How artificial intelligence and machine learning fight phishing

Updated at: Nov 26, 2020
By Gatefy

A computer and a hook to represent a phishing attack.

Phishing is a type of cyber attack in which the crook tries to impersonate a person or company to deceive the victim. This scam is a major threat in the cybersecurity world, and is especially worrisome for businesses.

However, there are several tools and techniques to fight phishing. Today we’ll focus on artificial intelligence (AI) and machine learning (ML).

The increased use of artificial intelligence has impacted virtually every industry, including cybersecurity. In the case of email security, AI has brought speed, accuracy and the ability to do a much more thorough analysis.

That's why here at Gatefy we invest a lot of time and energy in developing our artificial intelligence. Request a demo of our email protection solutions: Gatefy Email Security and Gatefy Anti-Fraud Protection.

Besides analyzing and categorizing email the moment it arrives, AI can do so on a larger scale much faster and more accurately when compared to the traditional model based on rules and filters.

Using database and big data analysis, it identifies spam, phishing, spear phishing, and other types of attacks by taking into account the message content and context.

Lucky for us! After all, nobody wants to send someone confidential information or even money to find out that it was a fraudulent and malicious email.

How does AI detect phishing? 

We already know that artificial intelligence and machine learning can make email analysis faster and more accurate, but the main question we want to address is: How exactly do they work to prevent and fight phishing?

1. Looking for anomalies and warning signals

Effective systems based on artificial intelligence and machine learning, such as our email security solution, look for anomalies and warning signals for phishing throughout the email, from the metadata to the message content.

This includes, for example, alerts based both on email behavior (e.g. forged senders) and message intent (such as urgent topics).

A sense of urgency in the message, by the way, is one of the main signs of a phishing scam. If the email requires quick action and uses words that show urgency, the warning signal is lit.

AI then works to identify and understand the context of the message, checking if it’s a common spam, a phishing attack or a legitimate message.

Let's take the word "promotion" as an example. In itself, the word may already be considered suspicious. However, an AI system seeks to understand more precisely whether or not the email is really a threat and how serious that threat is.

This allows for a better distinction between phrases such as “Urgent: 50% OFF promotion” (in this case, indicating a simple spam) and “Fill in your card number right now to participate in the promotion” (in this case, indicating a phishing scam).

The same logic applies to warning signs in the email header. For example, AI identifies cases of email spoofing (forged senders), misspelled domains, and other types of spoofing.  

Coupled with traditional engines such as SPF, DKIM and DMARC, the system greatly extends threat detection capabilities.

2. Analyzing the message context 

Another key point that helped establish AI as one of the biggest defenses against phishing is its ability to examine a message based on context. That way, an email isn’t just compared to other existing phishing scams; it’s analyzed as a whole.

The system will take into account, for example, the presence or absence of a previous conversation, any data that the sender may be requesting in the email, the connection between the topic written in the subject and the message itself, among others.

In addition, ML-based email protection constantly learns from the data and the users and administrators feedback, making analysis increasingly accurate.

This allows us to assure, for example, that Gatefy's artificial intelligence is constantly evolving, always learning and adapting to each client's style and needs.

3. Understanding how users communicate 

The type of fraud that hurts businesses the most today is hardly ever detected by traditional email detection tools and security solutions, simply because it doesn't involve the typical elements of a malicious email. These are spear phishing, such as Business Email Compromise (BEC) and Email Account Compromise (EAC) scams.

We often say that spear phishing is the evolution of phishing. Spear phishing is a highly specialized scam type. The cybercriminal studies the victims thoroughly before starting the fraud, using what we call social engineering.

That is, the crook gathers information about the target and his or her employer, co-workers and close friends and family.

This way, the hacker can send credible emails, opening a dialogue channel little by little until he or she gets the person or target to perform a desired action. For example, paying a bill, making a bank transfer, downloading a malicious file or malware, providing confidential and sensitive data.

Fighting these specialized scams requires using ML and AI algorithms that can understand how users communicate. For example, learning their typical behavior, their textual patterns, and whether the context of the messages makes sense.

If someone is trying to impersonate the company’s CEO, for example, the system must be able to identify changes in the executive's communication pattern and block the attack before it causes any damage.

While this is a key breakthrough in fighting spear phishing, we must mention the importance of training employees and executives to recognize the scam and know how to act if there’s any suspicion.

AI and ML: allies in fighting phishing 

As we’ve seen, artificial intelligence is an important ally in fighting phishing. Basically, it uses data analysis and machine learning to examine metadata, content, context, and typical user behavior.

This way, it quickly and accurately identifies potential threats and anomalies in emails.

If you have any questions about AI and ML, feel free to contact us. We’ll do our best to understand your needs and explain exactly how these technologies can protect you and your business.