Payroll Fraud via LLM-Generated Emails

Sublime's Attack Spotlight series aims to educate readers about the evolving email threat landscape by showcasing real-world attack examples, detailing adversary tactics, and explaining detection methods. A highlighted attack involves Business Email Compromise (BEC) targeting Google Workspace users, where adversaries impersonate employees to reroute payroll funds using personalized messages likely generated by Generative AI (GenAI). These messages are crafted to mimic legitimate corporate communications but suffer from unnatural verbosity and originate from freemail providers like Gmail, adding false authenticity. The attack's effectiveness lies in its ability to exploit familiar scenarios of employees changing financial institutions, tricking recipients into fraudulent actions. Sublime employs a defense-in-depth strategy, utilizing numerous detection signals and machine learning techniques, such as Natural Language Understanding (NLU), to identify and prevent such threats. Despite the sophistication of AI-generated attacks, Sublime's robust approach ensures the detection and prevention of malware and other email-based threats.