Security News > 2023 > March > Humans are still better at creating phishing emails than AI — for now

Amid all of the buzz around ChatGPT and other artificial intelligence apps, cybercriminals have already started using AI to generate phishing emails.
In the end, human-generated phishing mails caught more victims than did those created by ChatGPT. Specifically, the rate in which users fell for the human-generated messages was 4.2%, while the rate for the AI-generated ones was 2.9%. That means the human social engineers outperformed ChatGPT by around 69%. One positive outcome from the study is that security training can prove effective at thwarting phishing attacks.
Germany: 2.3% were tricked by humans, while 1.9% were tricked by AI. Sweden: 6.1% were deceived by humans, with 4.1% deceived by AI. Current cybersecurity defenses can still cover AI phishing attacks.
Though phishing emails created by humans were more convincing than those from AI, this outcome is fluid, especially as ChatGPT and other AI models improve.
On the plus side, protecting your organization from phishing emails and other threats requires the same defenses and coordination whether the attacks are created by humans or by AI. "ChatGPT allows criminals to launch perfectly worded phishing campaigns at scale, and while that removes a key indicator of a phishing attack - bad grammar - other indicators are readily observable to the trained eye," said Hoxhunt CEO and co-founder Mika Aalto.
For now, phishing emails generated by AI are written in a formal and stilted manner.
News URL
https://www.techrepublic.com/article/phishing-emails-humans-better-creating-than-ai/
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Beware: PayPal "New Address" feature abused to send phishing emails (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Coinbase phishing email tricks users with fake wallet migration (source)
- Why it's time for phishing prevention to move beyond email (source)
- Microsoft’s new AI agents take on phishing, patching, alert fatigue (source)
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)
- New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records (source)