The Dangers of AI-Driven Chat GPT Phishing Campaigns and How to Avoid Them

The modern cybercriminal is highly inventive in disrupting a business’s operations. They have access to various resources that help them execute cyberattacks, and that list grows daily as technology evolves. They were already successful in scamming 92% of organizations across the globe in 2022 using sophisticated techniques like creative phishing emails, spoofing, and fraudulent websites. Some even fell victim to phishing and social media fraud as well. Now bad actors have a new addition to their arsenal: ChatGPT phishing powered by artificial intelligence (AI).

• AI is revolutionary for cybercrime too:

Recently, AI-based technology has gained a lot of traction. AI-enabled tools and technologies can reduce workloads and eliminate mundane tasks, making them highly desirable for everyone. ChatGPT, for instance, is a large language model (LLM) that has helped millions of people maximize efficiency and quickly achieve their goals. Unfortunately, it has also helped cybercriminals launch attacks using new techniques like ChatGPT phishing.

On the flip side, as with many innovations built to better humankind’s way of life, some discover how something inherently designed for good can be leveraged for personal or malicious agendas. Cybercriminals also find AI-enabled tools very successful, and they’re using them to launch even more sophisticated, hard-to-detect cyberattacks. This change adds a new wrinkle to securing a business from cyberattacks.

• How AI assists cybercriminals:

Cybercriminals have already begun employing AI-based methodologies to launch cyberattacks and have, unfortunately, been effective in their attempts to exploit organizations. Even those criminals not exceptionally skilled in technical work like developing ransomware can launch cyberattacks using AI tools like ChatGPT for reference or support. Researchers have discovered that underground hacking teams frequently utilize OpenAI for its quick code generation and email writing capabilities. Research has shown that ChatGPT phishing emails are so well-orchestrated that employees find it difficult to discern from content written by a human.

AI technology like Chat GPT or GPT-3 has been a game-changer for bad actors, especially those specializing in phishing. Generative AI is lowering the barrier to entry into cybercrime by enabling threat actors to quickly and effectively launch sophisticated phishing messages and do the work needed to facilitate a ransomware attack easily. This technology, paired with the tools available in the Cybercrime-as-a-Service (CaaS) economy and the information like passwords readily available from initial access brokers (IAB) makes cybercrime easier – and that’s bad news for businesses.

• How does AI benefit cyber criminals?

AI enables cybercriminals to launch attacks quickly, use more sophisticated techniques and improve their effectiveness. These features make AI a beautiful technology for any cybercrime organization.

1. Flexible and adaptable for better accuracy:

Threat actors use new and continuously evolving AI techniques to scale and automate processes, like code generation, better to plan an attack for the highest chance of success. They can also improve on existing cyberattacks or create new ones. The power of automation empowers them to carry out large-scale cyberattacks without spending time manually building out algorithms. It speeds up detecting vulnerabilities or learning which employees are most susceptible to manipulation.

2. AI boosts evasion:

Not getting caught is an essential skill that not all cybercriminals possess. And considering information security professionals’ progress in developing cybersecurity measures, hackers need to be more evasive. Technologies such as machine learning (ML) allow cybercriminals to train AI systems to recognize and adapt to companies’ security solutions and practices, which spells trouble for IT teams everywhere. AI-powered attacks can learn and evolve from their interactions with defensive systems, constantly adapting their strategies to avoid detection and improve a cybercriminal’s success rate.

3. Upgrade a cybercrime group’s capability:

This particular upgrade any cybercriminal may achieve can prove to be incredibly resourceful. AI makes them more organized or systematic when determining or assessing targets. Threat actors can become highly efficient in surveillance and targeting. They can quickly develop and use sophisticated AI algorithms to analyze vast amounts of data, such as social media profiles and personally identifiable information (PII), to precisely identify potential victims. AI can also be used to deconstruct communication patterns amongst colleagues and management in an enterprise-wide network, fueling the creation of highly personalized, persuasive phishing and other similar targeted attacks. In this scenario, Chat GPT phishing is an attractive option because if a bad actor has plenty of data to feed to the algorithm, it is easy for them to obtain a tempting malicious message.

• Bad actors are using AI to compromise businesses via phishing:

GPT-3 phishing and other email-based cyberattacks have become commonplace with high success rates, and AI will only make them more successful. It’s only fair to assume that cybercriminals would seek to capitalize on an attack strategy that works. And powering their social engineering attacks with AI has increased their effectiveness.

Phishing emails:

Cybercriminals are constantly innovating new ways to supercharge their phishing campaigns, creating a whole library of more deceptive and indistinguishable emails that can fool the best of us. Case in point, an employee at FT Labs of the Financial Times who maintains significant technical expertise fell prey to a well-crafted phishing email, which resulted in a data breach for the organization. This case study displays how even those who otherwise maintain healthy cyber hygiene can become victims of a creative cybercriminal.

Due to AI’s intervention, developing countermeasures and relevant software to curtail the adverse effects of phishing emails has become quite a task. Numerous organizations have suffered significant financial losses after a successful phishing attack as customers lost faith in their ability to implement robust email security practices.

Phishing websites:

Another handy way cybercriminals leverage AI-driven tools revolves around automating the process of creating phishing websites. They can:

• Automate the creation and customization of phishing websites
• Make them appear authentic
• Increasing their chances of successfully tricking victims

Threat actors can take their website replicating skills to the next level using AI-driven techniques. They can nail genuine websites’ visual elements, layout, and content, increasing the chances of successfully scamming individuals. Cybersecurity professionals have their hands complete as the attention to detail in creating each of these phishing websites is exceptionally intricate.

Adopting the ‘fighting fire with fire’ concept, information security professionals also utilize AI technology to develop strategies and solutions to fend off cybercriminals. Generative AI helps analyze and detect patterns in phishing emails, identifying subtle indicators of fraudulent activity that human eyes can easily miss. When used in an email security solution, AI/ML helps that tool draw a clear distinction between legitimate and malicious communication. With the rapid evolution of cybercrime technology, companies need to have a plan to improve their email security with AI to stop ChatGPT phishing.

Fight back against all kinds of phishing, including AI-powered Chat GPT phishing, with an intense training program to ensure every employee knows the latest phishing techniques and is alert to danger. Robust email security that uses AI to spot and stop malicious messages is also a must-have.

Source: ID Agent