Researchers have warned that cybercriminals are using ChatGPT to generate extremely persuasive phishing emails; how can internet users identify these scams?
Norton, a cybersecurity company, warned that criminals are using artificial intelligence (AI) tools such as ChatGPT to construct “lures” to rob victims.
SCROLL DOWN FOR THE GUIDE
According to a report in New Scientist, the use of ChatGPT to generate emails could reduce cybercrime organizations’ expenses by as much as 96%.
Julia O’Toole, CEO of Mycena Security Solutions, warns that ChatGPT also eliminates the language barrier for cybercriminal gangs worldwide.
O’Toole stated that there are still methods to identify phishing emails generated by AI tools, but the technology makes it significantly more difficult.
She stated: “Since email scams first appeared in inboxes, phishing has advanced significantly, but a lack of proficiency in language and culture has been a major obstacle for fraudsters, who have struggled to make their emails appear authentic.
While they were still able to deceive unsuspecting victims, many internet users were able to recognize the counterfeit and delete it.
But those days have passed, she stated.
According to O’Toole, ChatGPT is currently the “hottest topic” on the dark web as cybercriminals figure out how to use it to defraud victims.
There are safeguards incorporated into ChatGPT designed to prevent its use in scams, but criminals are figuring out how to circumvent them.
The quality and quickness of ChatGPT’s execution make it a potent productivity hack, according to her.
With it, criminals can now proliferate complex phishing campaigns and generate emails more quickly and with higher success rates.
O’Toole warns that ChatGPT’s ability to generate accurate content allows it to effectively impersonate anyone, and that AI tools that can access internet content could be a “weapon of cyber mass destruction.”
She stated, “Hackers can use ChatGPT to deceive users into divulging their usernames and passwords for online accounts, or into sending money or disclosing personal information to criminals under the guise that it is for legitimate reasons.”
She warned that cybercriminals can use complex prompts to gather the information necessary to construct a “tailored” cyber attack.
When perpetrators use ChatGPT, no cultural barriers exist. When the target receives an email from their “apparent” bank or CEO, the email contains no linguistic red flags.
The email’s tone, context, and motivation for a bank transfer provide no evidence that it is a fraud.
Since its introduction in November 2022, ChatGPT has fascinated cybercriminals.
On infamous cybercrime forums, users have discussed using the bot to create malware and even new dark web marketplaces for the sale of stolen credit cards and other illicit products.
Numerous fake ChatGPT applications harvest user data, and BitDefender discovered a phishing scam in which users were directed to a fake ChatGPT to harvest bank account information.
Norton, a cybersecurity vendor, warned that phishing emails are only the tip of the iceberg and that cybercriminals could use ChatGPT or similar software to construct entirely fake chatbots to scam money from internet users.
According to the analytics firm SimilarWeb, ChatGPT averaged 13 million users per day in January, making it the app with the most rapid user growth in history.
TikTok reached 100 million users approximately nine months after its global launch, while Instagram required more than two years.
Late in November, OpenAI, a private company sponsored by Microsoft Corp, made ChatGPT freely accessible to the public.
Five methods to identify fraudulent emails generated by AI
The CEO of Mycena Security Solutions, Julia O’Toole, asserts that it is significantly more difficult to detect fraudulent emails generated by ChatGPT than those generated by humans.
Here are five methods to identify a fraudulent email:
Check the email address by hovering over it
O’Toole says that on a PC, you can “hover” your mouse over a “Contact Us” link to see where your email is traveling.
If you receive a dubious email, hover over the sender’s email address and verify that it comes from the expected domain (website address).
Even with the sophistication of ChatGPT, phishers continue to use the same email addresses, so if it appears suspicious, it probably is.
Keeping the context in mind
If your bank or another institution contacts you urgently requesting information, you should be on high alert.
Consider the situation; why do they need this information? Why right now?
According to O’Toole, banks and security-conscious institutions avoid placing customers in situations where confidential information is requested immediately.
Avoid hyperlinks
Embedding hyperlinks to bank websites in an email may seem like a simple solution, but a legitimate bank will also allow you to call.
If you receive an email requesting personal information, never click on the link, according to O’Toole. First, verify its authenticity.
For instance, if your bank contacts you via email requesting personal information, you should ring up and call the bank using the number listed on their website.
Pay close attention to the art
ChatGPT may be able to generate unambiguous copies, but criminal organizations will be unable to access the correct digital assets.
This means that everything from page headers to links that you’re prompted to open may appear incorrect.
O’Toole states, “Attackers frequently copy and paste images of a company directly from the Internet, which distorts the image and makes it appear faded or out of focus.” Poor-quality images or artwork in an email may also indicate that it is a phishing attempt.
Compare every email with the official website.
O’Toole warns that while ChatGPT excels at generating text, it has trouble with the subtler details that could indicate a malicious email.
She advises, “When you receive a suspicious email, visit the apparent sender’s website directly.” Are there phrases or logos that they frequently employ in their communications? Are these particulars contained in the email?’
If something appears suspicious, it likely is.
