With chatbots, malicious actors are able to generate spearphishing emails much faster. The protections that chatbot developers have added to them cannot stop these bots from performing reconnaissance operations and generating phishing emails. That's the conclusion of researchers Simon Lermen and Fred Heiding.
The researchers compared four types: existing phishing emails, phishing emails created by chatbots and experts, respectively, and human-in-the-loop phishing emails. The latter variant is created by chatbots as well as experts.
The click rate of existing phishing emails used in real campaigns is 12 percent. For phishing emails created by chatbots and phishing emails created by experts, it is 54 percent. Human in the loop phishing emails score the highest: these achieve a click rate of 56 percent.
"By using language models, attackers can effortlessly create phishing emails that are uniquely customized for each target, making signature-based detection obsolete. As models get better, their persuasion capabilities are likely to increase as well," the researchers said.
Click here for the study by Lermen and Heiding.
