ChatGPT has literally revolutionized the digital world. The generative AI tool is capable of churning out content based on pretty much everything that is available under the sun.
However, with good comes the bad. And hence, the world is divided into two parts as of now- one that is elated about ChatGPT’s abilities, and the other which feels that ChatGPT is not efficient enough and can even be misused.
Phishing experts definitely belong to the first group!
They are happy with the generative AI’s ability to come up with phishing emails in no time.
And the best thing about these malicious emails is their convincing power.
The emails actually look legit, polished, and authentic.
A Massive Increase in Phishing Emails Since the Launch of ChatGPT!
These numbers are definitely concerning, and cybersecurity professionals blame generative AI for the same. They believe that threat actors have learned to weaponize ChatGPT in order to break straight into your bank accounts or computer systems.
What Makes ChatGPT and Other Generative AI Tools A Threat To Cybersecurity?
Remember those poorly formatted, misspelled emails that you tend to delete the moment they arrive in your inbox?
Remember the time when spelling mistakes, lack of sentence formation, and poor formatting were indicators of a potential phishing email?
That time is long gone, my friend!
Generative AI has turned the tables in favor of phishing actors.
AI tools like ChatGPT enable these threat actors to generate sophisticated, well-written, razor-focused, emotion-inciting phishing emails, which can easily convince naive users to click on the malicious links.
Image sourced from sangfor.com
Besides, the ability to write seamlessly in American English gives it a competitive edge as threat actors from non-American nations can easily leverage the AI tool to generate flawless phishing emails.
ChatGPT has undoubtedly proved to be a game changer for threat actors by enabling them to generate phishing emails that look convincing, error-free, and appealing. Cybersecurity professionals are worried about the ultimate amalgamation of ChatGPT, CaaS (Cybercrime-as-a-Service) economy, and easily accessible personal details such as passwords, usernames, etc, which the phishing actors can leverage and leave ravaging impacts.
Why Is ChatGPT a Serious Cause of Concern for Cybersecurity Professionals?
IBM and its team of ethical hackers conducted in-depth research where they A/B tested the convincing power of phishing emails written by humans and ChatGPT. The results are quite mind-boggling.
Have a look at what transpired:
- IBM’s chief people hacker, Stephanie Snow Carruthers, generated highly convincing phishing emails in just 5 minutes. And she used a mere 5 prompts to do so. Her team generally takes 16 hours to come up with a phishing email after closely studying the organization they wish to target. This means that ChatGPT has the power to save threat actors’ time.
- Although ChatGPT does not allow users to directly generate malware or phishing emails, but a few precise prompts here and there, and one can easily generate sophisticated malicious emails.
- IBM researchers A/B tested the experiment with 1400 employees of a healthcare company. Half of them received human-written phishing emails from IBM’s X-force team. The other half received a ChatGPT-generated phishing email.
- While 14% of the employees fell for the human-written phishing email, 11% of the employees fell prey to the ChatGPT-generated malicious email.
The accuracy of the AI-generated phishing email is indeed a cause of concern for cybersecurity professionals.
How to Prevent Getting Duped by ChatGPT-Generated Phishing Emails?
The only way to safeguard your sensitive information and personal data is to straightaway delete any and every email that seems like unsolicited correspondence. You can get in touch with the sender directly by getting their contact details from their official website.
Also, one must be extra-attentive while scrolling through their inbox as one wrong click or misclick can get your entire system hacked or private details compromised.
ChatGPT is indeed a boon for phishing actors, highlighting the urgency for enhanced email security measures. Cyber security professionals and generative AI tools need to come up together with something substantial to prevent phishing attacks. Deploying robust email authentication measures like SPF, DKIM, and DMARC becomes crucial in this collaborative effort to safeguard against potential threats.