Cyber Security & Network Forensics

How AI is stopping Phishing Attacks

By: Rishitha Chokkappagari, Department of Computer Science &Engineering, Madanapalle Institute of Technology & Science, Angallu (517325), Andhra Pradesh. chokkappagaririshitha@gmail.com

Abstract

Phishing is a kind of cybercrime during which an attacker aims at deceiving the target into giving up certain personal details including the logins and the passwords, credit card numbers, and social security codes, and other personal identifiers. It has emerged that artificial intelligence is among the critical assets to be used in the wide threat of phishing attacks. To that extent, machine learning and NLP functionalities can be used in AI systems to evaluate a large flow of email spam, pattern out any suspect elements and actual content. It permits the identification of phishing attempts using email metadata and characteristics of URLs and domains. Features such as real-time threat feeds ensure that deployed AI is

Informed of the latest phishing techniques, while automation features discourage possible intrusions. Thus, looking into these advanced technologies, AI answers the call for a stronger and evolving means to counter the schemes of the cyber criminals, minimizing the threat and effects of phishing occurrences.

Keywords: AI, Phising Attacks, Spam, Cyberattack

Introduction

In the digital world that we live, individuals share a lot of personal information like photos, videos, passwords, credit card and debit card numbers with which the cyber attackers or hackers make benefit of it which is called phishing attack. Phishing attack is a type of cyber-attack that includes spam emails, wrong links, OTP’s, phone calls, messages to mislead people into sharing sensitive data. Basically, there are four types of phishing attacks:

  1. Spear Phishing
  2. Whaling Phishing
  3. Clone Phishing
  4. Email Phishing

For example, sometimes an individual receives an email from SBI telling the victim that their account will be deactivated if they do not confirm the credit card details.

In phishing emails, cyber attackers often ask for sensitive information like date of birth, phone number, credit card details, login details, address, security number. Phishing happens when an individual clicks on a link sent by the attacker, enters the details asked by the attacker, updates the passwords. These are not only the tactics that cyber attackers follow, but everytime also they improve their techniques, and try new methods to steal information from people. Now a days phishing attacks not only occur through emails they also occur through voice mails and texts[1].

With the help of AI and subbranch of AI that is, Machine Learning phishing emails can be detected to analyse the content, context, and pattern of incoming emails. AI blocks the spam emails with the algorithms and tools that are available. It is shown in the fig.1 how phishing attack occurs.

A diagram of a phishing attack Description automatically generated
Figure 1: Phishing attack

  1. Overview of Phishing Threats

Phishing is among the oldest and most persistent types of cyber threats because of their high scores in the frequency and the level of complicity. These attacks take a great advantage of the weakest link in security that is the human component to infiltrate the system and have access to prohibited data. Phishing threats are a diverse category of threats that share the principles of deceit in achieving the attacker’s goal of obtaining information from the subject.

Email Phishing: Out of all the types of phishing, the most familiar one is of cause email phishing. The former involve the use of fake emails, list obtained from the Internet, made to look like genuine e-mails from a known source as for instance a bank, online shop or a face book account. The most vital aim is to make the recipients open dangerous links or download contaminated attachments infecting the system or stealing information.

These emails are typically written in a rather desperate manner, which is realized in the use of such words or phrases as account has been hacked, an invoice is due. This pressure makes the recipients to act in a haste while responding to the email without weighing the authenticity of the request. The attackers often send messages from email addresses and domains that may look almost the same as the actual organizations’, which makes it easy for the user to be confused.

Spear Phishing: Spear phishing is a special type of phishing which is more dangerous than common e-mail phishing and is based on much deeper preparation. These personnel target those destined for the executive floor because they study their targets to obtain information that helps them write very persuasive emails[2].

While phishing involves many people, spear phishing is quite selective as it targets certain persons or companies. This can include focusing on employees occupying certain positions in the organization and/or possessing certain information such as executives, financial officers and so on. There are varieties of methods in social engineering, for example, the attacker pretends to be a coworker or a familiar business partner of the target. That is why they might use some references to the recent events or personal data to make the email genuine looking[3].

Whaling: whaling especially aims at executives of the firm, the board of directors, or even shareholders. These are usually more critical because of the phishing attacks which in many cases cost huge amount of cash, leak crucial data or even bring poor reputation to the organizations. Because the targets are usually high-profile entities, whaling attacks contain more research and resource commitment compared to traditional phishing scams. The emails may contain information that only the top executives in the involved companies can come across, hence increasing their credibility. A whaling attack mainly involve imitating a company’s top officials or entities from outside like auditors or regulators and the victim is hurried into planning without confirmation.

Clone Phishing: Clone phishing involves developing an almost similar email that resembles the previous legitimate one that the victim has received. The attacker then launches an email that looks like the original sender’s email, but with slight differences in the address and content that contains links or files with a corrupt code. Next time they received similar looking e-mail it is very likely that the victim will engage into the cloned e-mail due to trust. What is more, this technique utilizes the recognition factor and predictable behaviours of the users which turns it into a highly effective method. Clone phishing emails may signify that it is an update or correction to the sent initial phishing email through a new link or an updated attachment[4]. The below diagram shows the types of phishing.

A green and pink hexagons with black text Description automatically generated
Figure 2 Types of Phishing

  1. AI role in Phishing Attacks

AI is fast becoming an important part of cybersecurity specifically in dealing with the menace of phishing attacks. Phishing strategies are continuously evolving and getting more subtle, requiring similarly complex counter measures, and AI is suitable for the role. Here’s how AI is playing a pivotal role in detecting, preventing, and mitigating phishing threats[5].

