---
title: "ChatGPT-Generated Phishing Emails Are Too Good to Be Ignored! | DMARC Report"
description: "ChatGPT-Generated Phishing Emails Are Too Good to Be Ignored! from DMARC Report explains practical steps for email authentication, domain protection."
image: "https://dmarcreport.com/og/blog/chatgpt-generated-phishing-emails-are-too-good-to-be-ignored.png"
canonical: "https://dmarcreport.com/blog/chatgpt-generated-phishing-emails-are-too-good-to-be-ignored/"
---
Quick Answer
\_According to the FBI's 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report ChatGPT-Generated Phishing Emails Are Too Good to Be Ignored!
Related: [Free DMARC Checker](/tools/dmarc-checker/)
Share
[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fchatgpt-generated-phishing-emails-are-too-good-to-be-ignored%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=ChatGPT-Generated%20Phishing%20Emails%20Are%20Too%20Good%20to%20Be%20Ignored!&url=undefined%2Fblog%2Fchatgpt-generated-phishing-emails-are-too-good-to-be-ignored%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fchatgpt-generated-phishing-emails-are-too-good-to-be-ignored%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fchatgpt-generated-phishing-emails-are-too-good-to-be-ignored%2F&title=ChatGPT-Generated%20Phishing%20Emails%20Are%20Too%20Good%20to%20Be%20Ignored! "Share on Reddit") [ ](mailto:?subject=ChatGPT-Generated%20Phishing%20Emails%20Are%20Too%20Good%20to%20Be%20Ignored!&body=Check out this article: undefined%2Fblog%2Fchatgpt-generated-phishing-emails-are-too-good-to-be-ignored%2F "Share via Email")
> The support tickets we get after a spoofing incident all start the same way: ‘we didn’t know someone was sending email from our domain,’ says Vasile Diaconu, Operations Lead at DuoCircle. DMARC reporting would have caught it weeks earlier. The cost of monitoring is nothing compared to the cost of a successful impersonation attack.
\_According to the [FBI’s 2022 Internet Crime Report (IC3)](https://www.ic3.gov/Media/PDF/AnnualReport/2022IC3Report.pdf), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report
ChatGPT-Generated Phishing Emails Are Too Good to Be Ignored!
```
```
/
```
```
RSS Feed
```
Share
Link
Embed
```
/\*! This file is auto-generated \*/ ’ title=“Embed Code” class=“input-embed input-embed-10359” readonly/>
```
```
ChatGPT has literally revolutionized the **digital world**. The [generative AI](https://dmarcreport.com/blog/how-generative-ai-amplifies-hyper-realistic-phishing-attacks/) tool is capable of churning out content based on pretty much everything that is available under the sun.
However, with good comes the bad. And hence, the world is divided into two parts as of now- one that is elated about **ChatGPT’s abilities**, and the other which feels that ChatGPT is not efficient enough and can even be misused.
Phishing experts definitely belong to the first group!
They are happy with the [generative AI’s ability to come up with phishing emails](https://news.abs-cbn.com/business/01/23/24/tsunami-of-ai-powered-phishing-scams-forecast-in-2024) in no time.
And the best thing about these malicious emails is their **convincing power**. The emails actually look legit, polished, and authentic .
## A Massive Increase in Phishing Emails Since the Launch of ChatGPT!
The Q4 2022 witnessed a mammoth [1000% increase ](https://www.securitymagazine.com/articles/100067-report-shows-1265-increase-in-phishing-emails-since-chatgpt-launched#:~:text=New%20research%20shows%20significant%20increase,straining%20corporate%20IT%20security%20teams)in malicious phishing messages. Surveys indicate a monumental increase of [1265%](https://www.securitymagazine.com/articles/100067-report-shows-1265-increase-in-phishing-emails-since-chatgpt-launched#:~:text=New%20research%20shows%20significant%20increase,straining%20corporate%20IT%20security%20teams) in phishing emails.
