Recent research conducted by WithSecure shows how easy it has now become for malicious actors to conceive and create innovative phishing campaigns. WithSecure has demonstrated how ChatGPT can be leveraged to create convincing phishing emails through just a few prompts.
This is interesting in that, traditionally, security awareness trainings have focused on raising user awareness around certain tell-tale signs to look for in a phishing email (e.g. grammatical errors, spelling mistakes, incoherent sentences). With the advent of AI-generated phishing email content (e.g. ChatGPT), these signs will vanish and it will become all the more harder for regular users to spot potential phishing attempts based on these signs.
The only way to protect against such increasingly sophisticated phishing attempts is to continually keep users aware of such sophistication and promote a culture of verification before action.
At Xybrware, we believe in byte-sized learning delivered on a continuous basis so as to keep users in a state of constant awareness when it comes to cyber risks in the online world.
Link to WithSecure’s research: https://labs.withsecure.com/publications/creatively-malicious-prompt-engineering
Leave a Reply