Guide on Establishing an Automated SMS Evaluation Solution with AI in Tines
There are several opportunities to employ AI in optimizing workflows, and a straightforward approach to leveraging AI for time-saving and enhancing organizational security posture is by constructing a self-regulating SMS evaluation service.
Tines, a workflow automation system, offers a solid illustration of how to undertake this process. The provider recently unveiled their initial in-house AI functionalities, and security teams have already initiated sharing the AI-empowered workflows created with the platform.
Tines’ compilation of ready-to-use workflows includes AI-enhanced templates for standardizing alerts, generating cases, and determining phishing emails necessitating interventions.
We’ll delve deeper into their SMS evaluation workflow, which, similar to all their readily available workflows, is freely accessible for importation and can be utilized with a complimentary Community Edition subscription.
Let’s first look at the issue – SMS hoax messages targeting staff members
Staff members are frequently on the receiving end of hoax SMS messages intended to pilfer login details or implant malicious software on devices. These messages can result in compromised accounts, unsanctioned access to sensitive data, and potential breaches that might inflict substantial harm on the organization’s operations and reputation.
Responding manually to each report can be laborious and error-prone, making it challenging for security teams to cope with the influx of threats.
The resolution – an automated SMS appraisal service
 |
| A web page with a form inviting employees to submit the message for analysis |
Employing workflow automation, security departments can develop an SMS appraisal service that any employee throughout the organization can utilize.
It functions as a straightforward self-help model. When employees receive a dubious message, they simply visit the webpage and submit either a screenshot of the message or a URL through the provided form. This action kickstarts the workflow, and they promptly receive a comprehensive analysis of the message along with suggested subsequent actions.
Here’s an illustration of the image they may upload:
Below is a simulated outcome they might expect:
 |
| The automated analysis received by the employee |
The text conveys:
Welcome! Appreciate your report. After assessment, here are some observations:
The message alleges your Amazon account got locked due to numerous login failures. This ploy is often employed in phishing schemes, where fraudsters attempt to deceive you into clicking on a harmful link for “account recovery.”
The message exudes urgency, a typical trait of phishing endeavors. Reputable entities usually do not mandate prompt actions in such a manner.
The link in the message (hxxp://s953909557/servweb) seems dubious. Although I’ve neutralized the link, I strongly advise against clicking it, as it might lead to a malicious site aiming to steal your login information or plant malware on your device.
Moreover, the message doesn’t appear to originate from any of our high-ranking executives [executive names here]. This could be an instance of CEO deception, where an individual impersonates a senior figure to solicit confidential details or execute unauthorized deeds.
To summarize, this message exhibits several traits of a typical phishing scam and warrants careful handling. I recommend refraining from clicking the link provided and instead contact Amazon directly via their official site or customer care channels to validate account status.
Should you have queries or concerns, feel free to reach out. Ensuring our organization’s security is my priority.
Here are some primary advantages of instituting such a service:
- Promotes a cybersecurity-oriented culture by encouraging employees to stay vigilant and bolster security-conscious decision-making
- Alleviates manual, repetitive tasks for the security squad
- Enhances the speed and precision of threat detection
 |
| The pre-built workflow as demonstrated in the Tines library |
Overview of Workflow
In this workflow, Tines Pages are utilized to build an automated SMS analysis service accessible to all team members within the institution.
Software utilized:
- Tines – an extensively used platform for orchestration and automation in workflows, particularly favored by security units. Users lacking a paid subscription can construct and execute this workflow through the complimentary Community Edition of Tines. Activation of AI is mandatory on your platform. It should be noted that the utilization of AI actions is governed by a credit system, but all accounts are provided with a certain allowance of free credits.
- OCR – a cost-free tool designed for parsing images and multi-page PDF documents, returning the extracted text outcomes in a JSON structure. Premium plans with augmented usage limits are also an option.
The workflow commences upon submission on a Tines page, which features a form enabling users to submit either an image of an SMS message or a pertinent URL.
Subsequently, the workflow harnesses OCR to segregate the text content. In the event the image surpasses the file size threshold, it undergoes resizing using the Automatic Mode transformation action, which triggers a compact Python script devised by AI within Tines.
Moreover, if the input provided is a URL, the workflow retrieves the image. In case an image was uploaded, it gets renamed to adhere to the required format.
After the text extraction, it is directed to the AI action for evaluation. The AI inquiry prompts the language model to scrutinize the content for potential fraudulent signals and neutralize any suspicious links.
Below is the AI query employed by the Tines team to establish the workflow:
You are playing the role of a virtual Security Analyst dissecting a suspicious SMS forwarded to you. The image of the SMS has been OCR’d by you.
Respond to the user submitting the SMS with your analysis. Conduct a comprehensive evaluation for tone and prevalent scams like phishing, romance scams, counterfeit invoices, bogus tickets, and numerous others.
Given this is an internal tool, the focal concern is CEO Fraud where there may exist an impersonation of a senior executive. The Senior Executives within this organization are [mention executive names and titles here].
If incorporating any links in your response that might arouse suspicion, ensure they are defused.
Initiate with:
“Hello! Many thanks for reporting the Message…”
The AI action generates a response to the user, encompassing the analysis, determining if the message appears malicious or not, and suggesting subsequent measures, for instance, refraining from clicking the link.
In the rare event of an analysis failure, the user will be notified to attempt again or engage with the security team.
Alignment of the Workflow – Detailed Procedure
 |
| The Tines Community Edition sign-up form |
1. Sign in to Tines or commence the account creation process.
2. Confirm that AI functionality is activated on your platform. To accomplish this, assuming the role of the tenant owner is required. Click on the account settings dropdown located on the top-left corner of your screen and mark the designated box to switch on AI.
 |
| The OCR Space sign-up form |
 |
| Inclusion of a new credential within Tines |
3. Formulate your OCR credential. If you lack one, set up an OCR API account and obtain the corresponding API key. Proceed to the credentials section, select New credential, pick the credential type (Text in this instance), and fulfill the mandatory fields. Label the credential as “ocr_space” to facilitate automatic linkage to the workflow.
4. Proceed to the pre-made progression in the archives.
5. Opt importation. This step will lead you directly to your fresh pre-made progression.
6. Set up your maneuvers. For instance, you might want to modify the design of the Tines page that initiates the progression and tailor the AI prompt with the titles of senior leaders at your organization. 7. Experiment with the progression. Transmit an image through the form to test your progression. 8. Release your progression and distribute the Page URL with your intended users. Constructing in alternative automated toolsYou could utilize another no-code automated tool to construct a similar service, although it’s important to note that some of the functionalities in this progression are unique to Tines:
If you wish to explore AI in Tines independently or try out this progression, you can register for a complimentary account incorporating AI functionalities. Found this article intriguing? This article is a contributed piece from one of our esteemed partners. Follow us on Twitter and LinkedIn to peruse more exclusive content we publish.
About Author
More Stories |
