ChatGPT-Generated Phishing Emails Are Too Good to Be Ignored!

The support tickets we get after a spoofing incident all start the same way: ‘we didn’t know someone was sending email from our domain,’ says Vasile Diaconu, Operations Lead at DuoCircle. DMARC reporting would have caught it weeks earlier. The cost of monitoring is nothing compared to the cost of a successful impersonation attack.

_According to the FBI’s 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report

ChatGPT-Generated Phishing Emails Are Too Good to Be Ignored!

					<button title="Play" aria-label="Play Episode" aria-pressed="false" class="play-btn">
						

Play Episode

					</button>
					<button title="Pause" aria-label="Pause Episode" aria-pressed="false" class="pause-btn hide">
						

Pause Episode

					</button>
					


				

				

					<audio preload="none" class="clip clip-10359">
						<source src="https://media.mailhop.org/dmarcreport/images/2024/01/ChatGPT-Generated-Phishing-Emails-Are-Too-Good-to-.mp3">
					</audio>
					

						

					

					

						

							<button class="player-btn player-btn__volume" title="Mute/Unmute">
								

Mute/Unmute Episode

							</button>
							<button data-skip="-10" class="player-btn player-btn__rwd" title="Rewind 10 seconds">
								

Rewind 10 Seconds

							</button>
							<button data-speed="1" class="player-btn player-btn__speed" title="Playback Speed" aria-label="Playback Speed">1x</button>
							<button data-skip="30" class="player-btn player-btn__fwd" title="Fast Forward 30 seconds">
								

Fast Forward 30 seconds

							</button>
						

						

							<time class="ssp-timer">00:00</time>
							

/

							<!-- We need actual duration here from the server -->
							<time class="ssp-duration" datetime="PT0H2M44S">2:44</time>
						

					

				

			

								<nav class="player-panels-nav">
												<button class="subscribe-btn" id="subscribe-btn-10359" title="Subscribe">Subscribe</button>
																		<button class="share-btn" id="share-btn-10359" title="Share">Share</button>
										</nav>
						

	



		

						

				

					

					

				

				

					

																																																																								

					

						

RSS Feed

							<input value="https://dmarcreport.com/feed/podcast/dmarc-report" class="input-rss input-rss-10359" title="RSS Feed URL" readonly />
						

						<button class="copy-rss copy-rss-10359" title="Copy RSS Feed URL" aria-label="Copy RSS Feed URL"></button>
					

				

			

									

				

					

					

				

				

					

						Share						

					

						<a href="https://www.facebook.com/sharer/sharer.php?u=https://dmarcreport.com/blog/podcast/chatgpt-generated-phishing-emails-are-too-good-to-be-ignored/&t=ChatGPT-Generated Phishing Emails Are Too Good to Be Ignored!" target="blank" rel="noopener noreferrer" class="share-icon facebook" title="Share on Facebook">
							

						</a>
						<a href="https://twitter.com/intent/tweet?text=https://dmarcreport.com/blog/podcast/chatgpt-generated-phishing-emails-are-too-good-to-be-ignored/&url=ChatGPT-Generated Phishing Emails Are Too Good to Be Ignored!" target="blank" rel="noopener noreferrer" class="share-icon twitter" title="Share on Twitter">
							

						</a>
						<a href="https://media.mailhop.org/dmarcreport/images/2024/01/ChatGPT-Generated-Phishing-Emails-Are-Too-Good-to-.mp3" target="blank" rel="noopener noreferrer" class="share-icon download" title="Download" download>
							

						</a>
					

				

				

					

						Link						

					

						<input value="https://dmarcreport.com/blog/podcast/chatgpt-generated-phishing-emails-are-too-good-to-be-ignored/" class="input-link input-link-10359" title="Episode URL" readonly />
					

					<button class="copy-link copy-link-10359" title="Copy Episode URL" aria-label="Copy Episode URL" readonly=""></button>
				

				

					

						Embed						

					

						<input type="text" value='<blockquote class="wp-embedded-content" data-secret="bA02STBOnu"><a href="https://dmarcreport.com/blog/podcast/chatgpt-generated-phishing-emails-are-too-good-to-be-ignored/">ChatGPT-Generated Phishing Emails Are Too Good to Be Ignored!</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://dmarcreport.com/blog/podcast/chatgpt-generated-phishing-emails-are-too-good-to-be-ignored/embed/#?secret=bA02STBOnu" width="500" height="350" title=""ChatGPT-Generated Phishing Emails Are Too Good to Be Ignored!" - DMARC Report" data-secret="bA02STBOnu" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script>

