Skip to content

Analysis: Will ChatGPT’s Perfect English Change the Game For Phishing Attacks?

Nobody predicted how rapidly AI chatbots would change perceptions of what is possible, and some worry how it might improve phishing attacks. ChatGPT, which was launched in November 2022, is a prime example of the game-changing abilities of AI in this area. It offers attackers the ability to write a phishing email with flawless official-sounding prose, as well as the possibility of mimicking the email writing style of someone’s boss or colleague. For Business Email Compromise (BEC), it offers the possibility of engaging targets in lengthy back and forth conversations, slowly building their trust before sending malicious attachments or links. Finally, AI chatbots could be used to automate the normally laborious process of collecting public domain intelligence on targets, including their systems and the people who manage them.

These changes to the threat landscape mean that organizations must step up their cyber security awareness training to ensure that their employees can distinguish good from bad emails. This training should be tailored to the individual, as the task of distinguishing malicious emails from genuine ones will become increasingly difficult.

Key Points:
• AI chatbots offer attackers the ability to write phishing emails with flawless grammar and official-sounding prose.
• ChatGPT can also be used to mimic the email writing style of someone’s boss or colleague.
• Business Email Compromise (BEC) attacks can use AI to engage targets in lengthy conversations, building trust before sending malicious attachments or links.
• AI chatbots can be used to automate the process of collecting public domain intelligence on targets.
• Cyber security awareness training must be tailored to the individual in order to help them distinguish malicious emails from genuine ones.

Leave a Reply

Your email address will not be published. Required fields are marked *