Cybersecurity Experts Warn Criminals Now Start Using ChatGPT to Create Phishing Emails

The phishing email using ChatGPT is getting more and more difficult to detect. (photo: dock. Pixabay)

JAKARTA - Computer hackers are now using ChatGPT to create highly convincing phishing emails. Internet users are expected to be careful in order to recognize this scam.

Cybersecurity firm Norton warns that criminals are now using AI tools such as ChatGPT to create 'bait' to rob victims.

A report in New Scientist suggests that using ChatGPT to generate emails can reduce costs for cybercrime gangs by up to 96 percent. Julia O'Toole, CEO of MyCena Security Solutions, warns, ChatGPT has also completely removed the language barrier for cybercrime gangs around the world.

O'Toole says there are still ways to recognize phishing emails generated by AI tools, but these technologies make it much more difficult to recognize phishing emails.

"Phishing has grown rapidly since email scams first hit inboxes, but a lack of proficiency in language and culture remains a major barrier for fraudsters, who have struggled to make their emails realistic," O'Toole said.

"While they still deceive innocent people, many internet users can recognize spoofs and delete them. However, it is no longer an easy thing," he said.

ChatGPT is the "hot topic" on the dark web right now, according to O'Toole, as cybercriminals look for ways to use it to trick victims.

There are protections built into ChatGPT that are meant to prevent its use in fraud - but criminals are looking for ways to get around them.

"The quality and speed of execution of ChatGPT makes it a powerful 'productivity hack.' With it, criminals can now proliferate complex phishing campaigns, generating emails faster with a higher chance of success," said O'Toole.

O'Toole warns that ChatGPT's ability to generate accurate content means it can impersonate anyone - and warns that AI tools that can access internet content have the potential to become 'weapons of cyber mass destruction'.

"Hackers can use ChatGPT to trick people into providing usernames and passwords for their online accounts, or can trick people into sending money or disclosing personal information to criminals while tricking them into pretending to be for legitimate purposes," O'Toole added.

Cybercriminals can also use complex prompts to gather information needed to design 'bespoke' cyberattacks, he said.

"When criminals use ChatGPT, there is no cultural barrier. When the target receives an email from their bank or CEO that "pops", there is no language signature to suggest the email is fake," he added.

Here are five ways to spot fake emails:

1. Check the email address

Before clicking on an email, you can hover your mouse over a suspicious email address. If the email address isn't from the domain it's supposed to be, then it's most likely a spoofed email.

2. Consider context

If a bank or other institution contacts you urgently asking for information, you should exercise caution. Consider the context - why do they need this information? Why now?

3. Avoid hyperlinks

Avoid clicking on hyperlinks in emails that ask for personal information. We recommend verifying the authenticity of the email first. For example, if your bank contacts you by e-mail and asks for personal information, we recommend that you contact the bank via the telephone number listed on the bank's official website.

4. Look at the picture

Images or logos in fake emails may appear blurry or out of focus. This is because cybercriminals do not have access to proper digital assets. Therefore, pay close attention to the image or logo in the email you receive.

5. Check the official website

When you receive a suspicious email, it is best to check the official website of the email sender. Check if there are phrases or branding that they use frequently in communication. If there are any suspicious details, it is most likely a spoofed email.