Cybercrime experts have explicitly indicated that [generative AI ](https://www.theguardian.com/technology/2024/jan/24/ai-scam-emails-uk-cybersecurity-agency-phishing)[t](https://www.theguardian.com/technology/2024/jan/24/ai-scam-emails-uk-cybersecurity-agency-phishing)[ools like ChatGPT](https://www.theguardian.com/technology/2024/jan/24/ai-scam-emails-uk-cybersecurity-agency-phishing) as being responsible for this **gigantic leap in numbers**.
These numbers are definitely concerning, and [cybersecurity](https://dmarcreport.com/blog/how-to-educate-or-train-employees-on-cybersecurity/) professionals blame generative AI for the same. They believe that [threat actors](https://www.forbes.com/sites/forbestechcouncil/2023/10/16/generative-ai-is-the-next-tactical-cyber-weapon-for-threat-actors/?sh=1bc869f92fe9) have learned to \*\*weaponize ChatGPT in order to break straight into your bank accounts or computer systems.
## What Makes ChatGPT and Other Generative AI Tools A Threat To Cybersecurity?
Remember those poorly formatted, \*\*misspelled emails that you tend to delete the moment they arrive in your inbox?
Remember the time when spelling mistakes, lack of sentence formation, and poor formatting were [indicators of a potential phishing email](https://www.keepersecurity.com/blog/2023/08/09/what-are-common-indicators-of-a-phishing-attempt/)?
That time is long gone, my friend!
Generative AI has turned the tables in favor of phishing actors.
AI tools like [ChatGPT enable these threat actors to generate sophisticated, well-written, razor-focused, emotion-inciting phishing emails](https://www.technewsworld.com/story/gen-ai-fueling-surge-of-sophisticated-email-attacks-178405.html), which can \*\*easily convince naive users to click on the malicious links.
Besides, the ability to write seamlessly in American English gives it a \*\*competitive edge as threat actors from non-American nations can easily leverage the AI tool to generate flawless phishing emails.
_ChatGPT has undoubtedly proved to be a game changer for threat actors by enabling them to generate phishing emails that look convincing, **error-free, and appealing**_. Cybersecurity professionals are worried about the ultimate amalgamation of ChatGPT, [CaaS (Cybercrime-as-a-Service)](https://heimdalsecurity.com/blog/what-is-cybercrime-as-a-service-caas/) economy, and easily accessible personal details such as passwords, usernames, etc, which the phishing actors can leverage and leave ravaging impacts.
## Why Is ChatGPT a Serious Cause of Concern for Cybersecurity Professionals?
IBM and its team of [ethical hackers](https://www.synopsys.com/glossary/what-is-ethical-hacking.html#:~:text=Also%20known%20as%20%E2%80%9Cwhite%20hats,is%20opposite%20from%20malicious%20hacking.) conducted in-depth research where they [A/B tested the convincing power of phishing emails](https://www.csoonline.com/article/656698/generative-ai-phishing-fears-realized-as-model-develops-highly-convincing-emails-in-5-minutes.html) written by humans and ChatGPT. The results are quite mind-boggling.
Have a look at what transpired:
- IBM’s chief people hacker, Stephanie Snow Carruthers, generated highly convincing phishing emails **in just 5 minutes**. And she used a mere 5 prompts to do so. Her team \*\*generally takes 16 hours to come up with a phishing email after closely studying the organization they wish to target. This means that ChatGPT has the power to save threat actors’ time.
- Although ChatGPT does not allow users to directly [generate malware](https://www.linkedin.com/pulse/how-hackers-use-artificial-intelligence-create-malware-martin-lutz) or phishing emails, but a few precise prompts here and there, and one can easily generate sophisticated malicious emails.
- IBM researchers A/B tested the experiment with 1400 employees of a healthcare company. Half of them received human-written phishing emails from **IBM’s X-force team**. The other half received a ChatGPT-generated phishing email.
