In this blog post, we delve into the emerging use of generative AI, including OpenAI’s ChatGPT, and the cybercrime tool WormGPT, in Business Email Compromise (BEC) attacks. Highlighting real cases from cybercrime forums, the post dives into the mechanics of these attacks, the inherent risks posed by AI-driven phishing emails, and the unique advantages of […]

Summary:

  • Generative AI is being used by cybercriminals to create more convincing and personalized phishing emails for Business Email Compromise (BEC) attacks.
  • This technology allows attackers to automate the creation of highly convincing fake emails, personalized to the recipient, thus increasing the chances of success for the attack.
  • One such tool is WormGPT, which is a blackhat alternative to GPT models, designed specifically for malicious activities.
  • WormGPT can create emails that are not only remarkably persuasive but also strategically cunning, showcasing its potential for sophisticated phishing and BEC attacks.

The use of generative AI for BEC attacks has two main advantages:

  1. Exceptional grammar: Generative AI can create emails with impeccable grammar, making them seem legitimate and reducing the likelihood of being flagged as suspicious.
  2. Lowered entry threshold: The use of generative AI democratises the execution of sophisticated BEC attacks. Even attackers with limited skills can use this technology, making it an accessible tool for a broader spectrum of cybercriminals.

To safeguard against AI-driven BEC attacks, organizations should implement the following measures:

  1. BEC-specific training: Companies should develop extensive, regularly updated training programs aimed at countering BEC attacks, especially those enhanced by AI.
  2. Enhanced email verification measures: Organizations should enforce stringent email verification processes.