back to article Here's some phish-AI research: Machine-learning code crafts phishing URLs that dodge auto-detection

An artificially intelligent system has been demonstrated generating URLs for phishing websites that appear to evade detection by security tools. Essentially, the software can come up with URLs for webpages that masquerade as legit login pages for real websites, when in actual fact, the webpages simply collect the entered …

  1. Nick Kew Silver badge
    Facepalm

    Clickbait

    Story: exercise in futility proves futile.

    Spammers have been tweaking their evasions for twenty years. Why on Earth should one suppose phishers would present a big fat static target for naive pattern-classification?

    1. handleoclast Silver badge

      Re: Clickbait

      Why on Earth should one suppose phishers would present a big fat static target for naive pattern-classification?

      I would expect exactly the opposite. Phishers achieve a small degree of success with the naive pattern-classification systems running on wetware. The more naive the system, the higher the chance of success.

      BTW, is anybody interested in helping me out by setting up a joint bank account I can use to smuggle embezzled money out of Nigeria?

  2. ShowEvidenceThenObject

    When two AIs go to war

    Defeating algorithms only takes a little bit of time, brain and experimentation.

    What we want is for the detection and generation AIs to get to the logical conclusion more quickly:

    "A strange game. The only winning move is not to play."

  3. Shadow Systems Silver badge

    I've got an easy solution...

    I never click links. Not ever. Never never never, nope-a nope-a nope! =-D

    /Sarcasm...???

  4. Dylan

    critical flaw in the paper

    "We can confirm that these attacks are targeting the same brand, therefore, it is safe to

    assume they are being made by the same threat actor."

    Phishing kits are a thing, and they're widely available to anyone who wants them.

    Just because the folder syntax is the same, doesn't mean they are the same threat actor.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019