning in time as far as possible, and property loss is avoided.

Taking the first set communication mode as a short message and the second set communication mode as a telephone as an example, as shown in fig. 3, through the technology of artificial intelligence (AI, artificial Intelligence) such as machine learning and data mining, user voice ticket data is mined, and whether the target fraud number and the short message receiver finish talking is determined by detecting whether the short message receiver (i.e. the target user number) generates a voice ticket with the target fraud number.

If the short message receiver (i.e. the target user number) and the target fraud number generate a voice ticket, the target user number is indicated to receive the short message of the target fraud number and answer the call of the target fraud number, and the target grade of the target user number is determined to be the target grade (such as a high target grade) corresponding to the maximum fraud risk in the target association relationship; if the short message receiver and the target fraud number do not generate a voice call ticket, the target user number is indicated to receive the short message of the target fraud number, but does not answer the call of the target fraud number, and the target grade of the target user number is determined according to the short message sending frequency of the target fraud number to the target user number. After determining the target level of the target user number for the target fraud number, adding the determined target level to information items associated with the target fraud number (e.g. information items commonly associated with the target fraud number) in a fraud user number database.

Optionally, in an embodiment, in step S11, the obtaining the target user number of the target fraud number that has been communicated by the first set communication mode includes:

Acquiring a first call ticket data associated with the first set communication mode;

screening the target fraud-related number from the first ticket data as second ticket data of a sender;

and determining the target user number according to the information of the receiver in the second ticket data.

The ticket (CDR, call Detail Record, which may also be called call detail record, detail list) refers to the original communication record information, including information of the sender (e.g. calling party) and the receiver (e.g. called party).

In the specific implementation, a first ticket data associated with a first set communication mode such as a short message ticket can be obtained, a cleaning mechanism of ticket data is constructed through technologies such as big data, data stream and the like, target fraud numbers are screened out from the first ticket data to serve as second ticket data of a sender (such as the target fraud numbers serve as senders of communication information such as short messages, mails and telephone voices), information such as user numbers, receiving time and receiving contents of a receiver are extracted from the second ticket data and stored in a pre-constructed fraud-related user number database, and then each user number which receives the communication information associated with the first set communication mode such as the short messages, mails or telephone voices from the target fraud numbers is determined according to the extracted information, and after the screened user numbers are subjected to de-duplication and the like, each user number after processing is respectively used as the target user number, so that multi-dimensional early warning can be carried out on each target user number.

Taking the first set communication mode as a short message as an example, as shown in fig. 4, after obtaining a fraud-related short message number (i.e. a target fraud-related number), inquiring short message call ticket data (i.e. first call ticket data), filtering short message call ticket data (i.e. second call ticket data) related to the fraud-related short message number from the inquired short message call ticket data, extracting user numbers, short message receiving time, short message content and other key data of all users (i.e. users having suffered from telecommunication fraud and potential fraud risk) sent by the fraud-related short message number from the filtered short message call ticket data, storing the user numbers as target user numbers respectively, and performing early warning on the user numbers.

Optionally, in an embodiment, the target association relationship includes association relationships between target levels corresponding to the fraud risks with different sizes and early warning modes with different priorities;

in the step S13, the pre-warning is performed on the target user number according to the set target association relationship in a pre-warning manner associated with the target level of the target user number, including:

under the condition that the target grade of the target user number is the target grade associated with the early warning modes of a plurality of priorities in the target association relationship, determining the early warning mode of the maximum priority supported by the target user number from the early warning modes of the plurality of priorities;

And carrying out early warning on the target user number in an early warning mode of the maximum priority supported by the target user number.

In the specific implementation, the priorities of different early warning modes can be set according to the factors such as the cost, the attention degree of the user and the like, one target grade can be associated with one or more priority early warning modes when the target association relation is set, and the early warning mode with the maximum priority supported by the target user number is selected to early warn the target user number under the condition that the target grade of the target user number is associated with the early warning modes with the multiple priorities, so that the situation that early warning failure is caused because the target user number does not support a certain early warning mode is reduced.

