In our recently published Visual-AI in Anti-Phishing white paper, we talk about how sophisticated online scammers, or Bad Actors as they are known in the anti-phishing industry, are becoming. It’s becoming increasingly difficult to stay one step ahead of them as they employ ingenious phishing detection evasion techniques in their campaigns.
Here, we’ll take a look at these evasion techniques that exploit visual elements in order to understand how they can be used to slip through the net, despite the impressive technology being used in the cybersecurity industry to bring them to block them.
Career online scam artists know that phishing detection systems are primed to flag trigger words in the text. In a bid to avoid this, Bad Actors convert text to images so that they cannot be detected. For example, words like “username” or “Password” may appear to be in ordinary text format but it is actually placed on the page or in an email as a JPEG or PNG. This is not only undetectable by text scanners, but looks quite normal to the human eye. This makes it harder to detect as most phishing detection systems can’t see inside graphics and so the system doesn’t get triggered. It’s also more likely that users will unknowingly compromise themselves and their companies.
Yes, more images. Are you seeing the pattern yet? Within emails, in particular, Bad Actors include a graphic with a familiar and genuine URL, like paypal.com, that links to a fake site designed to gather data for sinister purposes. So again, the phishing detection platform can’t see it and the actual URL is similar enough, like paypa1.com, so that, at a glance, it is unlikely to raise the user’s suspicions.
As well as converting individual keywords into images, Bad Actors often convert entire sections, like forms, into graphics, overlaying the input fields so it is imperceptible. In some cases, entire emails or websites are actually images, so that no alarming elements can be detected by the human eye, or indeed by HTML parsers and text-based detection systems.
How many times have you almost been caught out by a legitimate-looking email, text message or social post? How many times have you second-guessed your intuition or asked someone “does this look legit?” That’s because Bad Actors will do all it takes to make their efforts to capture data from individuals, and compromise organisations, look like the real deal. They will use legitimate links in their emails, websites and SMS, such as help pages, privacy pages and even, quite audaciously, anti-fraud pages.
These all serve to make things seem as above board as possible, increasing the likelihood of a successful phishing attempt.
Pop-ups are not just invasive marketing tools utilized by online retailers, they are a favourite phishing detection evasion technique employed by Bad Actors. They often drive victims to genuine sites through an email or message, but the URL will tag on some code that will allow a pop-up to appear over the top of the real form, requesting their details. This is often a file-sharing site that then asks them to ‘login’ to see the file.
Knowing what the most common evasion techniques are is just one small step in upping the game when it comes to policing phishing. With the trend of phishing attacks on the rise, cybersecurity professionals are always seeking new technologies that will keep them a step ahead of the scammers. That next big thing is Visual-AI! Read about it in our Visual-AI in Anti-Phishing Whitepaper, or check out why Chief Technology Officer, Alessandro Prest, believes that Visual-AI is the answer in phishing detection.
Seamlessly integrating our API is quick and easy, and if you have questions, there are real people here to help. So start today; complete the contact form and our team will get straight back to you.