A cybersecurity expert at Hub International, an insurance broker, recently commented that generative AI is already being used in phishing attempts:
“We’re in a world today where I can go to ChatGPT and type in, ‘please craft a request to my vendor asking them to change my wiring instructions’, and it spits out a perfect request. [I can then go] back to ChatGPT and say, ‘please add a sense of urgency and stress the confidential nature of this transaction’ –and again, instantly, it’s perfect.”
AI’s phishing influence – ‘we’re already seeing it’
These are two good and specific examples of the trend we analyzed in our recent research – The Role of AI in Email Security – where survey respondents indicated they were seeing an increase in AI being leveraged in the email attacks against their organizations.
The implication is that the characteristics we’ve trained people to rely on for identifying email scams are now fewer – such as poor grammar, cultural missteps, and spelling mistakes. Generative AI services enable threat actors to create phishing, spear phishing, and business email compromise attacks that don’t throw off such signals.
Leave a Reply