ChatGPT Being Used By Phishers to Dupe Victims

ChatGPT is an artificial intelligence chatbot, backed by Microsoft, that has recently skyrocketed in popularity - users give the AI site a prompt and are met with a detailed response. The use of the site can be for a variety of things from educational discussion purposes, quick resume and cover letter writing, and coding help among many, many other useful reasons. This AI bot acts as both entertainment and helpful resource to a myriad of users, but an unexpected group of folks have started using this technology to conduct some less than savory business; phishers have begun using ChatGPT to help make their scams more realistic and believable. Not only this, but the software is being used to help less than skillful phishers embed malicious code in their messages to victims. 

A common way recipients of phishing emails are able to identify the scam messages is by looking at the body of the message, which is often riddled with grammatical errors and misspelled words. Through use of AI chatbot services such as ChatGPT, phishers are able to avoid such issues and dupe more individuals into thinking that the message they are receiving is legitimate. The quality of the emails being created by ChatGPT are far superior to what the malicious actors of the world are churning out today. This is obviously concerning as more and more people will believe that the emails are from real senders and will click on the malicious links that are often embedded in the correspondence (another telltale sign of a phishing attack). 

Not only can ChatGPT enable the bad guys to be able to overcome barriers like poor grammar or English being their second language, as is the case for many phishers, but because of the artificial intelligence component in the chatbot service, ChatGPT can learn how to mimic legitimate emails from known entities. If the malicious actors have access to a real message from a company, they can ask the AI chatbot to write an email in the style of or similar to the actual corporation’s usual email format. Though the phishers will not be able to say “write me a phishing email” as they are met with a warning that says that this is an unethical use of the service. 

To avoid falling for these more advanced phishing scams, be sure to be extra vigilant when you receive an email from an unknown sender. Also ensure that you are checking that the URLs are free from malicious content. Despite the help of ChatGPT, many phishing emails will still be easily identifiable because of the urgent demand for you to take some sort of action, often involved in clicking on the malicious link they have in the email itself. Beware any email that asks you to take quick action or else something bad will happen. If you receive an email you suspect to be phishing while at work, be sure to inform your IT security team immediately so that others at your company can be protected from falling for the scam.

Image by rawpixel.com for Freepik.

‍