Several years ago, I spoke at a Microsoft Exchange event that culminated with a round table discussion. One of the questions posed by the panel moderator was something along the lines of, “What, in your opinion, constitutes a malicious email message?” Most of the panelists gave eloquent spiels, but only one stands out after all this time: “I don’t know, but I know one when I see it.” I’m sure that the panelist’s response was intended to be humorous, but I actually thought the answer was quite profound because it points to the very essence of why it has thus far been so difficult to filter out email phishing messages, spam and other unwanted (and all-too-often dangerous) emails.
IT professionals with a background in cyber security are really good at telling the difference between a legitimate email message and an email phishing message. Clues that a message is not what it purports to be range from something that isn’t phrased quite right to an offer that is simply too good to be true. I even recall someone identifying a message as a phish because the message included a font that was different from the one the impersonated company always uses in its email campaigns.
Computers, on the other hand, have never been very good at separating the email wheat from the chaff. Yes, the filtering engines that we have today are better from those that were in use a couple of years ago, but even the best modern-day email filtering engine isn’t perfect.
One of the main reasons for this is that filtering engines commonly take a checklist approach to analyzing email messages. Filters consider such criteria as whether the message appears in a signature database or if it contains links to websites that are known to be malicious.
In spite of these and other challenges, AI may soon spell the end of email phishing attacks (successful ones, anyway). Companies have tried and failed to use AI to suss out unwanted and dangerous email messages in the past, but there are two things that will help next-generation AI-based message filtering to be more successful.
First, we have better data today.
Think about a student who is taught incorrect information--bad data, if you will--by a teacher. The student then has to acknowledge that the information is incorrect, “unlearn” that incorrect information, and learn the correct information--a process that is much harder and complicated than if the student had learned the correct information in the first place. The same thing happens with the data used to train AI engines. Training data has historically been laced with false positives that have presumably skewed the machine learning process.
Today, there are mechanisms that allow users to report messages as email phishing attacks. These types of mechanisms can be invaluable to training an AI engine because they incorporate human verification into the process rather than giving the AI engine a collection of messages that are probably phishing messages but have not been verified as such.
The second reason that modern AI will be able to solve the email phishing problem is that AI can now be incorporated at multiple levels of the process.
One of the technologies that has been gaining momentum is natural language processing (NLP). This technology is mostly used in search engines, but just imagine how it could be put to work in the quest to better identify phishing messages.
A well-trained NLP engine can actually determine a message’s context and sentiment. It understands the relationship between words and can grasp the essence of what the sender is trying to convey. Such an engine might learn to recognize phishing messages that make threats, make unrealistic promises or try to coerce the recipient into taking some type of abnormal action.
NLP also could be used to help spot linguistic anomalies. Imagine that your bank periodically sends email messages to its account holders. An AI-based natural language processing engine could conceivably learn your bank’s writing style and then identify fraudulent messages sent by imposters that are trying to spoof your bank.
Another AI layer could be determining who a particular user communicates with and the types of relationships the user has with those people, in an effort to spot anomalous communications.
We are far from any silver bullets when it comes to spam and email phishing, but email messaging is moving to a more secure future with the help of modern AI technology.