back-iconBack to the blog
Table of contents
    AI in Email Security Industry News / Trends
    Dec 17, 2024

    GenAI is not the end of the world

    Candid Wüest
    1 min read

    Last week, I had the pleasure of attending BSidesVienna and the DeepSec conference in Vienna. Lots of interesting conversations took place, and, of course, generative AI (GenAI) was a common topic. My presentation highlighted the shift that GenAI has created for cybercriminals while also emphasizing that it's not the end of the world. 

    GenAI helps with automation

    For example, in the phishing part of my talk, I examined the complete chain of phishing emails—from target selection, creation, and sending to responding to the emails. It should not come as a surprise that we’ve seen attackers use GenAI to create all kinds of scripts for automation. These scripts help them become more efficient and increase the frequency and volume of their attacks. You can find quite a few advertisements for such services on dark web forums.

     
    image-1
     

    Commonly, phishing campaigns begin by sourcing potential targets from leaked email lists or by enumerating a target company’s employee directory. For each target, the new scripts can personalize the lure message, for example, by referencing interests and hobbies from social media. Of course, this is not a new technique; tools like Maltego have been able to perform such tasks for many years. However, GenAI is making these capabilities more widely accessible.

    A fool with a tool…

    Keep in mind that GenAI is a tool, and like any other tool, the results highly depend on the person using it and the data fed into it. For example, we have observed multiple phishing emails written in the Swiss German dialect. This is amusing, as official companies such as banks or logistics firms would never communicate in Swiss German. It’s likely that someone instructed the AI tool to apply whichever language fits the target country without realizing the mistake.

    One significant advantage of GenAI for attackers is its ability to handle multi-stage interactions. Whether it’s romance scams, CEO fraud, or 419 advance-fee scams, an AI agent can automatically respond to any question from the victim in the appropriate context. We’ve also seen cybercriminals use reinforcement learning to update their lure messages or swap phishing links automatically when detection occurs.

    Context matters

    So yes, some phishing emails are becoming more personalized, and the text is better written. But then again, sophisticated attackers have been crafting carefully targeted spear-phishing messages for decades. If poor grammar was the only thing protecting you so far, then you already had a bigger problem than GenAI.

    Of course, the content of a phishing email is just one attribute. You can, and should, use all available indicators to analyze emails. This includes headers such as SPF, DKIM, and DMARC, which are much harder for GenAI to spoof.

    This short example demonstrates why having an advanced email security solution is crucial—one that uses multiple indicators to dynamically assess messages, as context matters. If you like to learn more about how xorlab can help you to dynamically assess messages, contact us for a personalized demo.

    Related Articles

    All postsback-icon
    Dec 19, 2024

    Messaging threat predictions for 2025

    Prediction #1: More deep fakes Especially in the case of Business Email Compromise (BEC) scams, AI-generated deepfake videos, images, and audio files...

    Picture of Candid Wüest Candid Wüest
    3 min read