Ever resourceful threat actors and scammers continue to unleash mayhem on unsuspecting victims by tapping into growing trends and rapidly adopting new technology, popular platforms and software.
New tool, better scams
The free artificial intelligence tool, ChatGPT by OpenAI has been widely embraced since it’s launch in November 2022. Promising benefits such as improved efficiency and productivity for individuals and businesses, ChatGPT has rapidly grown its user base to over 100 million users in a mere few months. Due to the buzz and growing popularity of ChatGPT, there have been reports of phishing websites promoted through fraudulent OpenAI social media pages spreading malware. Or phishing websites duping victims into sharing personal information. ChatGPT has been used as a phishing hook due to its popularity, but CNET also suggests it could be used to write and finetune phishing emails by threat actors.
The implications
We know cybercriminals adapt quickly to trends and adopt new technology, so there is a real concern that criminals are using ChatGPT to create convincing threats with ease and speed. Examples of these threats include generating convincing email or social media phishing lures to bait victims, making it more difficult for people to decipher what is real. The impacts from these types of malicious attacks can potentially cause business, investment and financial loss along with time and costs involved with eradicating risks and getting affected systems back up and running.
Could ChatGPT help threat actors refine their scams?
The short answer is: Yes, quite possibly. But the real question is, how can we protect individuals and businesses?
Tips for individuals
There are a number of recommendations that cybersecurity professionals offer to individuals to minimise risk. These include:
- Remaining vigilant and aware of the types of scams doing the rounds.
- Checking URLs carefully and avoid clicking on links – instead, type out the link in your browser.
- Being weary of sharing personal information online. Do you know what it will be used for? If in doubt, don’t dish it out.
- Assessing each scenario to gauge legitimacy. Is it believable? Is it too good to be true? Even if it seems convincing, double check through formal channels, such as an official company website or call the phone number from the official company website to verify details.
Tips for organisations
In an organisation, cyber risk education and ongoing training for employees is recommended. Cybersecurity awareness training plans offer a concerted effort to build greater alertness and awareness to minimise the chances of succumbing to common scams. After all, employees are often the first line of defence in an organisation and in order for them to effectively avoid a cyber incident, they need to know what to look out for and what to do if we come across anything suspicious.
It’s important for organisations to implement additional security measures to protect themselves against threats. These measures can include:
- Implementing anti-phishing software that can detect and block malicious emails before they reach employees,
- Enforcing strict password policies and two-factor authentication to protect against unauthorised access,
- Keeping software and systems up to date with the latest security patches and updates,
- Performing regular security assessments and penetration testing to identify vulnerabilities and weaknesses,
- Having a robust incident response plan in place to quickly respond to and contain any security incidents,
As technology continues to advance, it is important for individuals and organisations to remain vigilant and take proactive steps to protect against cyber threats.
While ChatGPT may be a new tool that can potentially be used by threat actors, there are steps that can be taken to mitigate the risk of falling victim to scams and attacks. By staying informed and implementing best practices for cybersecurity, individuals and organisations can stay one step ahead of cyber criminals and protect their valuable assets and information.
MPaware
MPaware is the cyber security awareness training tool for implementation in small to medium businesses. Incorporating phishing simulations and ongoing cyber security awareness training plans along with dark web scans which detects and reports back if any business data is shared on the dark web.