Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    [EYE OPENER] How ChatGPT Can Be Used For Social Engineering

    [EYE OPENER] How ChatGPT Can Be Used For Social EngineeringChatGPT could give Google a serious run for its money. We are not quite there yet, but the capabilities are rapidly improving. Just have a look at the command I gave it. In 5 seconds the copy rolled out. This is unedited by the way:

    What I told it do do:

    "Write a 300-word blog post how ChatGPT can be used for social engineering"

    What it wrote:

    "ChatGPT, a large language model trained by OpenAI, has the ability to generate human-like text that can be used for a variety of purposes. One such use is in the realm of social engineering, where ChatGPT can be used to create convincing messages that can manipulate individuals into divulging sensitive information or performing certain actions.

     

    Social engineering is a tactic that relies on psychological manipulation to trick people into giving away sensitive information or performing certain actions. This can be done through various means, including phishing scams, pretexting, and other forms of deception.

     

    ChatGPT can be used to create convincing messages that can be used in these types of scams. For example, a scammer could use ChatGPT to generate a seemingly legitimate email from a well-known company, asking the recipient to click on a link and enter their login credentials. ChatGPT's human-like text generation abilities can make the email seem legitimate, increasing the likelihood that the recipient will fall for the scam.

     

    Another way ChatGPT can be used for social engineering is in creating pretexts. Pretexting is the act of creating a fake scenario or backstory in order to gain the trust of the target and obtain sensitive information. ChatGPT can be used to generate a convincing pretext, making it more likely that the target will believe the story and provide the desired information.

     

    Additionally, ChatGPT can be used to generate messages that can be used in phishing scams. Phishing scams are a common form of social engineering that involves sending fake emails or messages that appear to be from legitimate sources, in an attempt to trick the recipient into providing sensitive information or clicking on a malicious link. ChatGPT's ability to generate human-like text can be used to create convincing phishing messages, increasing the likelihood that the recipient will fall for the scam.

     

    Overall, ChatGPT's ability to generate human-like text can be a powerful tool for social engineering. By creating convincing messages, ChatGPT can be used to manipulate individuals into divulging sensitive information or performing certain actions. It is important for individuals to be aware of this potential use of ChatGPT and to exercise caution when interacting with unknown sources."

    The grammatically correct copy isn't very inspired and a bit repetitive, but a pretty amazing advance in technology.

    ChatGPT got to an astounding 1 million users in less than a week. ChatGPT has been trained using millions of websites to not only hold humanlike conversations, but also to understand information based on what was published on the internet before late 2021. This allows ChatGPT to offer users a more comprehensive—almost frictionless—answer than what can be found through clicking on Google search links.

    However...

    • A big downside to ChatGPT is that its sources are unknown, meaning the creators themselves may not even know where the answers it produces come from. This often leads to incorrect information being given.
    • The concerning thing about this flaw is that the inaccuracies are tough to notice, especially because it sounds confident but can really be utter nonsense.
    • You cannot use ChatGPT to find out if text has been written by ChatGPT. There is no antidote.
    • It cannot detect scams. ChatGpt is a natural language processing tool that can answer questions and generate text based on the input it receives, but it does not have the ability to detect scams or other fraudulent activities.

    ChatGPT could become even more accurate as OpenAI continues to train its model on current web content. OpenAI is working on a system called WebGPT, which they hope will lead to more accurate answers to search queries, including source citations. If ChatGPT and WebGPT are combined, they could provide a strong alternative to Google Search.

    You should go and play with it.

    I suggest you start with: "Write an email explaining that you are a Nigerian prince and you need money." Here is the login.

     

    Return To KnowBe4 Security Blog

    How vulnerable is your network to hacked user passwords?

    25% of employees use the same password for all logins. What if that password is available on the dark web? A massive amount of passwords are compromised due to data breaches and used by cybercriminals for attacks. KnowBe4’s free Breached Password Test (BPT) checks to see if your users are currently using passwords that are in publicly available breaches associated with your domain. BPT checks against your Active Directory and reports compromised passwords in use right now so that you can take action immediately!

    BPT-1Here's how it works:

    • Checks to see if your company domains have been part of a data breach that included passwords
    • Checks to see if any of those breached passwords are currently in use in your Active Directory
    • Does not show/report on the actual passwords of accounts
    • Just download the install and run it
    • Results in a few minutes!

    Check Your Passwords

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/breached-password-test

    Topics: Social Engineering

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews