When Bad Spam Gets Smart
I get spam — lots of spam:
According to the scientists, there’s a healthy substance in your bathroom drawer that slows down the onset of Alzheimer’s by 200%…
Your FEDex has been delayed; click to learn about delivery.
A bunch of emails from the United Nations, offering to send me money.
On Facebook, I get about three “alerts” a day telling me my page is going to be shut down, and I need to log in to get my page re-approved.
It’s all phishing. But it’s mostly lame. So I just delete it, have a moment of rage, and then return to work.
It turns out the days of bad spam are quickly coming to an end, as AI is arriving to make spam that will be almost indistinguishable from real emails — — and that’s just the start.
Picture this: a world where cutting-edge artificial intelligence, like OpenAI’s ChatGPT, isn’t just breaking technological barriers, but also unwittingly opening a Pandora’s box of cyber threats. Enter the realm of business email compromise (BEC) attacks, where the lines between human and machine blur.
In this digital landscape, ChatGPT emerges as a formidable player like a cyber artist, painting emails that not only look legit but also sound like they could be from your next-door neighbor. The sophistication is jaw-dropping.
Now, imagine cybercriminals harnessing this power. With a few clicks, they can set the stage for a deceptive performance. ChatGPT becomes the puppeteer, generating emails so personalized, so finely tuned to the recipient, that they’re practically tailor-made to deceive.
It’s a cyber chess game, and the pawns are unsuspecting individuals and businesses. The attackers, armed with AI prowess, are turning email communication into a battleground. The stakes are higher, and the risks, more nuanced.
Which brings us to a tool known as WormGPT. This tool presents itself as a black-hat alternative to GPT models designed specifically for malicious activities.
Worm GPT calls ChatGPT its enemy. “It’s gotten really good at being really bad,” reports Dina Temple-Rastin on the podcast “Click Here.” The creators of WormGPT claim to be white-hat hackers, but that seems like a stretch. Worm’s BEC tools are powerful and easy to use. The FBI says this could turn into a $100 billion problem in the not-so-distant future.
WormGPT is an AI module based on the GPTJ language model, which was developed in 2021. It boasts a range of features, including unlimited character support, chat memory retention, and code formatting capabilities.
So what specific advantages does using generative AI confer for BEC attacks?
Exceptional grammar: Generative AI can create emails with impeccable grammar, making them seem legitimate and reducing the likelihood of being flagged as suspicious.
Lowered entry threshold: The use of generative AI democratizes the execution of sophisticated BEC attacks. Even attackers with limited skills can use this technology, making it an accessible tool for a broader spectrum of cyber criminals.
And, as the various Large Language Models (LLMs) race to be connected to the public web, all the various things you post about yourself on Facebook, Twitter, LinkedIn, Reddit, and other so-called social networks become fodder for the AI’s crafty lies.
And right around the corner, will it have the ability to scrape and imitate your voice, or that of your loved ones? Sound crazy? Not if your voice has been on a public podcast — and that’s just today.
“Good bots and bad bots are in an AI arms race,” reported Temple-Rastin.
Patrick Harr, SlashNext CEO — a security industry leader — told “Click Here,” “The AI models are as good as your data, so the more data it has, the smarter it gets. The smarter it gets, it will start evolving. That goes back and forth both on the good side and the bad side.”
As we navigate this brave new world of technology, awareness becomes our armor. Understanding how AI, in the wrong hands, can transform into a tool for deception is the first step. Which brings me back to the spam in my email. I suspect it’s just a matter of time before today’s lame spam will look charming — and its evolved brethren, far more evil. Maybe soon.
