Inception Cyber | INTENT-BASED SECURITY Blogs

Lost in Translation? Why Multilingual Threats Challenge Traditional Email Security—And How Intent-Based AI Fixes It

Written by Bill Mann, Co-founder and CEO | Jul 23, 2025 9:58:30 PM

In my previous blog, I explained why intent-based detection is the future of email security—moving beyond just analyzing payloads and keywords to understanding the purpose and meaning behind an email.

But there's another challenge that often goes unnoticed: multilingual attacks.

Outside the U.S., it’s common to see sentences like:

  •  "Hey David, peux-tu valider ce paiement? Je dois envoyer l’argent aujourd’hui." (English + French)
  • "Raj, urgent hai! Can you approve this transfer now?" (English + Hindi)
  • "Shalom David, please check this request. אני צריך אישור דחוף." (Hebrew-English)

For native speakers, these mixed-language messages feel completely normal. But for traditional email security tools, they're a nightmare.

Traditional email security struggles to interpret these multilingual messages, as most solutions rely on translation-based analysis that strips away context and intent—leaving enterprises vulnerable to phishing and Business Email Compromise (BEC) attacks.

 

How Attackers Use Language Blending to Evade Detection

Cybercriminals know that security tools rely on keyword and payload-based detection. They actively exploit this by:

  • Blending Languages in Phishing Emails – Mixing two or more languages makes it harder for keyword-based security filters to detect common phishing phrases.
  • Switching Between Languages to Evade Models – Many detection models classify emails based on their primary language. Attackers bypass these models by embedding malicious commands in secondary languages.
  • Manipulating Translations to Alter Meaning – Some phishing attacks deliberately phrase requests in a way that that obscure their intent when translated, especially if the translation lacks context or nuance
  • Targeting Global Enterprises with Multilingual Attacks – Large organizations with offices across multiple countries are prime targets for language-mixed phishing and Business email compromise (BEC) scams.

 

Real-World Examples of Multilingual Phishing and BEC Attacks

Phishing in German-English

A business user in Germany receives this email:

Why It Works:

    • The German-English mix feels natural in a bilingual workplace.
    • Traditional security solutions may flag phishing links based on single-language models, missing threats when words are split across languages.
    • Keyword-based detection, which is language-dependent, often fails—attackers blend multiple languages to bypass common BEC triggers.


BEC in Hinglish (Hindi-English)

A finance employee in India receives an email from a spoofed executive:

"Arre Rajiv, urgent hai! Can you approve this wire? Mujhe 5 lakh INR transfer karna hai immediately."

 Why It Works:

    • The Hindi-English conversational tone makes the request feel legitimate.
    • BEC attacks thrive on familiarity & trust—a multilingual request looks even more authentic.
    • Legacy security tools may miss “urgent hai” since it’s in Hindi, failing to catch tone.


Vendor Email Compromise (VEC) in Hebrish (Hebrew-English)

A U.S. company working with an Israeli vendor gets an invoice fraud email:

"Shalom David, please check this invoice. אני צריך אישור דחוף. Call me if you have questions."

Why It Works:

    • The Hebrew-English mix increases credibility for Israeli vendors and employees
    • Attackers exploit trust in multilingual business relationships to bypass suspicion.
    • Legacy tools struggle to analyze sentiment when switching between languages.


How InceptionCyber’s AI Beats Multilingual Phishing & BEC

AI understands languages natively—retaining purpose and meaning.

Many email security solutions develop signatures[1] for each of the languages which then is used for deriving a verdict. The problem with that approach is that maintaining separate signatures for each language does not scale effectively. It leads to a growing maintenance burden and requires developing new signatures every time a new language is introduced or modified.

 

How We’re Different

Every incoming email is first scanned to detect its language using n-gram analysis (LangDetect) and word2vec models (FastText library). If the detected language is Hindi, German, French, Spanish, Chinese, Korean, or Arabic, we apply intent-preserving translation into English using LLMs with fine-tuned parameters — ensuring that semantic and thematic context is retained.

Unlike legacy tools that rely on signatures[1] for each of the language keyword-based detection, Neural Analysis and Correlation Engine (NACE™) analyzes the full context post-translation, ensuring  intent is captured, independent of language, which then is used as a feature set for decision making. 

 

Detecting Mixed-Language Attacks That Legacy Security Misses

When attackers blend languages within a single email to bypass security tools, legacy security struggles, because it relies on separate language models, as signature sets for English and non-English text. But phishing doesn’t work that way.

NACE™, our Intent-based Threat Prevention™ AI platform, uses intent-preserving translation to convert all text into English, enabling a unified understanding of the email’s purpose. This allows NACE™ to detect malicious intent—like a wire transfer approval request disguised as a BEC phishing attempt—across multiple languages simultaneously, even when languages are mixed.

 

AI Detects Social Engineering Cues Beyond Just Words

Phishing emails aren’t just about words—they rely on psychological manipulation to succeed.  This requires the model to be able to able to understand tone, sentiment, emotions in an email. 

Attackers exploit:
  • Urgency (Hurry, immediate action required)
  • Authority (Sent from “CEO” or “HR”)
  • Trust (Mimicking real vendors or payment requests)

Intent-preserving translation in NACE™ ensures that emotion, tone, and sentiment are retained when text is converted to English. This enables our Intent-Based Detection™ to extract and leverage these subtle signals—regardless of language—allowing it to identify social engineering threats that traditional models often miss.

 

Final Thought: AI-Powered Security Must Speak the Language of Threats

Cybercriminals move fast, and multilingual phishing is becoming a key evasion technique to bypass legacy email security.

  • Traditional email security solutions rely on building language-specific signature sets, requiring a separate set for each language and additional signatures as new languages are introduced.
  • Security tools focused on payloads and keywords can’t detect subtle multilingual social engineering tactics.
  • Inception Cyber's AI-driven, Intent-Based Detection™ ensures nothing gets lost in translation—stopping attacks before they reach users.

In an AI-powered threat landscape, security must be just as advanced.

 

References
[1] Multi Lingual Rules for SPAM Detection , https://scispace.com/pdf/multilingual-rules-for-spam-detection-20kubohmlu.pdf
View full post