If you’ve noticed a spike in suspicious-looking emails in the last year or so, it might be partly due to one of our favorite AI chatbots – ChatGPT. According to cybersecurity firm SlashNext, ChatGPT and its AI cohorts are being used to pump out phishing emails at an accelerated rate. The report indicates that malicious phishing emails have increased by 1,265% – specifically credential phishing, which rose by 967% – since the fourth quarter of 2022.
Malicious actors are using generative artificial intelligence tools, such as ChatGPT, to compose polished and specifically targeted phishing messages. The report concludes that these AI-fueled threats are growing rapidly in volume and sophistication.
Phishing attacks averaged at 31,000 per day, and approximately half of the surveyed cybersecurity professionals reported receiving a business email compromise (BEC) attack. These attacks aim to defraud companies of finances. With the help of AI, cybercriminals can generate more convincing and persuasively worded messages, making their scam emails look increasingly legitimate.
SlashNext’s research highlights that cybercriminals are already utilizing tools like ChatGPT to enact these attacks. ChatGPT saw significant growth towards the end of last year, making it easier for both novices and experienced scammers to scale up and target their attacks.
The alarming findings from the cybersecurity firm align with the FBI’s Internet Crime Report, which states that BEC attacks have cost businesses around $2.7 billion, along with $52 million in losses due to other types of phishing.
To counter these attacks, cybersecurity experts and tech giants like Amazon, Google, Meta, and Microsoft have pledged to carry out testing to fight cybersecurity risks. Companies are also using AI defensively, improving their detection systems and filters. However, the continually evolving nature of these threats demands regular tests, audits, and a zero-trust strategy.
Individual users should also be more vigilant and report fraudulent emails. Ongoing end-user education and training, along with improved email filtering tools, can help prevent malicious messages from reaching users.
While the prevalence of AI-fueled phishing attacks may seem daunting, being cautious about the emails we click on and taking the time to verify their legitimacy can go a long way in protecting ourselves online. The online world can be a tricky mirror, but by staying informed and remaining alert, we can better navigate the threats posed by cybercriminals.
In the face of these emerging dangers, a collective effort from individuals, businesses, and tech companies is required to safeguard against phishing attacks and protect personal and professional information online.
