Blog

The Double Role AI Plays in Email Security and BEC Exploits

Written by Jeff Rezabek | Apr 18, 2024

Business Email Compromise (BEC) attacks are still top of mind and creating many headaches for IT and Security leaders. Failure to detect these sophisticated threats could result in data exposure, financial fallout, and unwanted attention. The FBI’s 2023 Internet Crime Report notes that BEC scams resulted in $2.9 billion in reported losses. 

While many IT and Security leaders turn to AI to protect against these attacks, they are also aware that it's being leveraged by cybercriminals to craft and launch highly personalized threats—creating a double-edged sword for email security. 
 
This post reveals three ways AI is used in BEC attacks and defense. 

3 Ways AI is Driving BEC 

AI in BEC Attacks: The Criminals' New Tool 

  1. Speed in Crafting Compelling Social Engineering Attacks: Phishing-focused AI tools, like WormGPT, allow cybercriminals to rapidly research potential targets and craft emails that mimic the style and tone of legitimate sources. 
  2. Personalization (at Scale): Attackers can use AI to scrape publicly available data to personalize phishing emails and tailor their messages to each victim, making the emails more convincing and increasing the likelihood of a successful scam. 
  3. Automating Attack Adaptation: AI enables cybercriminals to quickly adapt their strategies based on what's working and what isn't. If certain keywords or approaches trigger defenses, AI systems can alter the attack methods in real-time, staying one step ahead of traditional security measures. 

AI in Detecting Attacks: The Defender's Edge 

  1. Harnessing Social Graphs: Powerful anti-phishing solutions use AI to create employee social graphs, which create a baseline of who communicates with whom, the frequency of interactions, and the usual content of these communications. Using this baseline, AI can flag subtle anomalies that may indicate a BEC attempt. 
  2. NLP Models to Identify Content and Behavior Anomalies: Natural Language Processing (NLP) models analyze content and intent of emails, assessing them for unusual patterns or requests that are out of character. This AI-driven scrutiny extends to analyzing sender behavior, spotting discrepancies that human eyes might miss. 
  3. Continuous Learning for Real-Time Defense: AI alone is not enough. Just as cybercriminals identified vulnerabilities in Secure Email Gateways, they will identify vulnerabilities in static AI algorithms. This is why thousands of organizations turn to IRONSCALES. Our Adaptive AI continuously distills new threat intelligence and feedback from human insights, learning from every new attempted attack. This not only improves our ability to detect never-seen-before threats in real-time, but also ensures we can adapt to emerging threats engineered by attackers leveraging AI technologies.