The target association relationship includes an association relationship between a high target level and a telephone early warning mode and an association relationship between a low target level and a WeChat early warning mode, and the priority of the WeChat early warning mode is higher than that of the WeChat early warning mode, for example, as shown in fig. 5, user data to be early warned in a fraud-related user number database is queried through a big data technology, a target level field, a fraud-related number associated with the target level field and a user number associated with the target level field are extracted from the user data (the target level field, the user number and the fraud-related number are associated and stored in the user data).

And respectively taking the extracted user number and the fraud-related number as a target user number and a target fraud-related number, and inquiring the latest updated target association relationship in the system configuration table according to the extracted target level field to obtain an early warning mode associated with the target user number.

Specifically, under the condition that the target level field corresponds to a high target level, the system configuration table is queried to know that the early warning mode is a telephone early warning mode, and then intelligent customer service telephone reminding is performed on the target user number, for example, a user is reminded that the information such as a short message, a mail, a voice and the like sent by the target fraud number has fraud risks, so that the property safety of the user is protected.

Under the condition that the target grade field corresponds to a low target grade, the system configuration table is queried to know that the early warning mode is a WeChat early warning mode and a short message early warning mode, whether the target user number pays attention to a set public number or not is detected (whether the target user number usually supports the short message early warning mode is considered, so that the target user number does not additionally detect whether the target user number supports the short message early warning mode or not), if the target user number pays attention to the set public number, the WeChat early warning mode is supported by the target user number, and a WeChat notification is sent to the target user number; if the target user number does not pay attention to setting public numbers, the target user number is indicated to not support a WeChat early warning mode, and a short message notification is sent to the target user number through a short message system so as to ensure that the target user number can normally receive early warning.

Optionally, in an embodiment, before the step S11, the method further includes, before obtaining the target user number for which the target fraud number has been communicated by the first set communication manner:

acquiring suspected fraud numbers;

judging whether the suspected fraud number is a fraud number according to target information of the suspected fraud number, wherein the target information comprises at least one of whether a user to which the suspected fraud number belongs is in a user white list, whether a terminal to which the suspected fraud number belongs is in a terminal white list and whether the suspected fraud number has a multiplex;

and determining the suspected fraud-related number determined to be the fraud-related number as the target fraud-related number.

In the implementation, the suspected fraud number can be obtained according to keyword recognition or communication behavior (such as communication frequency, communication amount and the like) recognition and the like. As shown in fig. 6, the target information of the suspected fraud number is obtained by querying an operator's own database or the like, so as to perform one or more of verification of a terminal white list, verification of multiplex information, verification of a user white list, and the like.

For example, if the terminal to which the suspected fraud number belongs is in the set terminal white list, it may be determined that the terminal white list passes verification, and the suspected fraud number is marked as "no fraud" in a pre-constructed fraud number library (including the acquired suspected fraud numbers); if the user to which the suspected fraud-related number belongs is in the set user white list, the user white list can be judged to pass verification, and the suspected fraud-related number is marked as 'no fraud-related' in a fraud-related number library; if the suspected fraud-related number has a multiplex, the multiplex information can be judged to pass the check, and the suspected fraud-related number is marked as 'no fraud-related' in a fraud-related number library.

After the one or more kinds of verification are performed on the suspected fraud-related number, if the suspected fraud-related number is not marked as "not related to fraud", the suspected fraud-related number is indicated to have a high probability of being a fraud-related number, and the suspected fraud-related number is taken as a target fraud-related number, so that misjudgment and missed judgment of the fraud-related number can be reduced, and the reliability of early warning can be improved.

Optionally, the suspected fraud-related numbers marked as "no fraud" in the fraud-related number library are cleaned up by big data technology, so as to avoid the occurrence of false early warning and influence on the user experience.

As a possible implementation manner, after determining whether the suspected fraud number is a fraud number according to the target information of the suspected fraud number, the method further includes:

and performing shutdown processing on the suspected fraud-related number determined to be the fraud-related number.

In the implementation, as shown in fig. 6, the fraud-related numbers determined by one or more kinds of verification can be synchronized to each operator so as to perform shutdown processing on the numbers, thereby expanding the treatment effect of telecommunication fraud and protecting the property safety of other potential victim users.

