Using AI to Outsmart Phishers: A Deep Dive

By: Jampula Navaneeth1

1Vel Tech University, Chennai, India

2International Center for AI and Cyber Security Research and Innovations, Asia University, Taiwan Email: navaneethjampula@gmail.com

Abstract

In the present society, the normal incidence one comes across internet users, government and service providing organizations are phishing attacks. In case of a phishing, the attacker(s) collects all the client’s personal details (that is, the account login credentials, credit or debit card number and so on) through fake emails or by mimicking a website. The article establishes that websites are identified as the original and preferred points of attack in online social engineering, inclusive of many frauds on the site. Hence in this particular article we shall be looking at how the AI is going to retaliate against the phisher and the challenges as well as extension that comes with it.

Keywords: Phishing, Artificial Intelligence, Fake emails, Attacks

Introduction

One type of fraud that has recently augmented and especially that which is very professional is phishing; this is an unlawful act whereby the criminals attempt to gain some information that is usually confidential or refers to the account of the people they are cheating. Other conventional methods of combating phishing risks for instance employing filters of emails and imparting knowledge to the users become increasingly irrelevant since the adversaries do not rest [1]. In this regard, AI is a specific method that allows to counteract phishers and does not let people fall into such a snares.

Phishing Detection with AI

Phishing detection can use AI and specifically the approach of machine learning (ML), which is active and constantly evolving [2]. AI therefore performs better than rule-based systems which are normally designed with fixed model of known patterns to look for but AI can sift through large data to look for telltale signs of phishing attempts. It appears that this versatility is important when it comes to fighting contemporary phishing, including emails that are disguised as something completely different, fake websites, and social engineering [3].

Figure 1: Phishing Detection Model

Phishing Techniques

The reason that AI-based Cyber security awareness training programs can help employees or protect themselves and their organizations from phishing attacks is that these skits can model and reconstruct the phishing processes based on the various categories of phishing. The following are five simple strategies in achieving God’s ultimate goal.

  1. Impersonate: This is a standard that can be used before lighting up for instance, in the morning after waking up. However, while the phishing email looks and behaves like a genuine email, it claims to be from a company the victims might have an account with in the ghost organization. The phisher sends out the symbols and with the original website so that the received scam email looks like a genuine mail content and selective information, depending on input of the user head, where the user is invited to log in and decrypt other issues [2].
  2. Forward attack: This is rather complex where the phisher nab information by gaining entrance into their systems using embroidered code or script in a phishing email [2].
  3. Pop-up Attack: This one opens a malicious pop up in front of the real site, thus making people be sure that the fake is the one that is asking the target to log in through a soon-dismissible or hidden pop-up. Last but not the least scenario being, When the target logs in on the pop–up, the phisher gets the target’s credentials and then passes it to the legal website. Here, the pop-up window act as a middle person man-in-the-middle to retrieve the sensitive information [2].
  4. Vishing: Unlike the email phasing that is evident in the other scams in this instance the victim is contacted through the phone. Whenever the caller begins to call the phone number of the receiver, an SMS is sent to the victim informing him/her of such infringements if the later answers the call. The information recorded to the victim instructs it to make another move to take back the account [2]. The plan after this plot is that the victim takes the call thinking that it originated from the ID number of the monetary organization [4].
  5. Smishing: This is mixture of abbreviation of SMS and Phishing which are combined together. The criminals intend to steal the personal identifications of the victims and achieve their objectives by pinching their confidential data through the contents in the SMS messages instead of a different media source [4]. These contents are normally made from information like; applications on smartphones, fake website links, greeting messages, and mobile contact numbers [2].

Challenges and Future Executions

A well-known fact is that adoption of AI is not a silver bullet for all the existing problems. There is also a usage of AI by the attackers in cybercrime activities, making their phishing attacks more sophisticated, presenting a challenge that keeps escalating. Still, AI systems are based on, and need to be constantly fed with, large datasets, which presents difficulties in the areas of data protection and accessibility [5].

As we move ahead, there is a potential of combining AI with other sorts of technology solutions like; For Coveted Identity verification based on blockchain and advanced threat intelligence sharing to build a stronger defence against these phishing attacks [6]. Further, as the AI intelligence develops, the prevention and blocking of phishing attacks of the potential users will be enhanced by a higher rate [5].

Conclusion

In relation to phishing AI can be considered as a giant leap forward in the right direction. Machine learning, actual time examination, and natural language processing talents of AI make it potential to defeat even the accurate world’s most superior phishers. But the war is not over yet and such kind of attacks require constant new developments and efforts to avoid the attacks of cybercriminals. It will stay more and more relevant in the future since AI technology will strengthen more and more our defences against the major threat of the digital age phishing.

References

  1. A. Basit, M. Zafar, X. Liu, A. R. Javed, Z. Jalil, and K. Kifayat, “A comprehensive survey of AI-enabled phishing attacks detection techniques,” Telecommun Syst, vol. 76, no. 1, pp. 139–154, Jan. 2021, doi: 10.1007/s11235-020-00733-2.
  2. M. F. Ansari, P. Sharma, and B. Dash, “Prevention of Phishing Attacks Using AI-Based Cybersecurity Awareness Training,” vol. 3, pp. 61–72, Mar. 2022, doi: 10.47893/IJSSAN.2022.1221.
  3. “AI Safety and Security: Computer Science & IT Book Chapter | IGI Global.” Accessed: Oct. 04, 2024. [Online]. Available: https://www.igi-global.com/chapter/ai-safety-and-security/354401
  4. O. Salem, A. Hossain, and M. Kamala, “Awareness Program and AI based Tool to Reduce Risk of Phishing Attacks,” in 2010 10th IEEE International Conference on Computer and Information Technology, Jun. 2010, pp. 1418–1423. doi: 10.1109/CIT.2010.254.
  5. M. Bešić, “Benefits and Risks of Artificial Intelligence in Cybersecurity and Phishing Attacks,” E-business technologies conference proceedings, vol. 3, no. 1, Art. no. 1, Jun. 2023.
  6. M. Rahaman, C.-Y. Lin, P. Pappachan, B. B. Gupta, and C.-H. Hsu, “Privacy-Centric AI and IoT Solutions for Smart Rural Farm Monitoring and Control,” Sensors, vol. 24, no. 13, Art. no. 13, Jan. 2024, doi: 10.3390/s24134157.
  7. Vajrobol, V., Gupta, B. B., & Gaurav, A. (2024). Mutual information based logistic regression for phishing URL detection. Cyber Security and Applications, 2, 100044.
  8. Gupta, B. B., Gaurav, A., Panigrahi, P. K., & Arya, V. (2023). Analysis of cutting-edge technologies for enterprise information system and management. Enterprise Information Systems, 17(11), 2197406.
  9. Gupta, B. B., Gaurav, A., & Panigrahi, P. K. (2023). Analysis of retail sector research evolution and trends during COVID-19. Technological Forecasting and Social Change, 194, 122671.
  10. Aldweesh, A., Alauthman, M., Al Khaldy, M., Ishtaiwi, A., Al-Qerem, A., Almoman, A., & Gupta, B. B. (2023). The meta-fusion: A cloud-integrated study on blockchain technology enabling secure and efficient virtual worlds. International Journal of Cloud Applications and Computing (IJCAC), 13(1), 1-24.

Cite As

Navaneeth J. (2024) Using AI to Outsmart Phishers: A Deep Dive, Insights2Techinfo, pp.1

79190cookie-checkUsing AI to Outsmart Phishers: A Deep Dive
Share this:

Leave a Reply

Your email address will not be published.