The extent to which AI is being weaponised to fuel social engineering tactics is astonishing. Today, using AI, critical threat campaigns can be created for just $5. With malicious links the preferred breach tactic of bad actors, research shows that attackers are out to get Gmail accounts, thanks to the treasure trove of information stored in these Google accounts. They are using the new Open Graph Spoofing Toolkit, to create malicious links that look highly legitimate, manipulating the web page previews that pop up on social media and even altering the uniquely defining metadata that goes along with those URLs, to evade detection. With this level of deviousness, innocent Gmail account holders
Considered an attacker’s dream, this Toolkit is easily available on the dark web. Ironically, the Open Graph Protocol itself was originally developed by Facebook to help its web developers to better control how pages appeared when shared across platforms. Of course, the cybercriminals are applying it maliciously. This Open Graph Spoofing Toolkit eliminates the long-winded and complicated “phishing links” that are typically tell-tale signs of fake links.
True story
With this level of deviousness, innocent Gmail account holders stand little chance in identifying these advanced email threats – when an experienced professional coder like Zach Latta, the Founder of Hack Club, found himself nearly fooled.
True story! An attacker spoofed a Google caller ID and contacted Latta, claiming his account had been compromised. They sent a convincing phishing link from a genuine Google domain and instructed Latta to reset his password. When Google sent a legitimate password reset code, the attacker attempted to trick Latta into entering it on the fraudulent site, which would have allowed them to intercept the reset process and take over his account.
Fortunately, Latta’s experience and instincts kicked in before he entered any information, preventing the attack. However, this highlights a critical point: modern AI-driven phishing tactics can create attacks featuring links that appear completely legitimate – bypassing standard email security because they originate from authentic domains.
And it’s not only the Gmail email platform that is threatened. Every email application is at risk. Enterprises need to adopt advanced email security measures – regardless of the email platform they are using – as standard email authentication methods and protocols – such as SPF, DKIM, and DMARC – are proving inadequate.
Techniques to combat advanced AI-led email attacks
Email security demands the use of a variety of sophisticated techniques and capabilities to challenge and protect against harmful email attacks that can trick email scanners into bypassing them to reach users’ inboxes.
Advanced threat detection capability, combined with remediation is essential. This capability will allow administrators to “wind back the clock” and remove malicious emails that have evaded previous detection from users’ inboxes. This retroactive approach will ensure that even if harmful emails initially get through, they can be identified and eliminated before causing damage.
Another critical capability is URL defense through the use of sandboxing. This technique opens links in a secure location to vet their integrity before allowing users to interact with them. By effectively scanning the link again at click-time, this technology ensures that links, even if previously deemed safe, are reassessed for any alterations on the backend that may have converted them into malicious links. This additional layer of security is vital in preventing phishing attacks that rely on deceptive URLs.
Similarly, attachment sandboxing is necessary as it detects advanced threats embedded in seemingly benign attachments.too. It leverages machine learning to scan the contents of email attachments for signs of malicious behaviour, vetting attachments in a protected environment and analysing their actions upon execution. By doing so, even if an attachment passes the initial email defenses, it won’t compromise the system during subsequent interactions.
A cloud approach to email security management
Utilising a cloud platform for email security management can ensure that all the above techniques are applied in a timely and routine manner, underpinned by a multi-layered defense approach. Enterprises can configure such platforms to block phishing emails, malicious attachments, and harmful links – that may have duped the email authentication mechanisms – before they reach users’ inboxes.
These systems leverage machine learning to analyse incoming emails against a vast database of previously identified phishing and business email compromise scams. They are designed to compare keywords as well as the intent, tone, and metadata of the email – things like the time stamp, the geographical location sent from, and even the wording of the message itself. Using AI, the systems can determine if these factors differ from established baselines or match up with malicious patterns that are already on file, to filter out the subtle, advanced, and hard-to-identify email attacks.
Email security requires vigilance from users too. To ensure that “security” doesn’t come in the way of users’ daily work, some enterprises are imaginatively using such platforms to grant limited permissions to users to manage their own, individual settings. For example, users can include aliases, keep an up-to-date senders list, and create custom filters and disclaimers.
With cybercriminals using AI and social engineering tactics to unleash heinous, highly personalised, precise, difficult-to-detect, and scalable email threat campaigns incredibly cheaply, enterprises must effectively counter such threats by applying the same AI and machine learning technology at various touchpoints, progressively narrowing the choke point so that ultimately the threat gets caught before it reaches users’ inbox.
