What's that? An AI-generated phishing email

Gerasim Hovhannisyan at EasyDMARC argues that domain authentication is crucial to spotting malicious emails

 

Amid the dizzying speed of digitisation, businesses are becoming more vulnerable to cyber-attacks every day, and cyber-criminals are becoming increasingly successful in conducting these malicious attacks. Technology like AI is making it easier for cyber-criminals to write convincing phishing messages while also advancing the security measures that are supposed to protect us from cyber-attacks. With the good comes the bad. 

 

Everyone wants in on the AI race, and no one is slowing down. So, it’s more important than ever for organisations to rethink their strategy when it comes to cyber-security and how they can effectively fend off threats that emanate from AI in the long term.

 

The most notorious threat that can be advanced using AI is phishing. With the likes of AI applications like ChatGPT, cyber-criminals are able to write the most sophisticated phishing emails ever. AI removes typos which are traditional marks of phishing emails, and instead can be used to write carefully crafted messages that appear to come from legitimate senders. This takes the power away from businesses, making it more difficult for them to spot traditional phishing red flags.

 

Technological tools to help reduce the risk posed by phishing attacks are becoming more advanced but with that being said, it has to be the right email security tool for it to actually be effective. But what are those? And how do they compare to other tools? 

 

The email security landscape

Email security is dominated by organisations solely relying on spam filters, with the majority of people having a spam folder on their emails. Yet, spam filters decide an email’s legitimacy by identifying certain keywords, phrases, and spelling mistakes and detecting certain patterns in the content of emails - things which AI can eliminate to surpass these filters. 

 

More recently, email providers have incorporated behavioural data and machine learning to track the emails and senders that produce high engagement. Those with low engagement indicate a dubious email. Some spam filters also include domain authentication and have been enhanced by adding new layers of detection, although they still largely rely on sifting through the content of an email to decide whether it should be sent to the spam folder.

 

Against the backdrop of AI such as ChatGPT being able to write hyper-human-like emails with captivating content and then distributing these messages in bulk, it means phishing emails are more likely to slip through the net and end up in email inboxes. As a result, it is no longer an option but a necessity to turn towards email security tools that don’t rely on analysing content to detect signs of emails that aren’t genuine.

 

Preventing these emails from deceiving spam filters before they can successfully lead to an attack will be pivotal in fortifying email security. Consequently, the significance of email security at the domain level becomes paramount, as it thwarts domain impersonation strategies that form the foundation of most sophisticated phishing threats.

 

Defining DMARC, SPF and DKIM

For email authentication to be the most effective, it consists of three critical elements - SPF, DKIM, and DMARC.

• Sender Policy Framework (SPF) is a process that registers all servers authorised to send emails from a domain.
• DomainKeys Identified Mail (DKIM) is a system that signs all legitimate outbound emails using a cryptographic key.
• Domain-based Message Authentication, Reporting & Conformance (DMARC) is a technique that examines whether an email’s originating server aligns with its SPF record and verifies the presence of the correct DKIM key. It then allows the automation of reporting, quarantining, or dismissing non-legitimate emails.

 Altogether SPF, DKIM, and DMARC provide a comprehensive solution to preventing domain impersonation for AI-backed phishing attempts, significantly reducing the likelihood of injecting ransomware, successful financial scams and malware via email into an organisation.

 

Why it’s important to stop phishing emails

Phishing emails can have devastating effects on businesses, including financial losses and reputational damage. 

 

Phishing emails are designed to steal sensitive information from the victim. If a phishing attack is successful, the attacker can access a company’s confidential information like financial information, customer data and employees’ sensitive data. This information can be used to commit identity theft, fraud, or other malicious activities.

 

Moreover, these attacks can prove costly in the aftermath. For example, businesses may incur costs associated with investigating the attack, repairing any damage, and implementing security measures to prevent future attacks.

 

Not only are finances at stake, but also a business’s reputation. Customers expect businesses to keep their personal information safe. If a business falls victim to a phishing attack and customer data is compromised, it can lead to a loss of trust and damage to the company’s reputation.

 

Phishing is a cyber-actor’s favourite sport, and AI is making it easier, as it can produce well-crafted phishing emails, which could lead to catastrophic results for businesses. Meaning traditional email security tools, such as spam filters, that are founded on analysing the content of emails are less reliable.

 

That is why there is value in email authentication, as it can prevent domain impersonation strategies which underpin most sophisticated phishes. 

 

Yet, businesses are leaving themselves exposed to these AI-generated emails as DMARC-inclusive solutions remain under-adopted and underutilised by domains in most verticals. In fact, 75% of Forbes Global 2000 companies have implemented less than half of the security measures associated with DMARC.

 

---

 

Gerasim Hovhannisyan is CEO and co-founder of EasyDMARC

 

Main image courtesy of iStockPhoto.com