By now, you would have heard of or even used OpenAi's ChatGPT or an application driven by AI's power (artificial intelligence) chatbot that creates well-written text passages in any language. It has been classed as the AI tipping point as students utilise it to write essays, marketing departments use it to write campaigns, and it can even be used in software development. The possibilities are endless, which can cause implications.
One alarming implication of cyber threats is the increasing occurrence of phishing scams. These notorious schemes often pose as trustworthy sources, promising a sense of urgency that encourages victims to act quickly without scrutinising the authenticity of the source. (You can find out more information on this topic by clicking here)
Phishing emails are the most prominent mechanism that catches people out, as last year alone in England and Wales 50% of adults reported receiving a scam email, and businesses identified them to be the most common form of a cyber threat. So why will ChatGpt and other tools have implications in tackling phishing?
A significant way to spot if an email is a scam is if it is riddled with spelling and grammar mistakes. AI can avoid this easily due to the sophisticated way it writes information. You can ask the chatbot to write a full email in minutes. For example, enter, "write an email from a company director to its employees, urgent subject action required, new stock options plans announced. Urge employees to click on the attachment below." This will be beautifully written and Grammatically accurate with no errors. With AI phishing emails hackers can write them in other languages and use AI chatbots to translate them into perfect English and then go above and enhance them.
With hackers having to input a short description of what they want the email to say and target, the time taken to produce phishing emails is next to nothing. As of this, they do not need to spend that much time creating them, meaning they can produce more in a small amount of time. Due to this, be vigilant that this will overwhelm users, traditional email filtering systems and most security and IT departments.
The number of hackers will also rise as now nobody needs to be sophisticated to phish anymore with these tools. For example, a hacker can crawl your social media and put it into a chatbot, and it can create a tailor-made and believable email. IT can empower anyone to generate thousands of automated personalised emails ready to use in an attack.
User training against any attack is essential as humans form the last line of defence, whether on their personal information or the company they work for. Educating users on the latest phishing strategies, like ai phishing emails, will make them more aware and take their time before clicking links or attachments.
Silver Lining can help you and your employees stay educated on keeping themselves secure with our cyber security management. We can offer a wide range of tools, from Simulated phishing campaigns to see where a breach would happen and Security Awareness Training. To find out more, please hit the link below to our Cyber Security Management page.