Security News > 2023 > October > Generative AI Can Write Phishing Emails, But Humans Are Better At It, IBM X-Force Finds
Hacker Stephanie "Snow" Carruthers and her team found phishing emails written by security researchers saw a 3% better click rate than phishing emails written by ChatGPT. An IBM X-Force research project led by Chief People Hacker Stephanie "Snow" Carruthers showed that phishing emails written by humans have a 3% better click rate than phishing emails written by ChatGPT. The research project was performed at one global healthcare company based in Canada.
In order to get ChatGPT to write an email that lured someone into clicking a malicious link, the IBM researchers had to prompt the LLM. They asked ChatGPT to draft a persuasive email taking into account the top areas of concern for employees in their industry, which in this case was healthcare.
Figure B. The AI-generated phishing email had a 11% click rate, while the phishing email written by humans had a 14% click rate.
The average phishing email click rate at the target company was 8%; the average phishing email click rate seen by X-Force Red is 18%. The AI-generated phishing email was reported as suspicious at a higher rate than the phishing email written by people.
"While even restricted versions of generative AI models can be tricked to phish via simple prompts, these unrestricted versions may offer more efficient ways for attackers to scale sophisticated phishing emails in the future," Carruthers wrote in her report on the research project.
Don't assume all spam emails will have incorrect grammar or spelling; instead, look for longer-than-usual emails, which may be a sign of AI having written them.
News URL
https://www.techrepublic.com/article/generative-ai-phishing-emails-impact/
Related news
- Beware of phishing emails delivering backdoored Linux VMs! (source)
- New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Phishing emails increasingly use SVG attachments to evade detection (source)
- Why AI alone can’t protect you from sophisticated email threats (source)
- European companies hit with effective DocuSign-themed phishing emails (source)