Blog

Understanding AI-Powered Email Threats

It’s 2024, and Artificial Intelligence (AI) and machine learning are completely transforming the way we live, work, and play. And while the promises of yesteryear are being fulfilled when you think about self-driving cars, virtual reality headsets, brain-implants, and ChatGPT, advances in AI have also brought other less exciting realities. As collateral damage for all this awesome technology we’ve been granted, AI is now preparing to snatch millions of jobs, distort content online, and even sneak into our inboxes, putting companies at a much higher risk.

AI-Powered email threats are on the rise in a major way. Perception Point’s 2023 Report on Cybersecurity Trends & Insights reveals the rise of cyber threats against email channels, and an 83% increase in business email compromise attacks.

The world of AI is advancing rapidly, so businesses need to adapt and stay on top of things in order to protect their customers and data and prevent AI-powered attacks. It will help to have a local, trusted, and reliable email host with a dedicated support staff in your corner.

In this article, we’re going to break down the world of AI-powered email attacks, including types and methods of attack, and how AI is helping attackers with email.

 

Types of Attacks

Every day, cybercriminals and the technologies at their disposal are becoming more advanced and sophisticated. This means that traditional email security may not be able to prevent attacks. Not only are attacks becoming harder to detect, but they’re also looking more believable thanks to AI.

According to the Perception Point report mentioned above, Phishing is the number one method of attack, representing 77% of all email attacks. Malware is next at 16%, followed by business email compromise at 4% and advanced attacks at 3%. Note that business email compromise attackers rely on methods like phishing to execute their strategy, which explains why phishing is credited with the largest share of all attacks.

Here’s a look at the various ways attackers can compromise your email:

 

Business Email Compromise

aerial view of man typing

Impersonation

As a business, there are a few main ways in which your email can be attacked, but one of the most common methods for cybercriminals to go about their business is to impersonate a seemingly real person or business to request money or confidential data. These attackers use fake email addresses and fake names, doing their best to trick employees into believing in their identity.

The reality is the people in your organization are likely the weak link. From a security standpoint, hacking into a secure system is far more difficult than tricking an employee who may be susceptible to fatigue, preoccupation, and obliviousness.

Brand Impersonation

Brand impersonation is similar to normal impersonation, the difference being the attacker is attempting to trick someone into thinking they’re a well-known brand. The attackers employing this strategy go to great lengths to create entire websites, email addresses, and URLs that imitate those of a real company.

Brand impersonation attacks have come a long way. When in the past these attackers were easily recognizable by sloppy logos and odd language, they’ve now upped their game. Advanced attackers will have every branding aspect matched to a T, including fonts, spacing, and graphic elements.

Which companies are these attackers impersonating? According to Perception Point’s report, it’s Microsoft more often than not. Next is LinkedIn, followed by SharePoint, DHL, and PayPal. But these attackers can also become more believable when they impersonate more local brands like your internet provider or a major supplier.

Account Takeover

cybercriminal in the dark

Once an attacker has successfully impersonated and convinced an employee they are someone they’re not, the door is open for account takeover. An account takeover occurs when an attacker gains access to an email or application using stolen credentials.

A cybercriminal aiming for an account takeover will using a phishing email when they’re ready to attack. The strategy involves using impersonation to trick someone into entering their credentials on what seems like a website they’re familiar with but is in fact not the real website. From there the attacker will have the credentials in their possession, at which point they’ll be able to login and create havoc.

Often the worst part for businesses that have been attacked this way is the fact that the attack is very difficult to detect, which means an attacker could have access for an extended period. All it looks like is the employee logging in with their credentials. If they don’t do anything too suspicious once logged in, the attacker could steal a bunch of valuable internal or customer data.

Phishing & Malware

Sometimes, impersonation is not even necessary to takeover an account or compromise an email. Instead, all it takes is one unconscientious action of an employee. If an employee clicks a link or downloads a file from a mischievous sender without thinking, they could be opening the door for an attacker to download malware onto their machine, spy on their internal platforms and data, and steal sensitive information.

 

How AI is Helping Attackers

With the help of AI, attackers are able to broaden their target victim pool, improve their messaging, and appear more real. Gone are the days of being able to spot an attacker based on language and grammar, slightly off logos, and weird sounding requests.

One of the biggest reasons email attacks have become better and more frequent is tools like ChatGPT and Google Bard. While these tools help us easily craft strongly worded emails, song lyrics, and wedding speeches, they’re also aiding cybercriminals.

Creating Better Content

Tools like ChatGPT can analyze amounts of data to identify patterns, which can help attackers craft email subject lines and content that looks and feels authentic. Not only will the spelling and grammar be correct, but the messaging will sound realistic and like how a person or brand would approach you by email. And with AI-based social engineering, attackers are able to send email messages that are highly personalized and contextually relevant.

Attack Strategy

looking at website code

Armed with AI and automation, attackers can automate every stage of their attack, from actually creating the email to sending and managing responses. Machine learning then comes into play, which can examine user behaviour and responses to optimize the campaign.

These AI algorithms can also be trained to evade suspicion. They can dodge email filters without an issue, while leveraging responses to adjust strategy and actions. This learning-on-the-go aspect gives attackers an advantage, especially since the attacks are so difficult to detect.

Targeting and Impersonation

Aside from generating new content, tools like ChatGPT can be trained to mine public information from websites, people, and companies. To start, useful data for impersonation can be gathered, such as fonts, colours, and formats. But these tools can also find personal information like preferences and interests, which can be leveraged in an email campaign.

 

To better protect your organization’s email along with your employees, website, and data, an experienced support team like Caorda can help. Our support staff understand the AI-driven landscape of cybercriminals and cyberthreats, and are better equipped to detect and prevent attacks. Reach out today to inquire about email hosting and maintenance services: