NEW AI technology has strengthened the effectiveness of scammers’ email attacks.
Generative AI tools are leading to more refined and sophisticated email phishing attacks according to a report recently released by a global email security company.
The fears that email security experts have had about the possibilities of AI-generated email attacks since ChatGPT has become popularly used are being revealed as a report from Abnormal Security noted.
The cybersecurity company has reportedly stopped a number of attacks recently that contain fluid language suspected to be written by AI.
“High-end threat actors have always used artificial intelligence,” Abnormal’s head of machine learning, Dan Shiebler said in the report.
“Generative AI isn’t a big deal for them because they already had access to tools to enable these kinds of attacks.”
Generative AI commoditizes sophisticated attacks “so we will see more of them,” he told TechNewsWorld.
He added: “The release of ChatGPT was a consumer milestone, but the release of GPT3 in 2020 enabled threat actors to use AI in email attacks.”
Email attackers are adopting AI tech to make better Business Email Compromise (BEC) scams and develop more effective BEC attack kits.
The BEC campaign kits that allow attackers to empty your bank in seconds are then sold on the dark web, CEO of Hoxhunt, a provider of enterprise security awareness solutions told TechNewsWorld.
“According to our own research, human social engineers are still better at crafting phishing emails than large language models, but that gap is closing,” he said.
“Hackers are improving at prompt engineering and circumventing guardrails against the misuse of ChatGPT for BEC campaigns.”
Generative AI tools increase the effectiveness of phishing schemes, especially those initiated outside the United States.
“Many email attacks originate outside the U.S. by non-native speakers,” co-founder of Cor, which is an Israel-based cybersecurity company
“Resulting in emails with obvious grammatical issues and unusual tone of voice, which trigger suspicion by the recipient,” he explained.
“Generative AI allows the sender to create a customized, conversational, extremely credible email that would trigger no suspicion, resulting in more users falling into the trap,” he told TechNewsWorld.
“Proper context and grammar make the content more believable and less likely to be suspicious to the user, ” James McQuiggan, who’s a security awareness advocate at security awareness training provider, KnowBe4, chimed in.
He even said: “Generative AI can pull information from the internet about an organization to create a targeted or more believable spear phishing campaign.”