AI chatbot ChatGPT is used for phishing attacks
Artificial intelligence has received a lot of attention in recent weeks. Several platforms have become viral hits for using artificial intelligence to create art with a one-word request or transform selfies into magical portraits.
But where AI is great for creative projects, it can also help with wording. In fact, AI is one of the oldest forms of online communication, as most websites use chatbots to help users navigate issues. However, a recent technological advance means it can be used for nefarious purposes.
Read on to see how ChatGPT makes sending malware via email easier than ever.
Here’s the back story
Many websites and apps use artificial intelligence. Chances are you’ve interacted with it at least three times this week. Some AI is subtle, like how Spotify knows exactly what you want to listen to next, while other examples are harder to spot.
However, a revolution is apparently underway as OpenAI released its ChatGPT service earlier this month. The platform is designed for any website or service to use and communicate with users without human intervention.
“ChatGPT is a powerful tool for creating chatbots that can engage in natural language conversations with users. It provides information, answers questions, and engages in dialogue in a way that feels like interacting with a human.” This is what ChatGPT responded with when asked to explain ChatGPT.
The possibilities are endless. You just need to post a question or request and ChatGPT dutifully answers in the best way AI can. But it also creates a serious security problem, as Check Point Research found.
Fraudsters and cybercriminals are usually not native to English-speaking countries. So the text in phishing emails or scam messages contains spelling and typographical errors. It’s easy to fix in a word processor. But grammar, vocabulary and syntax are more difficult, and that’s where ChatGPT comes in.
The ChatGPT Security Threat
As Check Point Research discovered, ChatGPT has no problem generating an authentic-sounding phishing message with no spelling or grammatical errors.
From there, it fine-tuned the copy to include certain parameters, such as making the victim simply download an Excel document. With the text in place, CPR asked the chatbot to generate malicious code that goes into the phishing email, and it did.
“We didn’t write a single line of code and instead let the AI do all the work. We chose to illustrate our point with a single execution flow, a phishing email with a malicious Excel file armed with macros that download a reverse shell (one of the favorites among cybercriminals),” CPR explains.
This is a massive problem. Anyone with little or no knowledge of hacking can create malicious code to steal your personal information.
How to avoid becoming a victim of phishing attacks
Phishing emails are becoming more sophisticated and difficult to detect. Now with AI chatbots sending phishing messages, things are even more serious. Therefore, it is important to keep the following security measures in mind at all times online.
- Protect your information — Never give out personal information if you do not know the sender of a text, chat or email or cannot verify their identity. Criminals only need your name, email address and phone number to scam you.
- Always use 2FA — Use two-factor authentication (2FA) for better security when available. Tap or click here for details on 2FA.
- Avoid links and attachments — Do not click on links or attachments you receive in unsolicited e-mails or messages. They can be malicious, infecting your device with malware and stealing sensitive information.
- Use strong, unique passwords — Create hard-to-crack passwords for all online accounts. And never use the same password on multiple platforms. Tap or click here for an easy way to follow this step with password managers.
- Antivirus is important — Always have a reliable antivirus program up to date and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for just $19 at ProtectWithKim.com. That’s over 85% off the regular price!
Malware is hidden in these fake apps that mimic the real versions
Surprise: Software that promises to “reveal” nude photos plants password-stealing malware