How AI Lures Are Optimized for Token Theft

For years, corporate security training drummed a simple message into employees' minds: Check the sender address, look for bad grammar, and never give away your password.

But today, advanced adversaries don’t care about passwords anymore, and the traditional Secure Email Gateways (SEGs) built to stop credential harvesting are missing the real danger.

With the emergence of sophisticated phishing kits like Kali365, cybercriminals have completely bypassed the password barrier. Now, they’re using AI-native social engineering to steal what actually matters: active session tokens.

Here is how the threat has evolved, why traditional defenses are failing, and how security teams must adapt to break the economics of modern token theft.

Why Cybercriminals Abandoned Password Stealing

An enterprise password, on its own, is nearly useless to an attacker today.

The widespread adoption of multi-factor authentication (MFA) means that even if a threat actor dupes an employee into typing their credentials into a fake login page, they still bump into a secondary wall, like:

• An authenticator app
• A hardware key
• A push notification

To overcome this roadblock, attackers shifted to adversary-in-the-middle (AiTM) proxy architectures. When a kit like Kali365 is deployed, the attacker doesn't just host a static, fake login page. Instead, they position their malicious server as a proxy directly between the target employee and the legitimate service (like Microsoft 365 or Google Workspace).

In simple terms, here’s what the process looks like:

1. The user logs in through the proxy site.
2. The proxy relays the genuine credentials to the actual corporate login portal.
3. When the real portal requests an MFA prompt, the proxy forwards that prompt to the user.
4. The user completes the MFA verification. The actual server issues an active session token (cookie), which the proxy intercepts.

With that session token in hand, the attacker can completely bypass MFA entirely. They can drop the stolen token into a browser and instantly assume the identity of the employee, gaining unrestricted access to internal communications, source code, and cloud databases.

AI-Native Lures Eliminate the Gut Feeling

Historically, the ultimate indicator of a phishing attempt was human intuition, a.k.a. the gut feeling, triggered by a weirdly worded email, an unusual, urgent demand, or a broken template.

AI has eliminated those tells. Adversaries are using large language models (LLMs) to automatically scrape a company's public voice (LinkedIn updates, press releases, corporate jargon) to craft highly targeted, hyper-personalized communications.

Traditional SEGs rely heavily on checking text for malicious payloads, known spam signatures, or basic typos. When an AI-generated email contains zero typos, speaks in the exact tone of a trusted colleague, and doesn't contain a traditional malicious attachment, it glides past inline filters directly into the inbox. The perfect corporate context acts as an instructional guide, steering the employee straight toward the AiTM proxy link.

Why Inline Email Security Must Look Beyond the Body

If an email security tool only analyzes what’s happening inside the inbox, it has already lost the battle. AI lets attackers spin up infinite variations of cross-channel lures at zero marginal cost. If a legacy tool simply quarantines a single message, the attacker tweaks a sentence, registers a fresh lookalike domain, and fires a variation from a new staging ground five minutes later.

To stop token-harvesting operations, email defense must look completely beyond the body of the text. It must extend its visibility to the destination infrastructure.

A modern, defensive posture requires connecting inbound mail flow directly to a global digital risk framework:

• Analyzing email headers and tracing them back to the active external staging ground.
• Evaluating the target domain of the link not just for reputation score, but streaming live domain registrations, inspecting SSL certificates, and executing automated phishing kit analysis to spot proxy behavior.
• When a proxy or lookalike domain is detected, defense cannot stop at a localized inbox block. Security operations must actively hunt down the malicious infrastructure and dismantle it at the provider level, ensuring the attacker cannot target anyone else in the enterprise.

Disrupt the Technical Staging Ground

Treating email security as an isolated filter is a legacy mistake. Effectively disrupting modern cybercrime requires analyzing threats across multiple domains, platforms, and infrastructures simultaneously.

When sophisticated campaigns go after an enterprise, you need to bridge external threat intelligence with internal defenses through a multi-layered approach.

Doppel does just that:

• Using sophisticated computer vision, OCR, and AI models, the platform scans newly registered domains and lookalike infrastructure to identify spoofed branding and authentication proxies before they scale.
• Automated honeypots engage directly with malicious infrastructure to capture full header data and technical evidence straight from email and hosting providers.
• Instead of allowing alerts to sit in backlogged manual queues, backend automations and deep provider integrations execute rapid, multi-channel infrastructure takedowns.

Attackers thrive when changing an email script is free. By identifying the underlying AiTM proxy infrastructure, mapping it to our global Threat Graph, and executing automated takedowns, you can change the economics of cybercrime: neutralizing the token-harvesting infrastructure before your employees ever have the chance to comply.

Want to see how Doppel combines automated domain protection, advanced threat intelligence, and high-velocity infrastructure takedowns? Request a demo with our team today.