Phishing Scammers are Using Artificial Intelligence To Create Perfect Emails

Phishing Scammers Use AIPhishing attacks have always been detected through broken English, but now generative artificial intelligence (AI) tools are eliminating all those red flags. OpenAI ChatGPT, for instance, can fix spelling mistakes, odd grammar, and other errors that are common in phishing emails.

This advancement in AI technology has made it easier for even amateur hackers to analyze vast amounts of publicly available data about their targets and create highly personalized and convincing emails within seconds. These emails can be tailored to mimic the writing style of the target's loved ones or friends, making them difficult to distinguish from legitimate communication.

Abnormal Security, an email security company, observed phishing attacks using generative AI platforms. These emails are perfectly crafted and look legitimate, making them tricky to detect at first glance. The power of generative AI lies in its ability to scrape the web for personal information about a person and use it to tailor tempting emails.

While ChatGPT and similar models have built-in protections against creating malicious content, many open-source large language models lack safeguards. Hackers can license models capable of generating malware and sell them on darknet forums.

The future of AI-powered attacks is a growing concern for cybersecurity experts. AI technology has been used to create deepfakes and simulate speech, making hybrid attacks involving email, voice, and video an approaching reality. The true threat lies in AI's potential to conceive new attack methods that current systems are unable to detect.

To stay ahead of the game, some cybersecurity companies are using proprietary large language models to generate phishing emails for security awareness training. Defensive AI systems will be crucial in combating AI-powered attacks, but the challenge lies in AI's ability to generate convincing attacks at scale.

As the world becomes increasingly reliant on generative AI, corporate security practices must adapt. Improving employee training and awareness on phishing is essential, and networks should be carefully segregated to mitigate potential damage caused by hackers.

Generative AI has undoubtedly transformed the phishing scene, but it has also compelled cybersecurity companies to integrate AI into their defense strategies. The battle against AI-powered attacks will persist as organizations strive to keep up with the evolving threat.

James Rundle has the full story in the Wall Street Journal.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews