Published: March 02, 2024 on our newsletter Security Fraud News & Alerts Newsletter.
In this era of AI (artificial intelligence), cybercriminals have adopted this evolving technology to their benefit. Since ChatGPT's release less than two years ago, there's been an alarming surge in phishing emails. With hackers taking these attacks to the next level, they can easily deceive unsuspecting users.
AI and ChatGPT
If you still don’t quite know what ChatGPT is all about, it’s an AI chatbot able to create human-like conversations using generative AI (GenAI). With input from a human, which could be a hacker, ChatGPT creates convincing, personalized phishing emails able to trick even the most cyber-savvy user. With this tool at their command, phishing messages are highly targeted emails appearing to be from legitimate sources, whether work-related or personal. The potential to scam victims into acting on a phishing email is now as easy as 1-2-3.
Email Phishing by Volume
Since we are focused on cybersecurity, we will talk about that. Though, anyone can find use for ChatGPT. However, with input from a hacker, ChatGPT greatly increases the volume of phishing attacks. According to SlashNext, there's been a 1,265% jump in email phishing using ChatGPT. Hackers can supercharge the amount of phishing they send that are often socially engineered attacks that specifically target victims. From easily sending thousands of phishing emails, it only takes one to go for the bait.
Credential Phishing and BEC Are Soaring
According to SlashNext, credential phishing is also booming with ChatGPT, up 967%. Thieves go after your PII by posing as a trusted co-worker, friend, or group. What they're looking to steal is your password, username, and other PII they can use for more cybercrimes.
BEC (business email compromise) attacks are also sharply on the rise. According to the FBI, BECs are a $59 billion a year scam and growing. The goal of a BEC is to impersonate a higher-up or other trusted source in an email in order to steal money. A BEC tricks an employee into depositing funds into the hacker’s account.
Fighting Back
Even with help from ChatGPT, users can still protect themselves with a few phishing red flags.
Always verify the sender before taking any actions, including clicking on links or attachments.
If you get an email you use for important accounts sent to another email account, it's surely phishing.
If an email pressures you to act fast, like a problem with an account, go directly to the true account to verify it's real, and never use contact information in the email since it could be a hacker set-up.
Be wary of generic greetings, misspellings, and grammatical errors.
Use common sense. If you have any second thoughts about an email, it's better off deleted.
AI is a double-edged sword capable of doing remarkable things while also being abused in the online world. So, stay cyber-smart, trust your instincts and look for those phishing red flags.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com