Outsmarting Email Hackers Using AI and Machine Learning

September 05, 2018

Email hacking is a commonly used malicious tactic in our increasingly connected world. Cybercriminals compromise email accounts to enter the IT premises of an organization and carry out attacks ranging from fraud and spying to information and identity theft. Without effective security measures to stop email hacks, potential victims can suffer serious consequences.

Email hacking is prevalent across different industries

Attackers deploy email hacking tactics against different sectors around the world. The cyberespionage group Fancy Bear, which specializes in politically motivated attacks, has reportedly targeted the reelection campaign of a U.S. senator earlier this year via credential phishing tactics. Fancy Bear has been garnering headlines since 2015 for targeting political organizations in the U.S., Ukraine, France, Germany, Montenegro, and Turkey.

The healthcare industry has become a popular target for cybercriminals recently, affecting facilities in Portland, Texas, Tennessee, and New Jersey, among other places. These healthcare facilities suffered data breaches brought on by schemes that manipulated hacked email accounts.

These attacks also affect the education sector. In May, the University at Buffalo (UB) released a statement reporting on an attack that compromised an unspecified number of email accounts of university students, staff, faculty, and alumni. In Asia, the National University of Singapore (NUS) has warned staff and students of phishing emails sent by hacked NUS accounts in July. The compromised emails contained malicious links leading to a website that tricks recipients into giving out their credentials.

Huge financial losses from email hacks and spoofing

Alongside politics, sabotage, revenge, and insider threat, financial gain is one of the more common motivations behind email hacking incidents. To be successful at extracting money from victims, attackers can employ a variety of strategies like using keyloggers, phishing, and social engineering tactics.

Business email compromise (BEC), or email account compromise (EAC), is a notorious scheme that uses email hacking for potentially huge payouts for attackers. The Federal Bureau of Investigation (FBI) has described BEC/EAC as “…scams that typically involve one or more fraudsters, who compromise legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.” The total global losses due to BEC/EAC have reached US$12.5 billion this year, exceeding Trend Micro’s prediction by over $3 billion.

What is notable about BEC/EAC is that, unlike email-based ransomware and other malware-dependent attacks, its operators don’t have to rely entirely on malicious components to defraud victims. Just a few weeks back, a man in Los Angeles was arrested for a BEC/EAC attack that gave his accomplices unauthorized access to the emails of an attorney involved in real estate settlements.The attackers then sent spoofed emails, tricking a purchaser in a real estate transaction into transfering $531,981 to an account of a woman, who, in turn, transferred $60,000 to a fraudulent account.

AI and machine learning for boosting email security

Email hacking — a crucial process in BEC/EAC and other sophisticated schemes — is still a go-to tactic for cybercriminals because email remains a common infection vector for high-risk threats. Since the platform is easily abused, cybercriminals are expected to continue utilizing it in their schemes.

Security technologies with artificial intelligence (AI) can protect users from email attacks. Trend Micro is constantly developing new machine learning (ML) algorithms to examine large volumes of data and to predict if unknown file types are malicious or not. Additionally, expert rules and machine learning can boost the effectiveness of security solutions to help detect and block not just malware-ridden attacks, but also deceptively straightforward scams like BEC/EAC.

Case in point: the Writing Style DNA technology expertly prevents email impersonation by using AI to recognize the DNA of a user’s writing style based on past emails, which it compares to suspected forgeries. A technology that works best against BEC/EAC scams involving compromised legitimate email accounts, it verifies the legitimacy of the email content’s writing style through an ML model that contains the legitimate email sender’s writing characteristics.

Writing Style DNA, which is used by Trend Micro Cloud App Security™ (CAS) and ScanMail™ Suite for Microsoft® Exchange™ (SMEX), also supplements existing BEC protection techniques that use Expert System and ML to analyze email behavior (for example, using a free email service provider) and email intention (for example, payment or urgency).

Along with smart security solutions, cybersecurity awareness and following best practices against email threats can help close security gaps to thwart BEC/EAC scammers and other attackers that abuse email.

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.