How Text Detection Is Used In Phishing Protection

Reading Time: 4 minutes

Text Detection in Phishing Protection has become an essential asset

When we were approached by a cybersecurity company to discuss how our technology could be used in the context of anti-phishing, we didn’t anticipate just how important text detection would be in helping to detect and block phishing attacks.

Cybersecurity professionals work hard to keep their technology up to date, however, with APWG reporting consistent growth in phishing attacks each quarter, it’s clear there may be technologies that they are missing out on. The fact is, cybercriminals work just as hard and they have caught on to the technologies being employed. Now, they evade detection by turning trigger words and even entire emails and web pages into images so they can slip through the net with alarming ease. It comes as little surprise, then, that in APWG’s most recent report they reveal that December 2021 saw not only an increase in attacks reported, but the highest number reported in the history of the organization. Yes, it’s clear that something is missing and that something may very well be text detection.

Depiction of visual phishing risk scoring of a fake Google sign-in form _text detection in phishing protection

Why is text detection so important?

Text detection is an aspect of computer vision technology that enables software to “read” text. In general terms it is known a OCR (Optical Character Recognition) as popularized in scanning applications. But if OCR converts text in images into readable and editable text, why would this be needed when it comes to phishing detection?

It comes down to the latest techniques used by bad actors to hide from anti-phishing systems, which tend to focus on programmatic methods of detection. The end result is the large volume of phishing emails making it through to user inboxes and the fact that 90+% of compromises begin as a phishing email.

Be Sure To Also Read ->Phishing Detection Use Case Overview

Text Detection in Phishing Protection

Bad actors know that detection systems look at the code of an email and website and so they use a couple of obfuscation techniques to avoid detection:

Code-Based Obfuscation
Used on phishing web pages, scammers will use javascript to pad a word that they know will be tracked by phishing detection platforms. So in the code, it looks like a stream of random letters, but when rendered by the browser, the javascript code strips out the random characters, leaving the actual word shown. The example below highlights this very well.
Graphical obfuscation
This technique works equally well for both emails and web pages. The Bad actors simply convert a word, section, or the entire email/page into a graphic. So again, if you look at the code, you don’t see any troubling words, like ‘login’ ‘password’ or ‘payment’. Instead you simply see an inline image, which is typically called something innocuous like ‘image1.jpg’

In both cases, the goal for bad actors is to display the undoctored version to users and make it look legitimate. So Visual-AI operates post-render by capturing the email/web page as a flat image and analyzing it. That’s where text detection comes into its own. It analyzes all the text (now burnt into the image) and converts it into machine-readable words.

It can provide a complete transcript of every word or can be tasked to look only for trigger words that might indicate a higher level risk.

These are just two examples of how text detection can help, but in practice, it doesn’t matter what techniques cybercriminals use because Visual-AI processes at the post-render stage. A number of studies have also found that this combined textual and visual approach to anti-phishing should be the absolute basic of phishing detection technology.

Technology must keep improving

With the knowledge that bad actors are always learning new ways to evade detection it is obvious that technology needs to be continually improved in order to achieve maximum efficiency. With new visual attack vectors coming down the line computer vision and text detection will play an increasingly important role in threat detection.

Artificial intelligence, most notably text and image detection, will remain an important and persistent player in this quest for continual improvement. With that in mind, it’s vital that these companies ensure that their AI providers are also committed to consistent improvement and to remaining in tune with new challenges for phishing protection as they arise.

Want To Talk???

Visual-AI, and specifically text detection should be an integral part of any anti-phishing system. With 19.8% of employees clicking on phishing links in emails, it’s important for an anti-phishing system to flag and stop those emails from reaching an employee’s inbox in the first place.

VISUA works with leading cybersecurity companies to empower their technology with Visual-AI. If this is something you are interested in, we’re ready to talk! Fill in the form below, and in the meantime, you can watch our video in which our CTO explains how Computer Vision and Cybersecurity work together.

Book A Demo

Challenges of Developing Computer Vision for Cyber Security Posted in: Anti-Phishing, Cybersecurity - Reading Time: 3 minutes Considering developing Computer Vision for Cyber Security in-house? There is a very good reason why companies in the phishing detection and threat […]
Did We Just Accidentally Revolutionize Phishing Detection? Posted in: Anti-Phishing, Brand Protection, Cybersecurity, Featured - Reading Time: 5 minutes Visual-AI is the missing piece of the puzzle when it comes to tackling Phishing By: Alessandro Prest, Chief Technology Officer, VISUA Some […]
Video: Visual Phishing Detection Explained Posted in: Anti-Phishing, Cybersecurity, Featured, Technology - Bad actors are using every visual trick in the book to confuse victims and evade detection. From simple things like using brand logos in emails and web pages, to more advanced techniques...