Abnormal AI

Adelphi typically receives hundreds of phishing attacks per day. Many of these are remediated by Google, but not all. These attacks target our students, alumni, faculty, and staff and focus on account takeovers, financial theft and fraud, intellectual property theft, or reputational damage. At the very least, we all appreciate help with decluttering our inboxes and limiting the amount we spend on verifying the legitimacy of messages.

Moreover, attacks are increasingly sophisticated. In the past, phishing was recognizable. Today, email-based attacks are subtle and advanced, and are able to convince even the most threat-aware people. In particular, over the past few years, we have seen a significant increase in phishing originating from student or faculty accounts that were compromised for the sole purpose of sending phishing scams to other users.

When (not if!) this happens, the damage comes swiftly. Students, faculty and employees lose control of their research data, teaching materials, university data, or their personal information, and even sometimes their pay. The resulting cleanup takes a lot of time and is often an emotional ordeal.

We needed an automated method of putting attack messages out of harm’s way. To put some number on it: over the last 90 days, we observed approximately 500,000 emails that were likely malicious. Of those, about 60% were trying to trick people into giving up their passwords or their multifactor codes; 12% were fraud scams looking to steal from people, and a small (but significant number) of them were attempts to take over Adelphi user’s email accounts.

Abnormal’s email protection is an advanced email security platform, integrated with Adelphi University’s Gmail service. It automatically detects and removes email-based threats, such as phishing, malware attachments, and business email compromises. It helps ensure a safer and more efficient email experience for faculty, students, alumni, administrators and staff.

During the summer of 2025, we evaluated a significant number of providers. Abnormal ended up being our top candidate. In addition, the service is well-established in higher education (for example, Ambert, UC Boulder, Brown, Penn State, Oklahoma State, Yale, etc.) are all using it to protect their email. Gartner classifies the provider as a Leader in the email security space. Because they understand the private higher education industry.

Abnormal’s email protection platform leverages artificial intelligence (AI) and machine learning to detect and prevent a wide range of email-based threats, including phishing and account takeover.  It works by evaluating attachments and links to assess potential threats, and keep them out of Inboxes.

It also enables us to detect unusual login activity, email rule filter changes, shifts in email content and tone, and unusual recipients — key indicators of account compromise. Because of this, the information security team can respond faster to protect both you and the University from damage and data breaches.

Abnormal Email Security automatically detects dangerous and suspicious messages and removes them from your inbox.

Note that we do not prevent email from arriving in your inbox! We will mark spam messages and place them in the Spam folder and we’ll place malicious messages in your Trash. They’ll stay there for 30 days. After that, they will be removed permanently. If you want to flush your Spam and Trash folders more quickly, you can do that too.

You still need to be mindful of email-borne threats, but the number of malicious messages you receive will be dramatically reduced.

Abnormal Email Security processes messages in a secure ‘sandbox’ after they arrive in our email environment. This can lead to messages being delivered and then remediated if deemed a threat. While this happens in milliseconds, you might notice a message appear and then disappear if actively monitoring your inbox. This is normal, however, if you have any concerns, please contact the IT Help Desk so we can confirm that the removal was part of the security tool’s operation.

Abnormal may rarely inadvertently flag legitimate internal correspondence as malicious. In the unlikely chance this may have occurred, check in with the Helpdesk. They will confirm if the message arrived and if there were any security concerns with its contents.

Please include as many details as you can:

• Sender Email
• Subject
• Approximate timeframe email was sent

If you don’t know exactly what these were, give us an indication of what we should look for and we’ll do our best to help. Very likely, the message got marked as malicious before it reached us, and something upstream prevented it from arriving to us.

Please report the email using Google’s “Report as Spam” or “Report as Phishing” functions. Abnormal is closely integrated with Gmail, so we can just use its built-in functions to assess and help improve detections.

Abnormal processes and stores only the minimum amount of data, including personal data, necessary to enable it to perform its functions.  It does not store, persist, or retain the contents of or attachments to email that the Abnormal identifies as non-malicious using its machine learning models; rather, only email content and attachments (if any) that it identifies as malicious are transferred to its cloud-based servers for further processing and analysis.

No, you cannot opt out of email security. Adelphi has an institutional obligation to protect its assets. That includes all computers, networks, and networked services.

Only the Information Security Team is authorized to access alert details in Abnormal. The team consists of two full-time employees in the IT department. They are overseen by a faculty member who has a secondary administrative appointment and who is a direct report to executive leadership.

Here are some examples of what we would see:

In this case, Abnormal recognized that students were targeted with an account take-over attack, masquerading as a remote job offer. These scams often impersonate faculty members or high-ranking administrations. This attack targeted 1,257 recipients (mostly students and alumni).  The tool also provides us with insight into the effectiveness of the attack:

This is a fairly common attack, but as you can see from these stats, still fairly effective with an 18% response rate.

Clicking in enables the infosec team to see additional information:

Only if this multi-stage review indicates that this is a likely malicious attack, the infosec team will be authorized to review the full text of the message and determine if this was a true scam.

This protection is active 24/7/365. Before the adoption of Abnormal AI, the Infosec team tried to respond outside of business hours, but we are limited in our ability to do so. Additionally, doing this level of investigation, containment, remediation and notification, in the worst cases, takes several hours if performed manually. Using Abnormal’s tool, we can reduce the time to seconds. By doing so, the infosec team can be more effective in its response actions and more effectively protects your data.

Abnormal will appear on Gmail accounts’ recent activity window as the Authorized application 116920771689407251245, with a Virginia (VA) location/IP address. Rest assured, this is normal behavior.

If you see other unrecognized account activity, or have reason to believe your account may otherwise be compromised, contact the IT Help Desk.

No. Onboarding this tool will merely make the infosec staff more effective. We will have permanent response capabilities and because responses are automated, we can respond much faster.