J2 Software, SlashNext highlight AI’s role in combating BEC and advanced phishing attacks

John McLoughlin, CEO of J2 Software.

---

J2 Software, in partnership with SlashNext, recently hosted an engaging and insightful webinar focused on the growing threat of business e-mail compromise (BEC) and advanced phishing attacks. The webinar shed light on how AI-driven solutions are transforming cyber security, offering proactive protection against evolving cyber threats.

Cyber attacks now occur every 11 seconds, and by 2025, cyber crime is projected to exceed $10 trillion annually. E-mail remains the primary vector for these attacks, with 85%-93% of successful cyber attacks starting in e-mail, often tricking users to use other communication channels, such as mobile messaging platforms or moving them onto an online platform with their browser in an effort to bypass traditional e-mail security measures.

Notably, small and medium-sized businesses (SMEs) are often targeted as they appear to be particularly vulnerable.

John McLoughlin, CEO of J2 Software, emphasised that modern cyber threats target the essential pillars of digital operations – users, e-mail, data, devices and internet infrastructure. His mantra: "You can’t protect what you can’t see," underscores the importance of visibility for effective response.

Generative AI and large language models (LLMs) are revolutionising phishing attacks, as cyber criminals exploit tools like ChatGPT to craft highly localised and sophisticated phishing e-mails.

McLoughlin highlighted a specific incident where deepfake technology was used to impersonate a company executive via a video call, causing a multinational company to lose $25 million. In this sophisticated scam, fraudsters employed deepfake technology to replicate the voice and face of the company's chief financial officer, and other executives, during a video conference.

“The employee, believing he was interacting with genuine colleagues, was tricked into transferring the substantial sum. This case is a prime example of how AI can be maliciously leveraged in social engineering attacks, where attackers craft scenarios to deceive individuals by mimicking trusted entities in virtual settings,” he explained.

This incident underscores the growing threat of deepfake phishing schemes, where the manipulation of audio and video can bypass traditional security measures and personal scepticism. This also proves that cyber security is enabled by technology, but there is still a need for robust processes that live outside of the screen.

Companies like SlashNext offer a 360-degree protection suite that goes beyond traditional secure e-mail gateways (SEGs), which struggle against modern threats.

Key features include:

• Zero-hour protection: AI detects and neutralises BEC and social engineering attacks in real-time.
• Malicious content filtering: Blocks malware, phishing links and malicious QR codes.
• Browser and mobile messaging security: Ensures threat detection without compromising privacy on browser and on-device messaging applications.
• Advanced detection mechanisms: Uses NLP classifiers, social graph analysis and computer vision to pre-emptively identify threats.

Attackers are constantly evolving their attack methods and make use of existing tools, like compromised SharePoint sites or the capabilities of online services and platforms to launch their attacks. In recent times, there are reports of attackers using legitimate services from DocuSign and QuickBooks to spread their attacks in an effort to evade DNS security.

Mobile devices have become prime targets for phishing via SMS (smishing). SlashNext’s mobile app, designed for both personal and BYOD (bring your own device) environments, filters malicious messages directly on the device. This ensures privacy and security without reporting back to external systems.

A notable example discussed was the Twilio breach, where attackers mimicked Twilio’s Single Sign-On (SSO) system through SMS, demonstrating the critical need for robust mobile defences.

SlashNext's browser extension employs on-device machine learning to analyse web pages dynamically. This approach offers immediate protection against URL redirection and credential theft, essential in thwarting phishing attempts that circumvent traditional detection.

Beyond technology, the webinar stressed the importance of user awareness. SlashNext promotes a security culture where employees are encouraged to report suspicious activities instead of fearing punitive measures. Behavioural training plays a key role in building resilient organisations.

Organisations can evaluate their exposure to e-mail and phishing threats through a no-charge cloud e-mail risk assessment provided by J2 Software, powered by SlashNext. There are integrations to other security platforms, ensuring seamless deployment across existing security frameworks.

The J2 Software and SlashNext partnership showcases the power of AI to counter evolving cyber threats. Proactive, AI-driven solutions offer comprehensive protection across e-mails, browser and mobile messaging platforms, ensuring businesses remain one step ahead of cyber criminals.

As cyber attacks grow more sophisticated, organisations must adopt innovative, dynamic defences to safeguard their digital assets, operations and, ultimately, their people.

For more insights, J2 Software and SlashNext invite organisations to explore their research and participate in risk assessments. Cyber security is no longer a reactive discipline – it’s a continuous, proactive effort driven by vigilance, innovation and resilience.