1. Superior detection and prevention tools

Email Filtering and Content Analysis: What AI does is to better the traditional spam control since it uses complex algorithms that learn from large amounts of emails and helps to find out the common characteristics of phishing. These systems can examine the data[6].

Metadata Analysis: AI can analyse the email message details like the sender’s address, the IP numbers, and the domain reputation, to look for missed signs of spoofing.

Natural Language Processing (NLP): Email analysis lets AI to realise the words most often used and the latter, the tone, and any potentially suspicious or phrased requests. It will be able to identify other signs that may not be very noticeable but will indicate that an email is a phishing one despite this the attackers may choose very polite language to use[7].

URL and Domain Analysis: AI excels at analysing URLs and domain names to identify potential phishing attempts

Heuristic Analysis: There are few URLs that have specific patterns or resemble the genuine site’s URL structure and domain name; AI can easily detect such areas of resemblance—typo squatting[5].

Real-Time Threat Intelligence: AI presently feeds its data base with newly identified phishing sites and suspicious domains thus helping it to block or warn users when they are averted to the sites.

2. Behavioural Analysis and Data Anomalies

User Behaviour Monitoring: AI systems can establish the routine user behaviours including the times they log in, their geographical location, and the devices they use. If these systems are enabled to learn the normal level of activity, they can identify those threads that could be a result of a phishing attack or where an account was compromised. In a subdivision of financial service and in other fields, AI tracks the transactional data in order to look for the signs of highly unpredicted spending or any changes in account behaviour that may imply fraud due to phishing attack.

Anomaly Detection Algorithms: These algorithms signal the security teams when there are big variations from typical behaviour such as atypical logins or access solicitations from new geolocations or apparatus.

3. Sharing and collaboration in the matter of threat intelligence

AI-Driven Threat Intelligence Networks: AI helps in the exchange of threat intelligence through multiple organizations and platforms resulting in collective defences. This collective intelligence helps improve phishing detection and response capabilities: This collective intelligence helps improve phishing detection and response capabilities.

Data Sharing and Analysis: Companies can put and get information related to the phishing threats into common repositories so enhancing the AI based models of the firm along with the overall security situation[8].

Cross-Industry Collaboration: Through AI industries are able to reveal the findings and the best practices within and between industries towards combating phishing threats which are more of an ensemble effort.

Conclusion

As a result, the issue of integrating AI in combating phishing attacks covers the areas of detection, prevention, response, and awareness. The computational power to work with extensive plains of data, the power to ‘learn’ from new data that is fed to it technique makes AI unbeatable tool in the fight against new and more ingenious phishing techniques. Using such concepts like artificial intelligence, organizations will be able to boost the establishment of mechanisms in cybersecurity, approve security and safety of information, and cut down the effect of incidents such as phishing.

References

  1. Z. Alkhalil, C. Hewage, L. Nawaf, and I. Khan, “Phishing Attacks: A Recent Comprehensive Study and a New Anatomy,” Front. Comput. Sci., vol. 3, Mar. 2021, doi: 10.3389/fcomp.2021.563060.
  2. P. Kalaharsha and B. M. Mehtre, “Detecting Phishing Sites — An Overview,” Apr. 06, 2021, arXiv: arXiv:2103.12739. doi: 10.48550/arXiv.2103.12739.
  3. G. Zhang, S. Davoodi, S. S. Band, H. Ghorbani, A. Mosavi, and M. Moslehpour, “A robust approach to pore pressure prediction applying petrophysical log data aided by machine learning techniques,” Energy Rep., vol. 8, pp. 2233–2247, Nov. 2022, doi: 10.1016/j.egyr.2022.01.012.
  4. K. L. Chiew, K. S. C. Yong, and C. L. Tan, “A survey of phishing attacks: Their types, vectors and technical approaches,” Expert Syst. Appl., vol. 106, pp. 1–20, Sep. 2018, doi: 10.1016/j.eswa.2018.03.050.
  5. S. Garera, N. Provos, M. Chew, and A. D. Rubin, “A framework for detection and measurement of phishing attacks,” in Proceedings of the 2007 ACM workshop on Recurring malcode, in WORM ’07. New York, NY, USA: Association for Computing Machinery, Nov. 2007, pp. 1–8. doi: 10.1145/1314389.1314391.
  6. A. Chaudhuri, “Clone Phishing: Attacks and Defenses,” Int. J. Sci. Res. Publ., vol. 13, no. 4, Apr. 2023, doi: 10.29322/IJSRP.13.04.2023.p13626.
  7. Rahaman M (2024) Foundations of Phishing Detection Using Deep Learning: A Review of Current Techniques [Online]. Available: https://insights2techinfo.com/foundations-of-phishing-detection-using-deep-learning-a-review-of-current-techniques/
  8. Tabassum F, Rahaman M (2024) An Enhanced Multi-Factor Authentication and Key Agreement Protocol in Industrial Internet of Things, [Online]. Available:https://insights2techinfo.com/an-enhanced-multi-factor-authentication-and-key-agreement-protocol-in-industrial-internet-of-things/
  9. Jain, A. K., et. al. (2022). A content and URL analysis‐based efficient approach to detect smishing SMS in intelligent systems. International Journal of Intelligent Systems, 37(12), 11117-11141.
  10. Almomani, A., et. al. (2022). Phishing website detection with semantic features based on machine learning classifiers: a comparative study. International Journal on Semantic Web and Information Systems (IJSWIS), 18(1), 1-24.

Cite As

Chokkappagari R. (2024) How AI is stopping Phishing Attacks, Insights2Techinfo, pp.1

71780cookie-checkHow AI is stopping Phishing Attacks
Post Views: 77
Share this:

Leave a Reply

Your email address will not be published.