Criminal threat actors are increasingly utilizing generative AI tools like ChatGPT to launch social engineering attacks, according to researchers at Check Point.
“Malicious spam is one of the oldest illicit services found on underground cybercrime forums,” the researchers write. “Spam is the most common initial vector for various attack scenario objectives such as phishing and credential harvesting, malware distribution, scams/fraud, etc. One spam service was launched in November 2023 by a reputable threat actor who claims over 15 years of criminal experience. After receiving positive feedback on his service, he proceeded to make his spam services AI-powered, specifically by ChatGPT."
"Using ChatGPT helped randomize the spam text and created a higher rate of success that the spam email would reach the victim’s inbox. As one customer of this service said, the AI-driven spam service helped him bypass anti-spam and anti-phishing controls of popular webmail services and achieved a 70% successful delivery rate to the targeted email address.”
Criminals are also using generative AI tools to bypass Know Your Customer (KYC) verification procedures.
“KYC plays a crucial role in retrieving access to an account in case the legitimate owner is unable to use traditional methods like password reset,” Check Point explains.
“This typically involves providing valid identification documents, such as a government-issued ID, passport, or driver’s license, along with additional verification steps like a photo with a document. A whole underground market exists with shady services such as creating images of fake documents for verification. Previously, this kind of cybercrime job was done mostly by manually manipulating relevant images. Now, however, one of the KYC darkweb services vendors said that with the advent of artificial intelligence, he had recently integrated AI technology that significantly sped up the process of creating fake verification documents without sacrificing quality.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Check Point has the story.
