It’s Official – Generative AI Has Made Phishing Emails Foolproof

It’s Official – Generative AI Has Made Phishing Emails FoolproofThe most basic use of tools like ChatGPT to script out professional-looking emails has all but eliminated improperly written content as an indicator of a potential phishing scam.

A recent article interviewing Brian Schnese, a senior risk consultant at insurance broker Hub International highlighted the transition from the misuse of generative AI as a means of crafting well-written phishing emails as a hypothetical to one that is now fully commonplace. “We’re already seeing it," Schnese commented.

“We’re in a world today where I can go to ChatGPT and type in, ‘please craft a request to my vendor asking them to change my wiring instructions,’ and it spits out a perfect request. [I can then go] back to ChatGPT and say, ‘please add a sense of urgency and stress the confidential nature of this transaction’ –and again, instantly, it’s perfect.”

This matched with the use of no-code automation to craft content means that cybercriminals can easily create spear phishing campaigns based on industry, victim role, and more, fine-tuning an attack without the need to do any manual work.

In other words, you can no longer assume the emails used for spear phishing attacks will have telltale signs – such as misspellings, poor grammar, etc. – that they are fake.

It also means that organizations are going to need to work to specifically elevate the vigilance of those users that interact with the company’s financials – something accomplished through continual security awareness training - so they are less likely to gloss over a phishing email and treat it as legitimate.

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Request A Demo: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

Request a Demo!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews