Long ago, the introduction of the internet moved crime from physical to digital locations, where anti-fraud actors play a high-stakes game of detection and prevention, always working to stay one step ahead of fraudsters.
The battles of modern-day cybercrime follow the same pattern, with one major difference – cybercriminals are far more sophisticated than they were at the dawn of the internet age. Fraudsters are able to quickly change their attack vectors and strategies as needed, meaning that those of us in fraud detection and prevention are also continuously working to provide organizations with fraud protection they can depend on to keep them safe against all forms of online attacks.
The advent of machine learning and artificial intelligence (AI) has proven to be a critical asset in the fight against crime, giving us the upper hand. But who will prevail when these same tools are used by cybercriminals?
We set out to find out.
Before embarking on our experiment, we needed to decide upon an attack method. After much consideration, we settled on AI-based phishing attacks, in which criminals can create highly effective phishing URLs. We identified a threat actor, called the Purple Rain Gang – a highly skilled group of fraudsters whose manual attacks have a success rate that is three times higher than that of most other attackers.
Traditionally, the creation process of a phishing attack can be broken down into three steps:
- Identify a target.
- Create a malicious URL with a phish kit.
- Deploy the attack using a manually created URL.
Conversely, traditional phishing detection systems employ static rules to identify known patterns and take down those URLs that set off alarms based on those rules. While successful in the vast majority of cases, this process also creates a lot of false positives and negatives, to the advantage of criminals.
Now, add anti-phishing AI, which can find phishing URLs with 98-percent accuracy – the advantage returns to our anti-fraud team.
Using historical data from the Purple Rain Gang, we created an AI Phishing URL generator designed to mimic what this not-so-hypothetical gang would do with AI technology. Then we upped the ante and automated the generator using data from previous attacks to increase their attack efficiency even further. In doing so, we were able to increase their success rate by 3,000 percent! For phishing URLs, this is an incredibly high rate rarely, if ever, seen in today’s phishing attacks.
AI gives anyone using it an edge. And while cybercriminals can certainly use it to their advantage, it doesn’t mean all hope is lost. We retrained our anti-phishing AI algorithm to anticipate the use of malicious AI, and as a result were able to reduce the attack efficiency of the Purple Rain Gang, thus outmaneuvering the fraudsters.
Here at Easy Solutions, we have already implemented AI in our security solutions. Couple this with our insight into how criminals think and our access to a trove of phishing data we have collected over time, and cybercriminals don’t stand a chance.
No matter the attack vector, no matter the advantage, we will always be working to be a step ahead of fraudsters.