Intelligent Issue 13 | Page 26


What does the modern-day phishing attack look like ?
When people first think of phishing emails , their mind goes to the classic plaintext format with spelling mistakes and an obvious feel of dishonesty . Phishers have honed their skills and now deliver far more convincing emails that are easily missed by legacy security detection techniques .
On a basic level , assailants will spoof a brand like Microsoft Office and request various credentials to verify an account or something similar . The emails will include details copied straight from the brand ’ s actual content such as formal signatures and logos which means they are that little bit harder to detect because they look legitimate . Any details provided by the victim are then harvested and set aside for further exploitation . This practice can then be added to multi-stage attacks which may include different attack vectors , such as ransomware , to steal more assets from the victim . Phishing is often used as the stepladder to give hackers a boost through the company network . SMEs shouldn ’ t underestimate the dangers of a successful phishing attack , as a single errant click can lead to criminals obtaining the keys to the SME kingdom . Once criminals have remote access to a network they could sift through the environment , identifying valuable assets and links to customers and the supply chain as they go , completely undetected .
A particular style of attack that SMEs should be on the lookout for is Business Email Compromise ( BEC ). The lack of phishing artefacts like logos or URLs make them especially hard to detect and , given criminals will often impersonate senior figures in a company , it ’ s also harder for workers to ignore or report an email from their boss . Preying on human nature is a common practice for these criminals , as well as frequently changing their tactics to avoid detection .
What role does Machine Learning play in the fight against phishing ?
Artificial Intelligence ( AI ), or Machine Learning ( ML ) more specifically , can deliver the analysis needed to get SMEs ahead of adversaries .
26 intelligent
. tech
Intelligent SME . tech