Skip to content

Phishing scams generated from AI are the most dangerous yet

natural sounding, grammatically correct emails are fierce

Arthur Gaplanyan

AI Phishing

Have you played with emerging Artificial intelligence (AI) tools yet? At first, I was impressed with the artistic imaging people were creating with just descriptions, or even song lyrics. Then when Chat GPT hit the scene, everything changed forevermore. Talk about disruptive technology.

I’ve toyed with ChatGPT and it’s very creative and easy. I have seen times when it was wrong, but for an AI tool online it is amazing. Now the new Bing Search utilizes ChatGPT and apparently closes the gap from a new tech toy to an actual usable product.

Unfortunately, as AI becomes increasingly sophisticated and easily accessible, even cybercriminals are using it to benefit their lives. Phishing scams, which are attempts to trick people into giving away personal information such as login credentials or financial details, are becoming more dangerous thanks to AI.

Usually, the telltale giveaway of a phishing scam is the dramatically poor grammar and misspellings. Now that cybercriminals can easily throw their script into ChatGPT to correct it, or even just ask ChatGPT to write its own script for them, it’s becoming harder to spot fake emails.

The scams are getting more elaborate too. They may use natural language processing (NLP) technology to create email threads that make the phishing lure seem more plausible. NLP can analyze the writing style of an individual and mimic their tone and language, making it very believable.

AI can also be used to automate the process of phishing. By creating algorithms that analyze large amounts of data, scammers can identify potential targets and craft tailored messages that are more likely to succeed.

It’s clear that phishing scams are increasing in number and complexity, making them difficult to detect. The big issue right now is, basic security tools can’t spot these fakes.

Better tools are coming (and soon), you can be assured of it. This use of AI wasn’t unforeseen. In fact, it made our top 5 list of cyber threats to protect against in 2023. For now, we all must be on high alert and vigilant to protect ourselves.

We’ve always said that your first steps should always be caution with every email. Read them carefully. Look for any grammatical errors. Check the sender’s email address carefully. Always verify everything first before clicking on any link in an email.

That should always be rule number 1.

Regular security training is a good bonus too. While it doesn’t prevent any attack emails, it keeps security front and center so your team is less likely to fall for a scam.

Our 24/7 Security Monitoring can continually aggregate and analyze logs (email, among others) to better detect if a breach has occurred. Like we discussed last week, prevention is only part of a full security plan. Detection and Response is of equal importance.

If you have any questions about your security profile, reach out for a free IT review. We’d be glad to discuss your current and future options with no obligation.