Hold on to your login credentials! A recent look at email phishing campaigns uncovered a 61% spike in attacks over the second half of last year. However, security pros find AI (artificial intelligence) is now accelerating these campaigns, and the number of attacks will significantly increase going forward. With the release of the AI ChatGPT platform coupled with PaaS (phishing-as-a-service) kit upgrades, email phishing is slated to be more pervasive and destructive than ever before.
ChatGPT, an AI platform created by OpenAI and released late last year, uses chatbots to create interactive user experiences. And now, this AI tool is fast becoming a phisher’s best friend. The meteoric rise in popularity of ChatGPT, along with improvements to easily available PaaS kits, spells trouble for enterprise security. Successful phishing attacks open the door to further crimes like ransomware, account takeovers (ATOs), identity theft, and espionage, among others.
Phishing by the Numbers
As it is, email phishing leads to over 90% of corporate security breaches, and more than 60% of SMBs (small-to-medium-size businesses) close their doors within months of a phishing attack. In the fourth quarter of last year alone, Vade email security found 58.9 million emails carried malware, an existential threat to organizations everywhere.
Vade also found monthly volumes for phishing were 62.3 million in October of last year, and 47 million in November, nothing too unusual. But in December, a crazy-popular time for holiday and end-of-year phishing scams, they report a jump to 169 million, finalizing a month-over-month total increase of 260%.
ChatGPT supports countless personal and business tasks, particularly on massive scales. Writing emails and other communications barely scratch the surface of what ChatGPT can do, but using it for email phishing campaigns is where cybercriminals are focusing their efforts.
In the Crosshairs
Vade’s research revealed the top two phishing targets in the second half of last year are also the two most used productivity suites, Microsoft 365 and Google Workspace. Targeting productivity apps commonly used by corporations casts a wide net for success. Exactly who and what these now accelerated phishing attacks target next is a question mark.
It’s important to remember that anyone, no matter their skill level, can become a phishing threat. Creating enhanced PaaS phishing kits with ChatGPT means new phishing threats are rapidly coming to fruition. According to Vade, “Hackers can weaponize ChatGPT to produce sophisticated phishing kits efficiently by using commands that empower the AI tool to write phishing emails and malicious code in seconds…that’s already become notorious for its cybersecurity implications…”
Always be on the lookout for phishing. The top give away is that you aren't expecting the link or attachment and/or that the message makes you feel like you need to do something in a hurry.
While phishing might have been difficult to detect before, it is likely to become even more challenging going forward. We will have to wait and see how much.