- Aug 17, 2017
- 1,509
"The idea that you can rely on looking for bad grammar or spelling in order to spot a phishing attack is no longer the case," Corey Thomas, CEO of US cybersecurity firm Rapid7, told The Guardian. According to the newspaper, data from Darktrace, one of the UK's most prominent cybersecurity firms, seems to indicate that more and more phishing emails are being written by chatbots. That's not good, as these LLMs tend to synthesize convincing-sounding prose in an authoritative style — a perfect fit for the corporate and official emails they're trying to imitate.
Executing these typically requires some degree of planning and research to gather details about a target to make the scam more convincing. Until now, the extra effort involved got in the way of spear phishing becoming too ubiquitous. But an AI could potentially automate spear phishing almost entirely. "I can just crawl your social media and put it to GPT, and it creates a super-believable tailored email," Heinemeyer told The Guardian. "Even if I'm not super knowledgeable of the English language, I can craft something that's indistinguishable from human."