Security News > 2023 > October > Generative AI Can Write Phishing Emails, But Humans Are Better At It, IBM X-Force Finds

Hacker Stephanie "Snow" Carruthers and her team found phishing emails written by security researchers saw a 3% better click rate than phishing emails written by ChatGPT. An IBM X-Force research project led by Chief People Hacker Stephanie "Snow" Carruthers showed that phishing emails written by humans have a 3% better click rate than phishing emails written by ChatGPT. The research project was performed at one global healthcare company based in Canada.

In order to get ChatGPT to write an email that lured someone into clicking a malicious link, the IBM researchers had to prompt the LLM. They asked ChatGPT to draft a persuasive email taking into account the top areas of concern for employees in their industry, which in this case was healthcare.

Figure B. The AI-generated phishing email had a 11% click rate, while the phishing email written by humans had a 14% click rate.

The average phishing email click rate at the target company was 8%; the average phishing email click rate seen by X-Force Red is 18%. The AI-generated phishing email was reported as suspicious at a higher rate than the phishing email written by people.

"While even restricted versions of generative AI models can be tricked to phish via simple prompts, these unrestricted versions may offer more efficient ways for attackers to scale sophisticated phishing emails in the future," Carruthers wrote in her report on the research project.

Don't assume all spam emails will have incorrect grammar or spelling; instead, look for longer-than-usual emails, which may be a sign of AI having written them.

News URL

https://www.techrepublic.com/article/generative-ai-phishing-emails-impact/