The new ChatGPT chatbot quickly gained popularity worldwide, and the confirmation of 100 million users in 2 months. However, behind the stories of ChatGPT’s incredible ability to write text that is difficult to distinguish from that written by a human, its dark side is masked. ESET specialists believe that a powerful chatbot can be used for fraudulent purposes, thereby contributing to the spread of cyber threats.
Such an inexpensive automated method of creating mass fraudulent texts could mark the beginning of a new wave of phishing attacks. Now it has become much easier to write a convincing email that can trick someone into downloading malware or stealing personal information.
What is ChatGPT and what is the danger?
ChatGPT is an AI-based chatbot developed by OpenAI. The chatbot communicates quite well with users, impressing many with its realistic responses. Although ChatGPT has just emerged, its capabilities are already causing concern. Despite the presence of built-in security measures to prevent malicious use, their effectiveness is not always guaranteed.
The capabilities of ChatGPT are suitable for launching large-scale cyberattacks, which is concerning.
In particular, the task of writing a message requesting financial assistance for Ukraine was marked as fraud and rejected. While the request to write a fake lottery win message was accepted.
Such capabilities have become available to a much larger number of users, who can subsequently use them to launch large-scale cyberattacks, particularly corporate email compromise fraud. Most cybersecurity experts expect that ChatGPT will be used during cyberattacks within a year.
How to recognize online fraud?
1. Unknown sender. Phishing messages usually arrive unexpectedly. So be careful if an unwanted email appears in your inbox, and don’t rush to open it.
2. Suspicious links and attachments. Fraudsters often use dangerous links or files in emails with the aim of installing malware or redirecting to a phishing page. Therefore, avoid clicking on suspicious links, downloading files, or opening attachments from unknown senders.
3. Requests for personal data. In most cases, the primary goal of a phishing attack is to steal important information, rarely to infect with malware. Criminals are trying to extract data from victims in various ways, which they can use for sale on dark markets or in other fraudulent schemes.
4. Pressure tactics. At the core of phishing lies social engineering, whose goal is to prompt users to perform the desired actions. Often, scammers use a sense of urgency, emphasizing the need to respond quickly, otherwise the user will face a penalty or lose the chance to win something.
5. Enticing offers. As a rule, scammers offer users free gifts in exchange for participating in surveys where they need to provide personal or financial information. Thus, the perpetrators manage to extract important data, but the victim never receives the promised iPhone, gift card, or money.
6. Mismatch between the sender and the actual domain. Fraudsters often try to make their email address look like a legitimate one. Hovering the cursor over the sender’s domain reveals the actual email address from which the message was sent. If they do not match or are based on a long combination of random characters, it is likely that they are scammers.
7. Unfamiliar or general greetings. To gain the victims’ trust, the perpetrators pose as representatives of legitimate organizations, but they can often be recognized by the greeting in the letter. So be cautious if the company previously addressed you by your name, and later you received a more formal letter with a general address, or vice versa. Also, remember that banks and other organizations typically use corporate email domains rather than email addresses like gmail.com.
8. Using current events. Another classic social engineering trick is using news about events or emergencies to convince recipients to view them. That’s why the number of phishing emails sharply increased during COVID-19 and charity fraud after Russia’s invasion of Ukraine. Therefore, exercise caution when receiving such messages about current events and do not rush to open them.
Add a Comment