- While 14% of the employees fell for the human-written phishing email, 11% of the employees fell prey to the [ChatGPT-generated malicious email](https://www.cnbc.com/2023/11/28/ai-like-chatgpt-is-creating-huge-increase-in-malicious-phishing-email.html#:~:text=Technology%20Executive%20Council-,AI%20tools%20such%20as%20ChatGPT%20are%20generating,increase%20in%20malicious%20phishing%20emails&text=Since%20the%20fourth%20quarter%20of,report%20by%20cybersecurity%20firm%20SlashNext.).
The accuracy of the AI-generated phishing email is indeed a \*\*cause of concern for cybersecurity professionals.
## How to Prevent Getting Duped by ChatGPT-Generated Phishing Emails?
_The only way to safeguard your sensitive information and personal data is to straightaway delete any and every email that seems like unsolicited correspondence_. You can get in touch with the sender directly by getting their contact details from their **official website**.
Also, one must be \*\*extra-attentive while scrolling through their inbox as one wrong click or misclick can get your entire [system hacked](https://medium.com/@zapbroob9/what-is-system-hacking-ddc51c8b4849) or private details compromised.
ChatGPT is indeed a boon for phishing actors , highlighting the urgency for enhanced [email security](https://dmarcreport.com/blog/why-email-security-matters-and-how-to-get-it-right/) measures. Cyber security professionals and generative AI tools need to come up together with something substantial to [prevent phishing](https://dmarcreport.com/blog/phishing-smishing-vishing-everything-you-need-to-know/) attacks. Deploying robust [email authentication](https://dmarcreport.com/blog/spf-vs-dkim-vs-dmarc-difference-explained-2026/) measures like [SPF](https://dmarcreport.com/what-is-spf/), [DKIM](https://dmarcreport.com/what-is-dkim/), and [DMARC](https://dmarcreport.com/) becomes crucial in this collaborative effort to s**afeguard against potential threats**.
## Topics
[ DMARC ](/tags/dmarc/)[ email security ](/tags/email-security/)[ News ](/tags/news/)
[ Brad Slavin ](/authors/brad-slavin/)
General Manager
Founder and General Manager of DuoCircle. Product strategy and commercial lead for DMARC Report's 2,000+ customer base.
[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin)
## Take control of your DMARC reports
Turn raw XML into actionable dashboards. Start free - no credit card required.
[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/)
## Related Articles
[ Foundational 4m Akira flaunts victims, Idaho targets orthodontist, AI granny protects Nov 22, 2024 ](/blog/akira-flaunts-victims-idaho-targets-orthodontist-ai-granny-protects/)[ Foundational 4m Alternatives to DMARCLY's Blog Section for Learning About Email Authentication and DMARC Nov 6, 2023 ](/blog/alternatives-to-dmarclys-blog-section-for-learning-about-email-authentication-and-dmarc/)[ Foundational 4m Ambient Light Spying, Cybersecurity Prices Drop, Euro 2024 Threats Jul 10, 2024 ](/blog/ambient-light-spying-cybersecurity-prices-drop-euro-2024-threats/)[ Foundational 4m Banks Drop OTPs, Major Cyber Heist, Spying Spouses Arrested Jul 18, 2024 ](/blog/banks-drop-otps-major-cyber-heist-spying-spouses-arrested/)
```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```
```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```
```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"ChatGPT-Generated Phishing Emails Are Too Good to Be Ignored!","description":"ChatGPT-Generated Phishing Emails Are Too Good to Be Ignored! from DMARC Report explains practical steps for email authentication, domain protection.","url":"https://dmarcreport.com/blog/chatgpt-generated-phishing-emails-are-too-good-to-be-ignored/","datePublished":"2024-01-24T14:01:13.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2024-01-24T14:01:13.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://dmarcreport.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/chatgpt-generated-phishing-emails-are-too-good-to-be-ignored/"},"articleSection":"foundational","keywords":"DMARC, email security, News","wordCount":1085,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"ChatGPT-Generated Phishing Emails Are Too Good to Be Ignored!","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```
```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"ChatGPT-Generated Phishing Emails Are Too Good to Be Ignored!","item":"https://dmarcreport.com/blog/chatgpt-generated-phishing-emails-are-too-good-to-be-ignored/"}]}
```