In-depth

The future of spam is scary

AI, deepfakes and other tech could make spotting spam tougher, but spam fighters are using the same tools to keep our inboxes clean

Incoming spam attack

Spam is easy to spot. Automated systems catch the vast majority of it, though with hundreds of millions of dodgy messages sent daily, the odd message still slips through the net to your junk email, where it hopefully languishes unnoticed.

That's down to serious effort on the part of email companies Google, Microsoft and the rest but their job is about to get a lot harder as spammers turn to AI, as well as deepfakes, social bots and other intelligent technologies. "Deception is the goal of most modern spam attempts," said Emilio Ferrara, research assistant professor at the USC Department of Computer Science, and the author of a recent paper on the subject of AI and spam. "AI is providing more and more powerful tools to automatically generate deceptive content including text and video. Although the full implications are impossible to predict one can speculate that with increasing technological capabilities the abuse and its consequences will get worse."

Using AI for spam

That first role means it will be harder for automated systems to spot spam. "We've entered an era where we can no longer trust our own inboxes," said Max Heinemeyer, director of threat hunting at Darktrace, a British AI security startup valued at more than a billion dollars. "Across our customer base, we are seeing the early signs of attackers using artificial intelligence to supercharge their creation of spoof emails generating communication that, for the average person, is virtually indistinguishable from genuine communication."

The rise of AI comes via a few different avenues, and all can be abused by spammers. Neural networks that can read text, understand the context of an image and write believable messages all without human interaction so spammers can build more realistic, personalised messages, making it more difficult to filter them out from legitimate mail. And if email providers can't spot spam, it's fair to say plenty of people will be caught out too, raising the risk of phishing attacks as well as mass marketing of dodgy products that usually fill spam emails.

"This only requires relatively simple sequence-to-sequence machine learning which could be installed on an infected device in order to monitor emails and conversations of a compromised victim," said Heinemeyer. "After a period of monitoring, the AI could tailor phishing messages to mimic the message style of the victim to particular contacts in their address book, in order to convince them to click on a malicious link."

There are other types of spam beyond the messages clogging up our email inboxes. Spammers have also turned to messaging apps, search results and social media, with bots promoting links to fake reviews and websites selling dodgy wares, be it off-brand sunglasses or hair-loss prevention pills. Those can be written by humans, but it's much more profitable if those bots are automated, and the most convincing ones use AI to react to humans. "Cyber criminals are innovators they are always looking for new ways to reach more victims, more quickly to ultimately make more money," said Heinemeyer. "Spam campaigns today take a group of around 50 cyber criminals, who send about 50,000 emails a day with a success rate of about 20%. With AI in the picture, it would only take two attackers to create code that could generate two million emails a day with an 85% success rate, making their attacks significantly more profitable."

AI also makes it easier to build so-called "deepfakes", digitally altered or generated images and video that look real. Sometimes the content can be an entirely false person, handy for an avatar for a fake social account, but the same idea can be applied to text or pictures to make spam specifically tailored for you. "It can be used for example to produce personalised spam targeting individuals using information about their friends (pictures, videos) to produce targeted deepfakes or digital avatars of them," said Ferrara. Would you be more likely to open a spam message if it came from a Twitter feed with an avatar that looked like your friend or pretended to be an email from a contact you have in your email account?

Fighting spam with AI

Of course, the white hats of the tech industry also have access to AI and Google, with its thousands of software engineers, is thankfully rather better at neural networks and machine learning than the average spammer. "It's surely a doomsday scenario, but we have seen enough already to know that without countermeasures these spam technologies can get out of hand," said Ferrara.

Google has long been using neural networks to spot spam, bringing its self-reported rate of spam detection to 99.9%. But it's going further to target the last few spam messages slipping through, while also cutting down the number of legitimate messages that get snagged in its net. The company recently detailed how it's battling spam via its machine-learning system TensorFlow, using it to look for patterns in the thousands of bits of data that Google analyses to see if a message is spam or not, personalising that based on what Google knows about someone's email habits. "Using TensorFlow has helped us block image-based messages, emails with hidden embedded content, and messages from newly created domains that try to hide a low volume of spammy messages within legitimate traffic," Gmail security product manager Neil Kumaran explained in a blog post earlier this year. That added up to an extra 100 million messages blocked per day.

Google's not the only one. In June, Twitter bought startup Fabula AI to help the social media service use artificial intelligence to battle back against spam and abuse, with Twitter saying earlier this year that fake and spam accounts make up as much as 5% of its active accounts. And last year, Microsoft said it had improved its filtering using AI-based techniques, training its system by scanning 18 billion links and attachments.

There are other automated, intelligent systems to push back against spam, including New Zealand security firm Netsafe's Re:scam, a chatbot that uses AI to reply to spammers in order to eat up their time and drive up costs. Whether it reduces spam remains to be seen, but the ensuing transcript of the exchange between the chatbot and the spam-sending scammer is amusing.

The scale of the problem means automated protections are key to winning the battle against spam it's too big of a problem for us humans to manage, making it the perfect place to put AI to work. Spam is spreading and it's getting smarter thankfully, we have the same tools to battle back. "We cannot expect the general public to dedicate time to becoming experts in cyber security. What's more, AI attacks will be too clever and stealthy to combat than with other AIs," said Heinemeyer. "This is one arena we'll have to give up control to intelligent systems, not take it back."

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

US charges six Russians behind NotPetya and Olympics hacks
Security

US charges six Russians behind NotPetya and Olympics hacks

20 Oct 2020
Microsoft becomes the most-spoofed brand for phishing attacks
Security

Microsoft becomes the most-spoofed brand for phishing attacks

20 Oct 2020
Managing employee security risks during lockdown
Security

Managing employee security risks during lockdown

20 Oct 2020
iPhone 12 poses potential security risk for WhatsApp users
Security

iPhone 12 poses potential security risk for WhatsApp users

19 Oct 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
iPhone 12 lineup official with A14 Bionic chip and 5G support
Mobile Phones

iPhone 12 lineup official with A14 Bionic chip and 5G support

13 Oct 2020
Google blocked record-breaking 2.5Tbps DDoS attack in 2017
Security

Google blocked record-breaking 2.5Tbps DDoS attack in 2017

19 Oct 2020