IBM researchers said a ChatGPT-generated phishing email was almost as effective in fooling people compared to a man-made version.
IBM researchers said a ChatGPT-generated phishing email was almost as effective in fooling people compared to a man-made version.
So it’s less effective than a regular phishing email?
Yes, but being about the same means ChatGPT could be used to create massive amounts or personalized phishing emails at a low cost in a very short time by automation. Basically doing what they do now, but even faster.
And with better spelling and punctuation.
No, those ‘mistakes’ are part of the phishing tactic. It weeds out those that are paying too much attention to the details.
I can’t tell if this is a joke or not :|
Cool. Also I’m not sure why but it appears that my original comment was removed.
Better spelling and punctuation is a bug, not a feature.
Bad spelling = people who miss those may be easy to fool.
I wonder how that would work. The last one I did some checking into had a bitcoin address and it (I really don’t understand Bitcoin well) looked like the person moved the fake money from account to account over and over again.
And crafting a carefully targeted phishing email took a human team around 16 hours, they wrote, while ChatGPT took just minutes
This is significant because any person with the desire to scam can use ChatGPT from the comfort of their own home over lunch instead of hiring professionals for a few days.
No, it’s significant because attackers can pump out way more emails while also making them customized to their targets and constantly changing to help avoid detectors.
And crafting a carefully targeted phishing email took a human team around 16 hours
Ummm what? Back in college, I used to budget 30-45 minutes a page for essays. What the hell are they writing that took a team of people 16 fucking hours for a few paragraphs of text?
How many people clicked the phishing links in your college papers?
I guess they mean person hours since they are referring to a team. An initial brainstorming session, another review session or two and 16 hours are quickly gone.
deleted by creator
To be honest, phishing emails are so bad that I don’t see how any generational AI couldn’t be better. Just making less than two typos per sentence would e enough.
Someone explained me that it may be intentional that phishing emails are so bad as it acts as a pre-filter, then you only spend time and ressources dealing with presumably very gullible people.
The typos are intentional. They filter out intelligent recipients who wouldn’t fall for the scam.
Looking forward to the day when I use Darktrace’s AI threat detection to stop ChatGPT’s AI generated threats…
What a world we’ve built!
“I call it the phishing buster buster buster”
It kills me that nobody I know has seen “The Big Hit” and yet everyone knows about the trace buster buster buster.
Ok we should just go back to dudes on horseback yelling stuff for money.
Hear ye hear ye, timesheets are due on Friday
Why haven’t people learned yet to simply never click a link in an email? Even if it’s not malicious, it’s still trying to track you.
Images in emails also track you fwiw, as your browser or email client has to send a request to load it. Disable loading images by default.
The simple fact that people still fall for phishing scams is a great indicator that we’ve always been going nowhere.
Oh please you can’t be 100% mistrustful all the time. Eventually you are going to slip up and assume good faith. This is why it is important to stop people from doing it instead of blaming victims.
Also, who knows how many people who do fall for these things are mentally disabled.
Phishing scams are getting really good these days. It’s no longer the Nigerian prince-type obvious scams.
They make emails nearly identical to real ones, they’re able to fake sender names, they actually use real English.
If you think you wouldn’t fall for a phishing email, you’re kidding yourself. All it takes is one lapse of judgement while you’re too busy to realize an email is fake.
