In today's digital landscape, email remains a primary target for cybercriminals. Phishing attacks, sophisticated forgeries, and malicious content are constantly evolving, and with language processing tools like ChatGPT, phishers can compose high-quality phishing emails, write code, and create sophisticated malware with minimal effort. It’s a disturbing sign of the times, making it crucial for businesses of all sizes to adopt advanced email security solutions.
INKY, a leader in email security, leverages cutting-edge Artificial Intelligence (AI) capabilities to effectively combat these threats. Let's explore four standout features of INKY's AI-powered solution: email rendering and computer vision, the approximate matching engine for pattern matching, QR code detection, and the social graph.
1. Email Rendering and Computer Vision
Phishing emails often rely on deceptive visuals and hidden elements to bypass traditional security measures and trick users. Attackers want the phish to both confuse the mail protection system and simultaneously look normal to their intended victim. INKY's email rendering technology uses AI to address this by accurately rendering or displaying emails while using computer vision techniques to understand how the end user will interpret them. This allows INKY to detect visual anomalies and discrepancies that might indicate a phishing attempt. For example, if the email’s recipient interprets the mail as being from a major brand, INKY will understand that and know which specific brand the mail appears to be from. However, INKY’s vision goes well beyond ours, catching millions of things the human eye could never detect, including imposters. The more that INKY sees, the more the system learns; and the more the system learns, the more that INKY sees. This allows INKY to adapt in real-time to the evolving threat landscape, keeping you protected around the clock.
Furthermore, by comparing the rendered version of an email with its underlying HTML/CSS/Unicode structure, INKY can identify hidden text, Unicode cloaking techniques, and other suspicious elements that secure email gateways (SEGs) might miss. This approach ensures that even the most cleverly disguised phishing scams are caught before they reach the inbox.
Technical Details:
- Rendering Technology: INKY's system renders emails in a sandbox environment, replicating the visual appearance as it would be seen by the recipient. This involves parsing HTML, CSS, and embedded images to produce a pixel-perfect visual representation.
- Brand Detection: Similar to how modern photo apps support semantic search -- “show me pictures of puppies” -- INKY uses neural networks to recognize brand-indicative imagery with for more than 350 brands.
- Visual Anomaly Detection: By comparing the rendered email to the underlying code, INKY can spot hidden or obfuscated content. This includes invisible characters, mismatched fonts, malicious tables, and hidden text that may be used to deceive users.
Example:
Hidden Characters: Attackers often use invisible characters to hide malicious links. INKY's rendering can expose these hidden elements, ensuring they do not go unnoticed.
2. Approximate Matching Engine for Pattern Matching
Phishing scammers often use confusable text and homograph attacks, where characters are subtly altered to deceive recipients. INKY's approximate matching engine excels at identifying these threats by scanning email content for visually similar strings and domains. This powerful AI-driven tool can detect slight variations in email text and domain names, such as substituting a Cyrillic "а" for a Latin "a" or using visually similar characters from other scripts.
INKY’s approximate matching engine processes emails in real-time, quickly identifying and flagging potential threats based on a large set of patterns, including the top 50,000 domain names. This advanced pattern matching capability helps protect against a wide range of phishing tactics, ensuring that even the most sophisticated attacks are thwarted.
Technical Details:
- Algorithm: INKY uses a specialized algorithm known as Multiple Approximate String Matching (MASM) to detect visually similar strings. This involves processing email text in real-time to identify and flag confusable domains and text. INKY’s proprietary matching algorithm embodies the next generation of pattern matching beyond the regular expression matching engines other mail protection systems use, by incorporating optical similarity across the entire Unicode codepoint spectrum and supporting matches with arbitrary typos (inserted or deleted letters).
- SIMD Optimization: The algorithm is optimized using SIMD (Single Instruction, Multiple Data) instructions, allowing for efficient parallel processing and rapid detection of threats.