As a possible implementation manner, the acquiring the suspected fraud number includes:

and receiving suspected fraud numbers associated with the first set communication modes transmitted at different channel timings.

In the implementation, a fraud number library may be pre-established, the suspected fraud numbers associated with the first set communication mode and periodically sent by channels such as 31 provinces and 12321 report are received, the received suspected fraud numbers are sorted according to data sources (i.e. channels) to ensure that the suspected fraud numbers can be stored in the fraud number library in time, and then each suspected fraud number in the fraud number library can be checked based on the target information.

Taking the first set communication mode as a short message, as shown in fig. 7, a fraud-related short message data synchronization mechanism can be pre-agreed with each channel, for example, each channel is specified to synchronize the suspected fraud-related short message data (which at least contains the suspected fraud-related short message number) of the day before the early morning every day according to a file transfer protocol (SFTP, secure Shell File Transfer Protocol) mode based on a secure shell, and the SFTP path can be set to be channel/date and pre-agreed with a data communication rule so as to ensure that the collection of the suspected fraud-related short message data uploaded by each channel is accurate. And scanning the suspected fraud-related short message data uploaded by each channel on the SFTP through a timing task, and storing the suspected fraud-related short message data into a corresponding database table in a fraud-related number library according to the channel name.

In order to reduce the repeated early warning, as shown in fig. 8 and 9, the timing task may be further used to start a plurality of threads to convert the obtained suspected fraud-related short message data into a data stream, extract the suspected fraud-related short message number in the suspected fraud-related short message data stream that has not been sent to the associated user number for early warning by using a big data technology, perform preprocessing such as de-duplication on the extracted fraud-related short message number (i.e. only one number remains in the same number) by using the big data technology, and perform further processing such as verification based on target information on the preprocessed fraud-related short message number.

Taking the first set communication mode as a short message and the second set communication mode as a telephone as an example, the telecommunication fraud early warning method provided by the above embodiment is illustrated by combining specific data based on the implementation process shown in fig. 9.

The first step: collecting each suspected fraud-related short message number uploaded by each channel, and storing each suspected fraud-related short message number into a corresponding database table in a fraud-related number library according to the channel.

The suspected fraud-related short message refers to a mobile phone short message which aims at fraud or cheating property of other people and performs false, exaggeration or information release suspicion with decoy content.

And a second step of: extracting suspected fraud-related short message codes needing to be pre-warned (if the pre-warning is not sent to the associated user number) from a fraud-related number library: 133123456xx, 186123456xx.

And a third step of: and (3) performing one or more of terminal white list verification, multiplex information verification and user white list verification on the suspected fraud-related short message number, removing 186123456xx marked as "fraud-not-related" and taking 133123456xx as a target fraud-related number.

Fourth step: inquiring 133123456xx short message ticket data, extracting each target user number of the received short message sent by 133123456 xx: 133876543xx, 133987654xx, 133098765xx.

Fifth step: the voice call ticket data and the short message call ticket data of the target fraud numbers 133123456xx are mined so as to determine respective target grades of the target user numbers (133876543 xx, 133987654xx and 133098765 xx) based on a second set communication mode and communication frequency, and the respective corresponding early warning modes of the target user numbers are determined by combining the set target association relationship and the early warning modes supported by the target user numbers, as shown in the following table 1:

target user number	Whether to generate a voice ticket	Target grade	Early warning mode
				133876543xx	Is that	High target grade	Telephone early warning mode
133987654xx	Whether or not	Low target grade	WeChat early warning mode
				133098765xx	Whether or not	Low target grade	Short message early warning mode

TABLE 1

According to the above table 1, aiming at the target fraud-related number 133123456xx, determining that the associated target user number 133876543xx corresponds to a high target grade, so that intelligent customer service telephone reminding is performed; determining that the associated target user number 133987654xx corresponds to a low target grade and supports a WeChat early warning mode with high priority, so that WeChat notification reminding is carried out; and determining that the associated target user number 133098765xx corresponds to a low target grade, and not supporting a high-priority WeChat early warning mode, but supporting a lower-priority short message early warning mode, so that short message reminding is carried out.

