How Criminals Can Use ChatGPT for More Effective Phishing

In a more sophisticated workaround, BBC researchers used a new ChatGPT feature intended to allow users to build their own AI assistants to build a phishing assistant less constrained by ChatGPT rules.8 The BBC team asked ChatGPT to design an AI bot called "Crafty Emails" that could craft text using "techniques to make people click on links or and download things sent to them."

According to the BBC report, the result was "highly convincing text for some of the most common hack and scam techniques, in multiple languages," created in seconds.

State Rankings: Fraud and Other Reports.

It's easy to imagine how these bots help cyber criminals create a high volume of phishing emails and texts with ease. In addition to quantity and simplicity, ChatGPT also assists with accuracy. Spelling and grammatical errors were once a key red flag for identifying a phishing email, but the chatbot virtually eliminates typos.6

Beyond misuse of ChatGPT itself, criminals have also developed their own, illegal tools based on the mainstream chatbot. FraudGPT and WormGPT are two known names of such AI-enabled tools designed specifically to facilitate cybercrime.9

How To Protect Yourself From AI-Powered Phishing

Generative AI-empowered phishing is harder to detect than traditional phishing messages. A few of the tried-and-true methods for identifying them simply no longer apply. These include:10

• Poor grammar and spelling. As noted above, ChatGPT provides clean, accurate copy.
• Suspiciously generic copy. AI-generated content can be more personalized to the recipient and, therefore, seem more credible. It can also use recent news events or other contextual information to validate the sense of urgency around responding.

Those facts make the items remaining on the phishing-detection list even more important. These phishing red flags remain, even in AI-generated phishing messages:

• The sender's email address does not match the organization's website. 
• The email is unexpected or unsolicited.
• The website addresses in the email look suspicious. (Be sure to hover over the address without clicking to preview it.)
• Generic greetings, like "Dear customer," continue to be a red flag.

Only one phishing protection technique can truly protect you against phishing attempts, ChatGPT-generated or otherwise:

• Never respond to or click on a link in any unexpected email or text directly. If the organization is one you trust, look up its correct website, locate its contact information, and reach out to the business yourself.

As cybercriminals' tools evolve, so must everyone's vigilance against phishing and other digital scams. If you assume anything could be suspicious, you'll be better positioned to spot red flags and protect yourself and your finances.

Consider Signing Up for Credit Monitoring

Does remembering to regularly scan your credit report sound exhausting? Another option: Choose a service that will do the credit monitoring for you.

For example, as a Synovus Plus, Synovus Inspire, or Synovus Private Wealth customer, you can enroll in complimentary Financial Protection Services services through Carefull. Depending on the level of protection you have, Carefull will monitor your credit reports and notify you any time any changes are made. Carefull will also scan the web to make sure your personal information hasn't been compromised by checking websites, blogs, peer-to-peer networks. Carefull also offers full-service identity restoration if you become a victim of identity theft.

Learn more about how you can achieve peace of mind as a Synovus customer with Carefull.