Example:
Homograph Attacks: Attackers might register a domain like clocusign.com to impersonate the legitimate domain docusign.com. Attackers can even obfuscate the entire text of an email using this technique; INKY can “read” an email like this as though it were normal Latin letters, just like a human.
In the example below, every letter in the text has been replaced with a homograph.
3. QR Code Detection
QR codes have become a popular tool for phishing attacks, as they can easily be embedded in emails and lead unsuspecting users to malicious websites. INKY's AI-driven QR code detection technology scans emails for QR code imagery and decodes these images to determine if the encoded URL is safe. INKY even looks for QR codes in attachments and can deal with blurry or otherwise obfuscated QR codes.
In a recent blog post, INKY highlighted how phishing campaigns are increasingly using QR codes to retrieve employee credentials. By detecting and analyzing these codes, INKY can prevent users from interacting with potentially harmful links, adding an extra layer of security to email communications
Technical Details:
- QR Code Analysis: INKY's system scans for QR codes in email content and decodes them to check the embedded URLs. It evaluates the safety of these URLs using heuristic analysis and cross-referencing them with known malicious sites.
- Real-Time Threat Assessment: INKY delivers real-time analysis, ensuring that any QR code embedded in an email is thoroughly vetted before the recipient interacts with it.
Example:
Malicious QR Codes: In a recent phishing campaign, attackers used QR codes to direct users to fake login pages. INKY's detection system flagged these codes and prevented the phishing attempt.
4. The Social Graph
INKY's social graphing functionality leverages advanced AI to enhance email security by analyzing and mapping the interconnections among individuals, groups, and organizations within a network. Here's how it works:
- Dynamic Profiling: INKY builds dynamic profiles and behavioral models for each sender based on their communication patterns. This involves monitoring who they communicate with, how often, and other characteristics of these interactions. By doing so, INKY can establish a baseline of normal behavior for each user.
- Anomaly Detection: Once these profiles are established, INKY uses anomaly detection techniques to identify deviations from the norm. For example, if an email appears to come from a sender but contains unusual content or is sent in an atypical manner, INKY's system flags it as potentially suspicious.
- Behavioral Models: These models grow more accurate over time as INKY processes more data. This continuous learning helps INKY better detect and block impersonation attempts and other phishing attacks by recognizing when something doesn't fit the established patterns.
- Real-Time Alerts: When an anomaly is detected, INKY provides real-time feedback to the recipient through color-coded warning banners. These banners highlight specific concerns, prompting the user to take a closer look before interacting with what could be a phishing email.
- Comprehensive Analysis: INKY's social graphing also involves checking various aspects of each email, including the IP address, email platform, client version, and the display of the sender's information. This multi-faceted approach ensures a thorough analysis of each email's legitimacy.
By continuously learning and adapting to the communication patterns within an organization, INKY's social graphing functionality significantly enhances the detection and protection from phishing attacks, protecting both internal and external email traffic.
Conclusion
INKY's AI capabilities set it apart as a leader in email security. By leveraging email rendering and computer vision, an approximate matching engine, QR code detection, and the social graph, INKY provides comprehensive protection against the ever-evolving landscape of email phishing threats. These advanced features ensure that businesses can safeguard their communications and maintain trust in their email systems.
Ready to enhance your email security with INKY? Start a free trial today and experience the difference.
----------------------------------
INKY is an award-winning, behavioral email security platform that blocks phishing threats, prevents data leaks, and coaches users to make smart decisions. Like a cybersecurity coach, INKY signals suspicious behaviors with interactive email banners that guide users to take safe action on any device or email client. IT teams don’t face the burden of filtering every email themselves or maintaining multiple systems. Through powerful technology and intuitive user engagement, INKY keeps phishers out for good. Learn why so many companies trust the security of their email to INKY. Request an online demonstration today.
References:
- Understanding Phishing: Invisible Characters
- Understanding Phishing: Confusable Text and Homograph Attacks
- INKY Blog: Malicious QR Codes