/*! This file is auto-generated / !function(d,l){“use strict”;l.querySelector&&d.addEventListener&&“undefined”!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll(‘iframe[data-secret=”‘+t.secret+’”]’),o=l.querySelectorAll(‘blockquote[data-secret=”‘+t.secret+’”]’),c=new RegExp(“^https?:$”,“i”),i=0;i<o.length;i++)o[i].style.display=“none”;for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(“style”),“height”===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):“link”===t.message&&(r=new URL(s.getAttribute(“src”)),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(“message”,d.wp.receiveEmbedMessage,!1),l.addEventListener(“DOMContentLoaded”,function(){for(var e,t,s=l.querySelectorAll(“iframe.wp-embedded-content”),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(“data-secret”))||(t=Math.random().toString(36).substring(2,12),e.src+=”#?secret=“+t,e.setAttribute(“data-secret”,t)),e.contentWindow.postMessage({message:“ready”,secret:t},"")},!1)))}(window,document); //# sourceURL=https://dmarcreport.com/wp-includes/js/wp-embed.min.js ’ title=“Embed Code” class=“input-embed input-embed-10359” readonly/>

					<button class="copy-embed copy-embed-10359" title="Copy Embed Code" aria-label="Copy Embed Code"></button>
				

			

				

ChatGPT has literally revolutionized the digital world. The generative AI tool is capable of churning out content based on pretty much everything that is available under the sun.

However, with good comes the bad. And hence, the world is divided into two parts as of now- one that is elated about ChatGPT’s abilities, and the other which feels that ChatGPT is not efficient enough and can even be misused.

Phishing experts definitely belong to the first group!

They are happy with the generative AI’s ability to come up with phishing emails in no time.

And the best thing about these malicious emails is their convincing power. The emails actually look legit, polished, and authentic .

A Massive Increase in Phishing Emails Since the Launch of ChatGPT!

The Q4 2022 witnessed a mammoth 1000% increase in malicious phishing messages. Surveys indicate a monumental increase of 1265% in phishing emails.

Cybercrime experts have explicitly indicated that generative AI tools like ChatGPT as being responsible for this gigantic leap in numbers.

These numbers are definitely concerning, and cybersecurity professionals blame generative AI for the same. They believe that threat actors have learned to **weaponize ChatGPT in order to break straight into your bank accounts or computer systems.

What Makes ChatGPT and Other Generative AI Tools A Threat To Cybersecurity?

Remember those poorly formatted, **misspelled emails that you tend to delete the moment they arrive in your inbox?

Remember the time when spelling mistakes, lack of sentence formation, and poor formatting were indicators of a potential phishing email?

That time is long gone, my friend!

Generative AI has turned the tables in favor of phishing actors.

AI tools like ChatGPT enable these threat actors to generate sophisticated, well-written, razor-focused, emotion-inciting phishing emails, which can **easily convince naive users to click on the malicious links.

Besides, the ability to write seamlessly in American English gives it a **competitive edge as threat actors from non-American nations can easily leverage the AI tool to generate flawless phishing emails.

ChatGPT has undoubtedly proved to be a game changer for threat actors by enabling them to generate phishing emails that look convincing, error-free, and appealing. Cybersecurity professionals are worried about the ultimate amalgamation of ChatGPT, CaaS (Cybercrime-as-a-Service) economy, and easily accessible personal details such as passwords, usernames, etc, which the phishing actors can leverage and leave ravaging impacts.

Why Is ChatGPT a Serious Cause of Concern for Cybersecurity Professionals?

IBM and its team of ethical hackers conducted in-depth research where they A/B tested the convincing power of phishing emails written by humans and ChatGPT. The results are quite mind-boggling.

Have a look at what transpired:

• IBM’s chief people hacker, Stephanie Snow Carruthers, generated highly convincing phishing emails in just 5 minutes. And she used a mere 5 prompts to do so. Her team **generally takes 16 hours to come up with a phishing email after closely studying the organization they wish to target. This means that ChatGPT has the power to save threat actors’ time.

• Although ChatGPT does not allow users to directly generate malware or phishing emails, but a few precise prompts here and there, and one can easily generate sophisticated malicious emails.

• IBM researchers A/B tested the experiment with 1400 employees of a healthcare company. Half of them received human-written phishing emails from IBM’s X-force team. The other half received a ChatGPT-generated phishing email.

• While 14% of the employees fell for the human-written phishing email, 11% of the employees fell prey to the ChatGPT-generated malicious email.

The accuracy of the AI-generated phishing email is indeed a **cause of concern for cybersecurity professionals.

How to Prevent Getting Duped by ChatGPT-Generated Phishing Emails?

The only way to safeguard your sensitive information and personal data is to straightaway delete any and every email that seems like unsolicited correspondence. You can get in touch with the sender directly by getting their contact details from their official website.

Also, one must be **extra-attentive while scrolling through their inbox as one wrong click or misclick can get your entire system hacked or private details compromised.

ChatGPT is indeed a boon for phishing actors , highlighting the urgency for enhanced email security measures. Cyber security professionals and generative AI tools need to come up together with something substantial to prevent phishing attacks. Deploying robust email authentication measures like SPF, DKIM, and DMARC becomes crucial in this collaborative effort to safeguard against potential threats.