Generative AI Used to Launch Phishing Attacks

AI CyberattacksCriminal threat actors are increasingly utilizing generative AI tools like ChatGPT to launch social engineering attacks, according to researchers at Check Point.

“Malicious spam is one of the oldest illicit services found on underground cybercrime forums,” the researchers write. “Spam is the most common initial vector for various attack scenario objectives such as phishing and credential harvesting, malware distribution, scams/fraud, etc. One spam service was launched in November 2023 by a reputable threat actor who claims over 15 years of criminal experience. After receiving positive feedback on his service, he proceeded to make his spam services AI-powered, specifically by ChatGPT."

"Using ChatGPT helped randomize the spam text and created a higher rate of success that the spam email would reach the victim’s inbox. As one customer of this service said, the AI-driven spam service helped him bypass anti-spam and anti-phishing controls of popular webmail services and achieved a 70% successful delivery rate to the targeted email address.”

Criminals are also using generative AI tools to bypass Know Your Customer (KYC) verification procedures.

“KYC plays a crucial role in retrieving access to an account in case the legitimate owner is unable to use traditional methods like password reset,” Check Point explains.

“This typically involves providing valid identification documents, such as a government-issued ID, passport, or driver’s license, along with additional verification steps like a photo with a document. A whole underground market exists with shady services such as creating images of fake documents for verification. Previously, this kind of cybercrime job was done mostly by manually manipulating relevant images. Now, however, one of the KYC darkweb services vendors said that with the advent of artificial intelligence, he had recently integrated AI technology that significantly sped up the process of creating fake verification documents without sacrificing quality.”

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Check Point has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews