Computer Vision News - December 2018

22 Computer Vision News Application Application set of unlabeled examples, continues to explore how much leverage they can get out of totally unlabeled examples of emails. Throughout the process of making their technology work, they have come across funny stories every step of the way. At certain points, it becomes totally obvious that the approach they were using would not work. Baggett recalls: “ I mentioned the logo graphic, HTML. We had a user who reported a fake Target email, and Inky didn’t catch it. As usual when someone reports a mail, we look at it and at how would we have ever caught this. We are looking, and there is no image at all. That motivates us to think more broadly about these kinds of things in a way that is very hard to anticipate. Until you see the data, it’s like anything else in science, you can’t really imagine all the pitfalls. So there has been a lot of things like that .” Working in the industry, Baggett has come across many terrifying and entertaining examples of real-world phishing emails, from Bitcoin messages and even phony Thanksgiving emails. They recently published a blog post on spear phishing attacks that impersonate a family member or friend to wish a Happy Thanksgiving. Baggett suspects that this particular scam comes from a single phishing kit. It requires an impressive amount of work to create these various greetings. In his own words, “ It’s not surprising, but it is entertaining to see the length that some of these people will go to try to scam people. ” Attackers now simply take a real American Express mail and simply change the URL, making the email visually identical. To combat this, they have to figure out a way to tell if the mail really comes from American Express. After all, they do not have a clean data source indicating all of the mail domains of American Express. In some cases, when the forgery looks so bad, they might assume that users would not fall for it. For example, a fake Microsoft mail that doesn’t have a Microsoft logo, but it just says log into your Office 365 account. Baggett and his team might not think to warn their users because the forgery looks so fake. However, they still need to accommodate the psychology of the end user and deal with these types of obvious forgeries even when you expect they will not fool anyone. Baggett elaborates: “ I think that is a really interesting area because it’s not “…it becomes totally obvious that the approach they were using would not work.” Dave Baggett

RkJQdWJsaXNoZXIy NTc3NzU=