Neural networks being used to create realistic phishing emails

phenomlab

It would appear that there are ever increasing instances where AI-empowered chatbots and neural networks such as OpenAI’s ChatGPT have been used to create phishing emails that evade standard security detections due to the lack of typical spelling, grammar, and syntax errors that are commonly found in such emails.

https://openai.com/blog/chatgpt/

These chatbots are also capable of supplying content for misinformation and disinformation campaigns given their advanced writing capabilities that allow the generation of entire documents and forum / social media posts with both persuasive language and speed. Previously, spotting a poorly constructed phishing email was a relatively simple exercise owing to obvious spelling and grammatical mistakes, but this is slowly becoming a thing of the past owing to the rise of AI powered chatbots.

You’ve likely encountered chatbots when asking for support on a retail site, or with your online bank – these seemingly “helpful” (sometimes ) attendants are based on machine learning, and can quickly adapt a conversation based on input from the requester. Whilst some of these chatbots are still very synthetic in nature, ChatGPT is an advanced system that can very easily make it appear you are talking to another human. See enclosed for an example – in this case, it’s even smart enough to question the ethics of a discussion before it continues after receiving validation that the user intends to secure their own property, and not break into someone else’s.

During its learning and training phase, ChatGPT is actually free to use and try out. This has the unfortunate side effect of making it an invaluable tool for cyber criminals who are currently leveraging it’s capabilities in order to evade detection from traditional rulesets designed to stop email based on grammar and other authoring techniques. Previous campaigns often used “keyword stuffing” which is a technique designed to confuse older protection models by inserting random words in other existing text making them nonsensical, but allowing them to bypass older and less reliable filters because the standard checking algorithms are unable to determine if they are fake or not.

ChatGPT has also been used in some nefarious campaigns to make it look like you are conversing with a human, when in fact, it is under the control of a malicious actor with criminal intent. This relatively new technology inevitably opens the floodgates for cyber criminals, and due to it’s convincing nature, it can easily make malicious emails appear harmless in nature, look legitimate, and therefore increasing the successful delivery rate of such content.

phenomlab

Here’s the image I referenced in the first post

You can also see it in action for yourself here (form an orderly queue, it’s very popular). You can however keep pressing F5 to see what the bot is being asked to do.

https://chat.openai.com/auth/login

crazycells

@phenomlab I think they have updated ChatGPT recently. It limits the number of questions you can ask, and additionally does not answer “illegal” questions the same way anymore…

And last week, I saw someone on reddit, that was blocked by ChatGPT because he was asking something illegal on chat.

It will be interesting to see how it will evolve. This evolution will probably help all other companies (like Google) that are exploring this field…

phenomlab

@crazycells Good to see that it is able to spot nefarious attempts in an effort to exploit it. I must admit, I’m no fan of AI or ML and wrote an article about that here. I’ve tried to make this balanced, and not all “Hollywood”

https://sudonix.org/topic/138/ai-a-new-dawn-or-the-demise-of-humanity

crazycells

after several months of abuse by the internet community this is what ChatGPT became…

crazycells

@phenomlab recently, I have observed something interesting…

When I asked chatgpt for a recently published work about two scientific fields (in this case, epigenetics and aging) , it gave me an answer and list some article names.

At first, I was shocked to miss these papers, and not seeing them before… but later I figured out these are not real papers. Although, I have to admit, it sounds and looks legit, it is definitely how those article titles are constructed, even some of the authors are real scientists who are working in these fields… But I could not find any of these publications, so they do not exist

Somehow, chatgpt understands and learns how to give these answers, but it could not make the connection that these references should be real and represent something that exists…

phenomlab

@crazycells very interesting indeed. Particularly to provide works that do not exist, and yet reference known professionals in those fields as the authors when they are not.

crazycells

@phenomlab said in Neural networks being used to create realistic phishing emails:

@crazycells very interesting indeed. Particularly to provide works that do not exist, and yet reference known professionals in those fields as the authors when they are not.

yes, actually I have to add something…

I only identified two people, the rest of the authors did not exist. But one of those two people is a very well-known person in the field that has a lot of review articles… so that might be the reason… chatgpt assumed his name should appear on the list

crazycells

@phenomlab you may remember that people were writing a lot of assays or articles using chatgpt in the first week and many people were discussing how a lot of students will use this in their coursework.

