AI chatbots like ChatGPT and Microsoft’s Bing chatbot integration are software applications capable of processing, analyzing, and generating responses to human input. These programs enhance communication by producing responses that sound natural, assisting with everyday tasks like refining emails and enhancing search engine outcomes. Nevertheless, these tools can be misused by malicious actors to produce harmful content, including lifelike voice and video simulations, as well as email phishing scams meant to distribute malware or extract sensitive information.
Two specific AI chatbots, WormGPT and FraudGPT, have been developed to automate hacking and spamming activities. These chatbots empower cybercriminals to craft highly convincing phishing schemes. They employ various tactics to manipulate individuals into interacting with harmful links, opening malicious attachments, or revealing confidential data:
- Crafting emails devoid of spelling or grammatical mistakes.
- Translating text into targeted languages.
- Mimicking distinct tones and styles to give the impression of authenticity.
- Constructing content that closely resembles genuine communication, making it difficult for systems to flag it as phishing.
Regrettably, the future holds the possibility of more malicious AI chatbots emerging, such as DarkBART and DarkBERT. These creations are designed to streamline fraudulent activities and exploitation.
As AI technology advances, phishing emails are becoming increasingly lifelike, often lacking typical indicators of suspicious content such as spelling errors. Familiarize yourself with the warning signs provided below to effectively recognize an AI-generated phishing email:
- Inaccurate logos or branding, or logos positioned awkwardly within the email.
- Unfamiliar sender address or sender information mismatch (e.g., the email claims to be from the CEO, but the sender's address doesn't match).
- Receipt of emails beyond regular business hours.
- Receiving unusual emails from recognized contacts (this might suggest email spoofing, where the email is faked and not genuinely from the indicated contact).
- Encountering unexpected attachments and links (never open attachments from unknown sources and always hover over links, or press and hold on mobile, to unveil the - actual URL).
If uncertainty arises, employ a verified alternative mode of communication to validate an email (or video/voice message). Any suspicious emails should be reported to the Security Operations team by utilizing the “Report Phishing” button on your Outlook toolbar.
Were you aware that cybercriminals can also harness AI tools to crack your passwords? Indeed, AI can instantaneously decipher a 10-character password comprising only numbers (Home Security Heroes, 2023). This underscores the heightened significance of devising strong, secure passwords for both your professional and personal accounts.
We encourage you to use KeePass as your passwords manager, here is an article about the features and benefits.
However if you prefer to use a different tool, make sure to adhere to the following recommendations to ensure the safety of your work from home and personal accounts:
- Crafting lengthy passwords incorporating numbers, uppercase and lowercase letters, as well as symbols, serves as one of your most robust defenses.
- Devise a unique password for each of your accounts.
- Refrain from reusing past passwords, as this elevates the vulnerability of your accounts being compromised.
- Ponder employing a passphrase - a sequence of words or an extended phrase.
- Regularly update your passwords.
Looking for a professional website to improve your online presence? Contact Klashtech to learn about our services. We offer Creative Web design, Web development, eCommerce, and digital marketing services to meet your specific needs. Call us at +1 (305) 965-9406 or send us an email at hello@klashtech.com.
Awards & Recognition
