• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Business   »   Leveraging the Power of AI to Stop Email Scammers

Leveraging the Power of AI to Stop Email Scammers

  • Posted on:April 16, 2018
  • Posted in:Business
  • Posted by:
    Chris Taylor
0

Staff members are on the frontline when it comes to cyberattacks against their employers. They’re increasingly seen by hackers as a weak link in the cybersecurity chain. That’s why most threats today come via email, aimed squarely at tricking the recipient into downloading malware, divulging log-ins or making wire transfers to the attacker. We predict cumulative losses from Business Email Compromise (BEC) attacks alone will hit $9 billion this year.

As attacks get smarter, so must we. That’s why Trend Micro is introducing two innovative new offerings to help in the fight against email scammers. One is a new AI-powered feature designed to improve BEC detection while the other will help IT teams train their employees to spot phishing attacks. It’s one more step towards taking the fight to the bad guys.

The email threat

There’s no doubt that email is the primary threat vector for attackers targeting organizations today. The Trend Micro™ Smart Protection Network™ blocked more than 66 billion threats in 2017, over 85 percent of which were emails containing malicious content.

BEC is an increasingly favored tactic as the rewards can be huge. It’s hard for many organizations to spot because attacks typically don’t contain any malware; they rely mainly on social engineering of the carefully selected recipient. That recipient, usually in the finance department, is sent an email impersonating the CEO, CFO, or other executive requesting that they urgently make a wire transfer or reply with sensitive data. With average losses topping $130,000 per incident, it’s no surprise that we saw an increase in attempted BEC attacks on our customers of 106 percent between 1H and 2H 2017.

This is not to underplay the impact phishing continues to have on organizations around the globe. By targeting employees, attackers can spread malware and covertly infiltrate networks to steal sensitive data and IP. Results from the Black Hat Attendee Survey last year illustrate the impact this trend is having on organizations.

  • IT Leaders cited phishing as their #1 security concern
  • Phishing was identified as the most time-consuming threat
  • The weakest link in IT security was cited as end users being tricked by phishing attacks
  • 19 percent rated phishing as the most serious cyber threat to emerge within the past year, second only to ransomware

Taking action

The potential financial and reputational damage of such attacks is obvious. In the face of these rising threat levels we must hit back — and we have, with two new free tools.

Writing Style DNA includes new AI-powered technology that learns how executives write so that it can spot impersonation attempts, and sends a warning to the implied sender, recipient and the IT department. It sounds straightforward but requires serious computing power and smart AI algorithms to achieve. For each user, a personal model is created using 7,000 features of writing characteristics to train the system — things like punctuation and sentence length. We convert emails to meta data before analyzing, to protect customer’s privacy and meet compliance requirements.

Focusing on the writing style in the body of the email complements existing techniques that analyze behavior and intention. Some of these current techniques can fail if, for example, the attacker uses compromised accounts at legitimate domains to hide the true origin of the email. It’s one more tool to help IT teams push back the rising tide of email threats, and it will be made available at no extra cost as part of Cloud App Security (CAS) for Office 365 and ScanMail for Microsoft Exchange (SMEX),

First line of defense

Technology is a vital layer of defense to keep email threats at bay. But what about your employees, who are often thought of as the ‘weakest link?’

We can help here, too. A new free SaaS-based phishing simulation service can help IT teams train employees to spot attempted attacks before they have a chance to impact the organization. Phish Insight is all about enhancing awareness of your staff. All it takes is one administrator, four steps and five minutes to run a real-world exercise designed to mimic what employees might see at their desks.

With the detailed reporting results, displayed in a handy graphical interface, IT teams can then tailor their education programs to make lasting behavioral changes.

Phish Insight is now available free of charge to all organizations of all sizes around the world. The service has been available for a year in Asia and has generated huge interest as organizations leverage it to turn their weakest link into a formidable first line of defense. As email threats continue to rise, we’d encourage you to take a look.

To stop phishing and social engineering attacks it is critical to make both your people and your technology smarter. Phish Insight trains your people to better spot phishing attacks and Writing Style DNA confirms the authorship of an email to prevent CEO fraud and other types of BEC attacks.

Related posts:

  1. Don’t Blame Employees who fall for a BEC scam!
  2. Stop Impersonations of Your CEO by Checking the Writing Style
  3. Beyond Catching Sender Spoofing – using AI to stop email fraud and Business Email Compromise
  4. Why Scammers Want Your Tax Returns (and how to stop them)

Security Intelligence Blog

  • (Almost) Hollow and Innocent: Monero Miner Remains Undetected via Process Hollowing
  • Waterbear is Back, Uses API Hooking to Evade Security Product Detection
  • December Patch Tuesday: Vulnerabilities in Windows components, RDP, and PowerPoint Get Fixes

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Answering IoT Security Questions for CISOs
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • How To Be An Informed Skeptic About Security Predictions
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Trend Micro Selected as Launch Partner for AWS Ingress Routing Service and Stalkerware on the Rise
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • The Shared Responsibility Model
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • What Worries CISOs Most In 2019

Follow Us

Trend Micro In The News

  • Trend Micro Takes On Palo Alto Networks With Cloud Conformity Buy
  • Trend Micro Partners with Snyk to Fix Vulnerabilities for DevOps
  • Trend Micro Partners With Snyk To Advance DevSecOps
  • Hackers to stress-test Facebook Portal at hacking contest
  • NEW TECH: Trend Micro inserts 'X' factor into 'EDR' - endpoint detection response
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.