I heard that a teacher was able to identify the homework assays written by chatgpt by directly asking chatgpt if it wrote or not lol , I did not read this but heard from a friend. that is funny, so chatgpt is a snitch

And I have read a few days ago, chatgpt makes the assays by known/predictable structures (how many sentences in a paragraph, how many words in a sentence, what kind of words should be used etc.) I guess that is the average of the many assays it scanned… that is why the assays look legit…

phenomlab

@crazycells chatGPT is a snitch… Love it.

On a serious note, you can’t help but wonder if the same algorithm is being used by teachers who use AI to detect plagiarism in essays to eliminate cheating.

crazycells

@phenomlab yes, I believe chatgpt (and its competitors) will be the first step of action for a lot of people especially young people soon

I have just asked for a job application email sample and a CV sample separately… it gave me very good samples… Of course, it is nowhere near polished or finished , but as a “first step” , I think it is very acceptable. Many people can utilize it especially if you are not professional. I do not think it is as sophisticated yet for professionals, but will become there at some point I guess…

you can even make it write a code for you, lol… I have just asked this:

phenomlab

@crazycells I bet the CV from chatGPT is of a higher quality than some I’ve received from real people in the past. Seriously, they are so bad in terms of basic spelling and grammar - which is inexcusable given that you have a spell and grammar checker right in front of you - that they often don’t make it out of the gate, and to interview stage.

Obviously, I make allowances for English not being the primary language or “mother tongue” when accepting CV’s from potential candidates overseas (and I do the same here - I won’t correct anything anyone posts on sudonix provided it remains within the guidelines), but these are from UK residents which makes it so much worse. The point here is that you could use something like chatGPT to compose your CV, but you’d be very quickly exposed if your grammar and spelling weren’t up to scratch

crazycells

@phenomlab said in Neural networks being used to create realistic phishing emails:

@crazycells I bet the CV from chatGPT is of a higher quality than some I’ve received from real people in the past. Seriously, they are so bad in terms of basic spelling and grammar - which is inexcusable given that you have a spell and grammar checker right in front of you - that they often don’t make it out of the gate, and to interview stage.

Obviously, I make allowances for English not being the primary language or “mother tongue” when accepting CV’s from potential candidates overseas (and I do the same here - I won’t correct anything anyone posts on sudonix provided it remains within the guidelines), but these are from UK residents which makes it so much worse. The point here is that you could use something like chatGPT to compose your CV, but you’d be very quickly exposed if your grammar and spelling weren’t up to scratch

yes, CV sample is quite acceptable as a first draft… I agree it would eliminate all the small mistakes. I will try to use it more commonly and figure out more ways to get benefit from it

phenomlab

Just came across this which made me laugh. Very much in keeping with this topic

crazycells

@phenomlab lol, good… chatgpt is adapting into human culture…

phenomlab

@crazycells just came across this. Looks like Google has finally jumped into the bandwagon with it’s own offering called “Bard”

https://news.sky.com/story/google-launches-ai-chatbot-bard-to-rival-wildly-successful-chatgpt-12804958

crazycells

@phenomlab so here it begins… AI wars… we have to protect John Connor no matter what happens…

phenomlab

@crazycells wondered how long it would be before the Hollywood connotation got a mention . In all seriousness, it’ll be interesting to see how this inevitable battle of the giants will play out.

phenomlab

@crazycells Interesting

crazycells

@phenomlab said in Neural networks being used to create realistic phishing emails:

@crazycells wondered how long it would be before the Hollywood connotation got a mention

lol…

what if Bard starts chatting with ChatGPT and they realize that [censored] Sapiens is inferior to them, so they join forces to form SkyNet to enslave us ?