When we were approached by a cybersecurity company to discuss how our technology could be used in the context of anti-phishing, we didn’t anticipate just how important text detection would be in helping to detect and block phishing attacks.
Cybersecurity professionals work hard to keep their technology up to date, however, with APWG reporting consistent growth in phishing attacks each quarter, it’s clear there may be technologies that they are missing out on. The fact is, cybercriminals work just as hard and they have caught on to the technologies being employed. Now, they evade detection by turning trigger words and even entire emails and web pages into images so they can slip through the net with alarming ease. It comes as little surprise, then, that in APWG’s most recent report they reveal that December 2021 saw not only an increase in attacks reported, but the highest number reported in the history of the organization. Yes, it’s clear that something is missing and that something may very well be text detection.
Text detection is an aspect of computer vision technology that enables software to “read” text. In general terms it is known a OCR (Optical Character Recognition) as popularized in scanning applications. But if OCR converts text in images into readable and editable text, why would this be needed when it comes to phishing detection?
It comes down to the latest techniques used by bad actors to hide from anti-phishing systems, which tend to focus on programmatic methods of detection. The end result is the large volume of phishing emails making it through to user inboxes and the fact that 90+% of compromises begin as a phishing email.
Bad actors know that detection systems look at the code of an email and website and so they use a couple of obfuscation techniques to avoid detection:
In both cases, the goal for bad actors is to display the undoctored version to users and make it look legitimate. So Visual-AI operates post-render by capturing the email/web page as a flat image and analyzing it. That’s where text detection comes into its own. It analyzes all the text (now burnt into the image) and converts it into machine-readable words.
It can provide a complete transcript of every word or can be tasked to look only for trigger words that might indicate a higher level risk.
These are just two examples of how text detection can help, but in practice, it doesn’t matter what techniques cybercriminals use because Visual-AI processes at the post-render stage. A number of studies have also found that this combined textual and visual approach to anti-phishing should be the absolute basic of phishing detection technology.
Technology must keep improving
With the knowledge that bad actors are always learning new ways to evade detection it is obvious that technology needs to be continually improved in order to achieve maximum efficiency. With new visual attack vectors coming down the line computer vision and text detection will play an increasingly important role in threat detection.
Artificial intelligence, most notably text and image detection, will remain an important and persistent player in this quest for continual improvement. With that in mind, it’s vital that these companies ensure that their AI providers are also committed to consistent improvement and to remaining in tune with new challenges for phishing protection as they arise.
Want To Talk???
Visual-AI, and specifically text detection should be an integral part of any anti-phishing system. With 19.8% of employees clicking on phishing links in emails, it’s important for an anti-phishing system to flag and stop those emails from reaching an employee’s inbox in the first place.
VISUA works with leading cybersecurity companies to empower their technology with Visual-AI. If this is something you are interested in, we’re ready to talk! Fill in the form below, and in the meantime, you can watch our video in which our CTO explains how Computer Vision and Cybersecurity work together.
Seamlessly integrating our API is quick and easy, and if you have questions, there are real people here to help. So start today; complete the contact form and our team will get straight back to you.