Phishing - Emails Target AI Defenses with Obfuscation
Basically, scammers are hiding bad emails under lots of harmless text to trick AI filters.
New phishing emails are using clever obfuscation to evade AI defenses. Organizations relying on NLP for email security are at risk. Understanding these tactics is essential for protection.
What Happened
A new phishing technique is emerging that specifically targets AI-based email defenses. According to a report from KnowBe4, these emails use a unique obfuscation method to confuse natural language processing (NLP) systems. By placing a significant amount of benign content after the malicious part of the email, attackers aim to trick these AI defenses into overlooking the threats.
In their analysis, KnowBe4 examined 40 obfuscated phishing emails. They discovered that most of these emails contained over 100 line breaks between the phishing content and the benign text. The average was a staggering 157 line breaks. This design reduces the likelihood of recipients scrolling down far enough to notice the malicious intent.
Who's Being Targeted
Organizations that rely on AI-driven email security are particularly vulnerable to this tactic. The obfuscation often mimics legitimate communications, making it harder for users to identify phishing attempts. For instance, one email imitated an Adobe Acrobat file share from a company’s HR department, featuring an Uber advertisement at the bottom. This technique was noted in 63% of the analyzed emails, with many containing legitimate links to sites like uber.com and bofa.com.
The polymorphic nature of these attacks complicates detection. Subject lines and attachment names are randomized for each recipient, making it difficult for administrators to implement mass deletions based on common identifiers. This adaptability makes the threat more insidious, particularly for organizations with limited resources to monitor email traffic.
Signs of Infection
Identifying these phishing emails can be challenging. The obfuscation technique not only pads the email with benign content but also increases its overall length. Some emails even include randomized text formatted to look like an email chain, further disguising the malicious content. KnowBe4 found that 31% of the obfuscated emails contained legitimate email threads after the phishing content.
For users, the signs of infection may not be immediately apparent. However, if an email takes too long to scan, it might bypass security checks altogether. This means that even advanced email security tools may allow these threats through if they rely solely on probability-based assessments.
How to Protect Yourself
To combat this evolving threat, organizations should consider adopting more advanced AI-driven email security solutions that assess email intent rather than simply relying on probability scales. Implementing a zero-trust approach to email security can also help block these deceptive emails before they reach users' inboxes.
Additionally, educating employees about the signs of phishing attacks is crucial. Regular training sessions can help users recognize suspicious emails, even those that appear benign at first glance. As these tactics evolve, staying informed and proactive is key to safeguarding against phishing threats.
SC Media