It can be understood that the above example realizes the active early warning function for the short message receiver (i.e. the target user number) related to the fraud number, so that the omission of early warning of the user can be reduced; compared with the traditional fixed short message notification mode, the early warning mode can be interfered by modifying the target association relation, so that the early warning modes associated with different target levels are more flexible and changeable; and the multi-dimensional early warning of the risk of fraud is distinguished according to the target grade of the target user number, so that the sensitivity of the user to the early warning can be improved, the user can notice the early warning in time, the anti-fraud reminding effect is improved, and the life and property safety of the user is effectively protected.

For the purposes of simplicity of explanation, the methodologies are shown as a series of acts, but one of ordinary skill in the art will recognize that the embodiments are not limited by the order of acts described, as some acts may, in accordance with the embodiments, occur in other orders or concurrently. Further, those skilled in the art will appreciate that the embodiments described in the specification are all preferred embodiments and that the acts referred to are not necessarily required by the embodiments of the present application.

In a second aspect, fig. 10 is a schematic structural diagram of a telecommunications fraud early warning device according to an embodiment of the present application, the device includes:

Optionally, the first processing module includes:

the first processing sub-module is used for acquiring a first parameter corresponding to the target fraud-related number, wherein the first parameter is used for representing the frequency of the target fraud-related number communicating with the target user number in a set time through the first set communication mode;

the second processing sub-module is used for acquiring second parameters which are corresponding to all the fraud-related numbers in the set time, wherein the second parameters are used for representing the average frequency of the communication of the individual fraud-related numbers with different user numbers in the set time through the first set communication mode;

And the third processing sub-module is used for determining the target grade of the target user number according to the first parameter and the second parameter.

Optionally, the apparatus further comprises:

the first establishing module is used for establishing a target mapping relation among the communication times of a single fraud-related number and a single user number in the set time through the first set communication mode, the total communication times of all fraud-related numbers and all user numbers in the set time through the first set communication mode, a set adjusting factor and a first parameter corresponding to the single fraud-related number;

the first acquisition module includes:

the first obtaining sub-module is configured to determine a first parameter corresponding to the target fraud-related number according to a communication frequency of the target fraud-related number communicating with the target user number in the set time through the first set communication mode, a total communication frequency of the target fraud-related number communicating with all user numbers in the set time through the first set communication mode, and the target mapping relation.

Optionally, the apparatus further comprises:

the first judging module is used for judging whether the target fraud number is communicated with the target user number through a second set communication mode;

the second processing module is used for determining the target grade of the target user number as the target grade corresponding to the maximum fraud risk in the target association relationship under the condition that the target fraud number is communicated with the target user number through a second set communication mode;

the first processing module includes:

and the third processing module is used for determining the target grade of the target user number according to the frequency of the communication between the target fraud number and the target user number through the first set communication mode when the target fraud number is not communicated with the target user number through the second set communication mode.

Optionally, the first acquisition module includes:

the second acquisition sub-module is used for acquiring the first call ticket data associated with the first setting communication mode;

a third obtaining sub-module, configured to screen the target fraud number from the first ticket data as second ticket data of the sender;

And a fourth obtaining sub-module, configured to determine the target user number according to the information of the receiver in the second ticket data.

Optionally, the target association relationship comprises association relationships between target levels corresponding to the fraud risks with different sizes and early warning modes with different priorities;

the first early warning module comprises:

the first early warning sub-module is used for determining an early warning mode of the maximum priority supported by the target user number from among the early warning modes of the priorities when the target grade of the target user number is the target grade associated with the early warning modes of the priorities in the target association relation;

and the second early warning sub-module is used for early warning the target user number in an early warning mode of the maximum priority supported by the target user number.

Optionally, the apparatus further comprises:

the second acquisition module is used for acquiring suspected fraud numbers;

the second judging module is used for judging whether the suspected fraud number is a fraud number according to target information of the suspected fraud number, wherein the target information comprises at least one of whether a user to which the suspected fraud number belongs is in a user white list, whether a terminal to which the suspected fraud number belongs is in a terminal white list and whether the suspected fraud number has a multiplex;

And the fourth processing module is used for determining the suspected fraud-related number judged to be the fraud-related number as the target fraud-related number.

