The use of artificial intelligence (AI) chatbots by cybercriminals to create phishing campaigns has been a cause for concern and it has now been discovered that it is almost impossible to detect AI-generated phishing emails, according to the internet security provider -mail Egress.
The company’s finding is based on its “Phishing Threat Trends Report”, published on Monday, 2. According to the study, AI detectors cannot tell whether a phishing email was written by a chatbot or a human in three cases out of four (71.4%).
The reason for this is due to how AI detectors work. Most of these tools are based on large language models (LLMs), so their accuracy increases with longer sample sizes, often requiring a minimum of 250 characters to work.
Nearly half (44.9%) of phishing emails do not meet the 250 character requirement and another 26.5% fall below 500, meaning that currently AI detectors will not work reliably or at all. 71.4% of attacks.
In the report, Egress researchers also found that human-generated phishing campaigns are becoming harder to detect, with a 24.4% jump in obfuscation techniques that were integrated into more than half (55%) of emails. phishing emails in 2023.
These techniques have also grown in sophistication, with nearly half (47%) of phishing threat operators deploying two layers of obfuscation and less than a third (31%) using just one technique.
The most popular technique is HTML smuggling, which involves exploiting legitimate HTML5 and JavaScript resources to encode and embed malicious code in HTML files or web pages.
Additionally, Egress found that 34% of email flow can be categorized as “graymail,” which the company describes as “bulk but requested emails such as notifications, updates, and promotional messages.”
This creates a flood of emails that makes phishing detectors’ jobs harder and recipients are more likely to click on a phishing email.
All of these new propagation and concealment methods used by cybercriminals mean that although the overall volume of phishing has not increased, the number of phishing emails that bypass security defenses is increasing. For example, emails that escaped Microsoft’s defenses increased by 25% this year compared to 2022. Those that evaded secure email gateways (SEGs) increased by 29% in the same period.
In a public statement, Jack Chapman, vice president of threat intelligence at Egress, said these findings should prompt email security defenders to change their anti-phishing approach. “Legacy approaches to email security rely heavily on quarantine, preventing end users from seeing phishing emails, but as our report highlights, phishing emails will inevitably get through.”
According to him, this is one of the reasons why the company reversed the quarantine model, adding dynamic banners to neutralize threats within the inbox. These banners are designed to clearly explain the risk in an easy-to-understand, timely and relevant way, acting as teachable moments that educate the user. Ultimately, teaching someone how to catch phishing is a more sustainable approach to long-term resilience,” he commented.
The Egress report, whose original in English can be accessed here, describes the most popular topics used by phishing campaigns for every month this year so far. Are they:
- January: RingCentral Representation
- February: Alias Imitation Attackers
- March: Impersonation of HMRC/IRS notification
- April: Security Software Representation
- May: Sextortion phish/life ruiners
- June: Lottery impersonation
- July: Salesforce/Meta ads
- August: Geek Squad
- September: Credit card payments
Source: CisoAdvisor
