Trend Micro Unveils Industry’s First AI-powered Writing Style Analysis to Halt Email Fraud

Trend Micro Inc. announced a new capability designed to enhance protection against Business Email Compromise (BEC) attacks. Powered by artificial intelligence (AI), this innovation will be integrated into multiple products to raise the alarm when emails are suspected of impersonating an executive or some other high-profile user.

"This is the first time I've seen email writing style analysis launched in our industry," said Michael Osterman at Osterman Research. "This is a compelling demonstration of AI being used for essential cybersecurity protection against today's most financially impactful attack vector -- email."

Trend Micro Writing Style DNA is a new layer of protection against BEC attacks, which uses AI to "blueprint" a user's style of writing, employing more than 7,000 writing characteristics. When an email is suspected of impersonating a high-profile user, the style is compared to this trained AI model and a warning is sent to the implied sender, the recipient and the IT department.

"The future threat landscape requires AI-powered protection that leverages expert rules and machine learning," said Eva Chen, CEO of Trend Micro. "We are proud to add another industry first in this area.

"This new capability is the perfect complement to our existing email security as well as the free phishing simulation and awareness service we're making available to businesses. In a world of increasingly sophisticated and financially damaging email fraud, multiple layers are needed to put organizations back on the offensive."

In 2017, 94 percent of all ransomware blocked by Trend Micro was distributed via email. In addition, total global losses from BEC scams are predicted to reach $9 billion in 2018, with an average loss of $132,000 per BEC incident. Businesses need to be able to thwart phishing -- both through training and technology.

BEC attacks impersonate the CEO, president or managing director of a company nearly 70 percent of the time, with urgent requests for an employee to make a wire transfer or reply with sensitive data. These are hard to detect because the emails usually do not have an attachment or URL link, which are more commonly recognized as suspicious.