Optionally, the apparatus further comprises:

and a fifth processing module, configured to perform shutdown processing on the suspected fraud number determined to be the fraud number.

Optionally, the first acquisition module includes:

the first receiving module is used for receiving suspected fraud numbers associated with the first set communication modes sent at different channel timings.

It should be noted that, the device embodiment is similar to the method embodiment, so the description is simpler, and the relevant places refer to the method embodiment.

The embodiment of the application also provides an electronic device, and referring to fig. 11, fig. 11 is a schematic diagram of the electronic device according to the embodiment of the application. As shown in fig. 11, the electronic device 100 includes: the system comprises a memory 110 and a processor 120, wherein the memory 110 is in communication connection with the processor 120 through a bus, and a computer program is stored in the memory 110 and can run on the processor 120, so that the steps in the telecommunication fraud early warning method disclosed by the embodiment of the application are realized.

The embodiment of the application also provides a computer readable storage medium, on which a computer program/instruction is stored, which when executed by a processor, implements the telecommunication fraud early warning method as disclosed in the embodiment of the application.

The embodiment of the application also provides a computer program product, which comprises a computer program/instruction, wherein the computer program/instruction realizes the telecommunication fraud early warning method disclosed in the embodiment of the application when being executed by a processor.

In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described by differences from other embodiments, and identical and similar parts between the embodiments are all enough to be referred to each other.

It will be apparent to those skilled in the art that embodiments of the present application may be provided as a method, apparatus, or computer program product. Accordingly, the present embodiments may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present application may take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, systems, devices, storage media, and program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

While preferred embodiments of the present embodiments have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the present application.

Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or terminal device comprising the element.

The foregoing has described in detail the method, apparatus, device and medium for telecommunications fraud pre-warning provided by the present application, and specific examples have been applied herein to illustrate the principles and embodiments of the present application, the above examples are only used to help understand the method and core ideas of the present application; meanwhile, as those skilled in the art will have modifications in the specific embodiments and application scope in accordance with the ideas of the present application, the present description should not be construed as limiting the present application in view of the above.

Claims

1. A telecommunications fraud pre-warning method, the method comprising:

2. The method of claim 1, wherein the determining the target rank of the target user number according to the frequency of the target fraud number communicating with the target user number through the first set communication mode comprises:

3. The method as recited in claim 2, wherein prior to said obtaining the first parameter corresponding to the target fraud-related number, the method further comprises:

determining a first parameter corresponding to the target fraud number according to the communication times of the target fraud number communicating with the target user number through the first set communication mode in the set time, the total communication times of the target fraud number communicating with all user numbers through the first set communication mode in the set time and the target mapping relation.

4. The method of claim 1, wherein prior to said determining a target rank for said target user number based on a frequency of said target user number communicating with said target user number via said first set communication means, said method further comprises:

The determining the target grade of the target user number according to the frequency of the communication between the target fraud number and the target user number through the first set communication mode includes:

5. The method as claimed in claim 1, wherein said obtaining a target user number to which the target fraud number has been communicated by means of the first set of communication means comprises:

6. The method of claim 1, wherein the target association relationship comprises association relationships between target levels corresponding to the fraud risk risks of different sizes and early warning modes of different priorities;

And the pre-warning is carried out on the target user number according to the set target association relation in a pre-warning mode associated with the target grade of the target user number, and the pre-warning comprises the following steps:

7. The method according to any one of claims 1-6, wherein before said obtaining a target user number to which a target fraud number has been communicated by means of the first set of communication means, said method further comprises:

acquiring suspected fraud numbers;

8. The method of claim 7, wherein after the determining whether the suspected fraud number is a fraud number according to the target information of the suspected fraud number, the method further comprises:

9. The method of claim 7, wherein the obtaining the suspected fraud number comprises:

10. A telecommunications fraud pre-warning device, the device comprising:

11. An electronic device comprising a memory, a processor and a computer program stored on the memory, wherein the processor executes the computer program to implement the telecommunication fraud pre-warning method of any of claims 1-9.

12. A computer readable storage medium having stored thereon a computer program/instruction, which when executed by a processor implements the telecommunication fraud pre-warning method of any of claims 1 to 9.