Blog

Computer Vision and NLU Identify Social Engineering

Written by Eyal Benishti | Oct 01, 2020

We’ve spent a lot of time in the past year educating the market about what a modern, self-learning email security platform consists of. From post-email delivery protection and decentralized crowd-sourced threat hunting to mailbox level anomaly detection and advanced malware and URL link detection, there’s a lot that goes into a unified anti-phishing solution that can significantly reduce phishing risk and alleviate security team burden.

Self-learning email security is made possible by the deployment of automation, artificial intelligence (AI) and machine learning (ML) technologies, which together can enable organizations to predict, prevent, detect and respond to all types of complex phishing techniques in real-time. Legacy gateway-level solutions with pseudo automation and an adherence to YARA Rules simply have little to no value in present day phishing mitigation efforts.

Business email compromise and account takeover accelerate

If you read this year’s Verizon Data Breach Investigations Report, then you are aware that the delivery of malware within phishing emails is trending down while the use of social engineering attacks is trending up. In other words, there are fewer phishing attacks containing malicious payloads, such as links and attachments, and more phishing emails containing personalized and nuanced messaging aimed at prompting an action, such as paying a fake invoice or inputting login credentials.

Further, the accelerated ascendance of social engineering suggests that the technique is working. Business email compromise (BEC) attacks accounted for half of all cybercrime in 2019 and we recently published a report that identified more than 50,000 fake login pages spoofing 200 of the world’s largest brands in just the first half of 2020 alone.

This is bad news for organizations that continue to rely on IOC focused email defenses such as SEGs, as such technology was not built to identify threats without a malicious payload, no less stop them in their tracks.

Understanding the content and intent of suspicious messages

The prominence of social engineering attacks is why we at IRONSCALES have worked hard over the past year to supplement our AI and ML technologies with computer vision and natural language understanding. Such emerging technologies empower our platform to automatically understand both the content and intent (“what”) of suspicious messages, and at the same time validating sender identity and domain authenticity (“who”), which is what legacy email security tools and authentication protocols focus on.

This added contextual analysis not only helps to identify social engineering, but it enables verdicts to be rendered before an email hits an employee’s inbox. Here are more details about how computer vision and NLU help reduce email security risk:

Computer Vision Technology

Helps to prevent credential harvesting and PII leaks by looking at visual deviations from the norm common with fake web pages. By comparing the visual similarity of legitimate landing pages to spoofed ones, computer vision provides a critical additional layer of defense since they do not rely on simple pattern matching technologies.

Natural Language Understanding

Powered by neural networks helps determine the intent of an email by scanning language usage for topic and sentiment. With NLU, our email security platform can determine commonly fraudulent messaging used social engineering messages, which include employee availability checks, requests for unspecific tasks, gift card requests and solicitations for direct deposits, payments and bank details. Additionally, NLU makes it easier for organizations to protect against impersonations of senior executives and high-level managers because the technology scrapes metadata to scan for words and phrases commonly associated with those roles.

Even as we speak the email phishing threat continues to challenge organizations of all sizes. While diminishing somewhat, traditional phishing messages containing malware continue to exist while social engineering techniques are rapidly escalating.

While this reality may appear complicated to defend against, the IRONSCALES platform was purposefully built to mitigate both types of attacks. And by deploying computer vision and NLU, our self-learning email security platform is the only one on the market able to help customers automatically identify the “what” and the “who” of a malicious message.

Interested in giving our email security platform a shot? Sign up for a free trial - your company’s inboxes will thank you later!