Anti-Phishing Cybersecurity Featured Technology

VIDEOS

Video: Visual Phishing Detection Explained

See Transcript

[00:00:02.870]
Hi, I’m Alessandro Prest, CTO at VISUA. We are the Visual-AI people delivering enterprise grade computer vision solutions for a wide range of use cases and chosen by some of the world’s leading companies.

[00:00:15.090]
We were recently drawn into the world of cybersecurity because of the exponentially growing challenge in phishing, brand spoofing and the weaponization of graphics.

[00:00:24.990]
These graphical attack vectors have a dual purpose; to confuse and build trust in victims receiving them, and also to actively evade detection by the platforms seeking to block them. And they are working.

[00:00:39.130]
This short video highlights how Visual-AI technology adds an essential layer to your platform, allowing you to block these threats.

[00:00:47.750]
Traditional programmatic analysis, whether signature or AI based, simply cannot detect these types of attacks, and that’s where Visual-AI steps in. That’s why VISUA developed the simple and effective solution that is now in the field and helping phishing detection platforms to detect and block more malicious attacks than previously possible.

[00:01:12.060]
It’s important to note that our visual threat hunting stack doesn’t replace what you already do, but it is an essential enhancement to your existing threat analysis because it adds visual telemetry via a range of critical visual signals. The end result is that you gain a more complete threat scoring mechanism that will allow you to catch malicious content that you would normally miss.

[00:01:38.100]
In other words, our Visual-AI can be integrated into your existing workflow quickly and easily via API. It can be deployed in the cloud or on-premise within your own network to avoid latency issues and maximize compliance. Importantly, our Visual-AI doesn’t require any blacklists or existing knowledge of threats, so it’s ideally suited to help identify zero day threats in both malicious emails and web pages.

[00:02:08.270]
So what does it do and why is it so effective? This is the crucial part we don’t apply our Visual-AI programmatically. In fact, we don’t look at any of the code related to the email or web page because that’s where bad actors plant their traps and place their disguises. Instead, we apply a three step process as follows.

[00:02:30.990]
One, the email or web page is fully rendered to a flattened image and sent to our engine.

[00:02:37.890]
Two, the image is processed and the various potential risks are flagged.

[00:02:43.350]
Three, the results are collated and sent back to your threat analysis triage engine for final threat scoring.

[00:02:51.180]
This three step process is so effective because we see what the bad actor wants the victim to see, which means all their trickery is laid bare and fully visible, but it works at machine speed so we can handle massive volumes without causing a bottleneck.

[00:03:08.340]
But the effectiveness of our visual threat hunting is also thanks to a precise combination and configuration of specific technologies as follows.

[00:03:18.290]
Firstly, our logo detection module allows us to detect the broadest range of brand spoofing attempts thanks to having the only unlimited and largest library of brands in the industry. But as bad actors evolved to use less well known brands, our logo detection allows you to respond immediately thanks to our instant logo learning capabilities.

[00:03:42.930]
This means you can detect any logo including all variants plus skewed, distorted and modified versions of a logo. But importantly it can also detect icons and marks so it can see favicons and padlock symbols as well as safety badges.

[00:03:59.150]
We apply our object detection to identify key elements that could pose a risk like forms, buttons and links. This is important because these elements are being converted into graphics, which can’t be seen and interpreted programmatically. One of the more recent additions is the detection of QR codes, which pose a particular risk to mobile users.

[00:04:21.590]
Next, our text detection module analyzes the text looking for words and phrases determined to pose a potential risk. Take this case as an example where the bad actor has a word with random letters which are stripped using JavaScript during browser rendering. You don’t see the word ‘payment’ but we do. Finally, our visual search module compares the rendered email or web page with known good and bad images in our library. This allows us to flag pixel-perfect and close match copies of the most popular login pages, payment pages et cetera.

[00:05:00.190]
So, if you’re challenged by brand, spoofing and graphical attack vectors and are currently investigating computer vision as a potential solution, then I invite you to test ours. You’ll discover that our built-for-purpose visual threat detection is the only one that can deliver the accuracy required and handle any scale. Thanks for watching.

 

In this short video, VISUA CTO and Co-Founder, Alessandro Prest explains how visual phishing detection works.

Bad actors are using every visual trick in the book to confuse victims and evade detection. From simple things like using brand logos in emails and web pages, to more advanced techniques, like converting key elements into graphics and splitting graphical elements into many fragments. Most recently, we’ve also seen a rise in the use of QR codes with malicious links embedded. Why is this trend so concerning?

According to APWG, phishing attacks reached the highest levels of all time in July 2021. It is also a measured and accepted fact that ~95% of all compromises began as a phishing threat. These are alarming facts in themselves, but scammers are ingenious and continue to adapt. When you begin to analyze the growing threat of brand spoofing, and the latest techniques for evading detection using graphics and other visual elements, there is no doubt that computer vision has a key part to play in helping increase detection rates when added to phishing detection workflows.

An effective computer vision solution can visually analyze the content in emails and web pages, giving important signals that cannot typically be detected programmatically.

Here, Alessandro explains why and how visual-AI can be applied to this challenge using example detections to illustrate its efficacy.

For more on computer vision and phishing detection, read our white paper which delves deeper into how visual-AI and phishing detection software can work together to make communications and data safer.

RELATED

VISUA & Vision Insights Partner To Usher In New Era In Sports Sponsorship Intelligence
BLOG BLOG
VISUA & Vision Insights Partner To Usher In New Era In Sports Sponsorship Intelligence

Reading Time: 4 minutes Exclusive partnership sees Vision Insights integrate VISUA’s Sports Sponsorship Monitoring Computer Vision Suite into its new Decoder Insights Platform. Computer Vision (Visual-AI) […]

Featured Sponsorship Monitoring Technology VISUA News
Are Website CMS, Email Marketing, and Survey Platforms Accountable For Their Part In The Phishing Epidemic?
BLOG BLOG
Are Website CMS, Email Marketing, and Survey Platforms Accountable For Their Part In The Phishing Epidemic?

Reading Time: 7 minutes TLDR: Phishing attacks have reached the highest levels ever seen. Bad Actors are abusing convenient and well-known platforms to craft emails, web […]

Anti-Phishing Cybersecurity
Computer Vision Leader VISUA Launches Low-Code & No-Code Implementation
BLOG BLOG
Computer Vision Leader VISUA Launches Low-Code & No-Code Implementation

Reading Time: 3 minutes Dublin and New York-based VISUA now allows API-less use of complete Computer Vision Technology Stack Leading Computer Vision (Visual-AI) company, VISUA has […]

Featured Technology VISUA News

Trusted by the world's leading platforms, marketplaces and agencies

Integrate Visual-AI Into Your Platform

Seamlessly integrating our API is quick and easy, and if you have questions, there are real people here to help. So start today; complete the contact form and our team will get straight back to you.

  • This field is for validation purposes and should be left unchanged.

If You’re Thinking Of Building It Yourself... Talk To Us First!

Developing a Visual-AI solution in-house sounds easy, right? Wrong! Oh, you’re going to use one of the off-the-shelf offerings from the industry’s big names? Still wrong!

We don’t say this lightly. Many of our current customers thought the same thing, and many even tried. After months of work, wasted resources and lost revenue opportunities, they tested their solution against ours, only to discover that they couldn’t match the accuracy, flexibility, scalability and simplicity of VISUA’s Visual-AI.