The opportunities to use AI in workflow automation are many and varied, but one of the simplest ways to use AI to save time and enhance your organization’s security posture is by building an automated SMS analysis service.
Workflow automation platform Tines provides a good example of how to do it. The vendor recently released their first native AI features, and security teams have already started sharing the AI-enhanced workflows they’ve built using the platform.
Tines’ library of pre-built workflows includes AI-enhanced pre-built workflows for normalizing alerts, creating cases, and determining which phishing emails require escalations.
Let’s take a closer look at their SMS analysis workflow, which, like all of their pre-built workflows, is free to access and import, and can be used with a free Community Edition account.
Here, we’ll share an overview of the workflow, and a step-by-step guide for getting it up and running.
Employees often receive scam SMS messages designed to steal login credentials or install malware on devices. These messages can lead to compromised accounts, unauthorized access to sensitive information, and potential breaches that could cause significant harm to the organization’s operations and reputation.
Responding to each report manually can be time-consuming and error-prone, making it difficult for security teams to keep up with the volume of threats.
Using workflow automation, security teams can create an SMS analysis service that any employee across the organization can use.
It operates as a simple self-service model. When employees receive a suspicious message, they visit the web page and submit a screenshot of the message or a URL using the provided form. This form kicks off the workflow and they get a response within a couple of seconds. The response includes a clear and detailed analysis of the message and some recommended next steps.
Here’s an example of the image they might submit:
Here’s an example of the result they might receive:
The text reads:
Hi! Thanks for reporting the message. I’ve analyzed the content and have a few observations:
The message claims that your Amazon account has been locked due to multiple failed login attempts. This is a common tactic used in phishing scams, where attackers try to trick you into clicking on a malicious link to “recover” your account.
The message has a sense of urgency, which is another red flag for phishing attempts. Legitimate companies typically don’t demand immediate action in this manner.
The link provided in the message (hxxp://s953909557/servweb) appears to be suspicious. I’ve defanged the link, but I would strongly advise against clicking on it, as it could lead to a malicious website designed to steal your login credentials or install malware on your device.
Additionally, the message does not appear to be from any of our senior executives [executive names here]. This could be an attempt at CEO fraud, where someone is impersonating a senior leader to request sensitive information or perform unauthorized actions.
In summary, this message exhibits several characteristics of a common phishing scam and should be treated with caution. I recommend that you do not click on the provided link and instead contact Amazon directly through their official website or customer service channels to verify the status of your account.
Please let me know if you have any other questions or concerns. I’m here to help ensure the security of our organization.
Here are some of the key benefits of launching a service like this:
This workflow uses Tines Pages to create an automated SMS analysis service that anyone in the organization can use.
Tools used:
The workflow is kicked off by a submission on a Tines page, which includes a form where users can submit an image of an SMS message or a relevant URL.
The workflow then uses OCR to extract the text. If the image exceeds the file size limit, it’s resized using the Automatic Mode transformation action, which invokes a small piece of Python code that has been generated by AI in Tines.
The workflow also fetches the image if the provided input is a URL. If the image was uploaded, it renames the image to match the required format.
Once the text is extracted, it’s then sent to the AI action for analysis. The AI prompt asks the language model to analyze it for potential scam indicators and defang any links.
Here’s the AI prompt the Tines team used to create the workflow:
You are a virtual Security Analyst analyzing a suspicious SMS reported to you. The screenshot of the SMS has been OCR’d by you.
Reply to the user submitting the SMS with the analysis. You should be analyzing it for tone and for common scams like phishing, romance scams, fake invoice, fake tickets, and dozens of others.
As this is an internal tool, the primary worry is CEO Fraud where someone might be impersonating a senior executive. The Senior Executives in this company are [provide executive names and titles here].
If you are including any links in the response that may be suspicious, make sure you defang them.
Begin with:
“Hi! Thanks for reporting the Message…”
The AI action forms a response to the user including analysis – whether or not the message appears to be malicious – and recommended next steps – don’t click the link, etc.
If, for some reason, the analysis fails, the user will receive a message prompting them to try again or contact the security team.
1. Log into Tines or create a new account.
2. Ensure AI is enabled on your tenant. For this, you need to be the tenant owner. Select the account settings drop-down in the top left of your screen, and check the box to turn AI on.
3. Create your OCR credential. Set up an OCR API account if you don’t have one already and get the API key for your account. From the credentials page, select New credential. You will then be prompted to choose the credential type (in this case, Text) and complete the required fields. Name the credential “ocr_space” to automatically connect the credential to the workflow.
4. Navigate to the pre-built workflow in the library.
5. Select import. This should take you straight to your new pre-built workflow.
6. Configure your actions. For example, you may like to edit the layout of the Tines page that kicks off the workflow, and customize the AI prompt with the names of executives at your company.
7. Test the workflow. Submit an image via the form to test your workflow.
8. Publish your workflow and share the Page URL with your desired users.
You could use another no-code automation platform to build a similar service, although it’s worth noting that some of the features in this workflow are unique to Tines:
If you’d like to explore AI in Tines for yourself or test out this workflow, you can sign up for a free account including AI functionality.
