Skip to content

Neural networks being used to create realistic phishing emails

Security
  • It would appear that there are ever increasing instances where AI-empowered chatbots and neural networks such as OpenAI’s ChatGPT have been used to create phishing emails that evade standard security detections due to the lack of typical spelling, grammar, and syntax errors that are commonly found in such emails.

    https://openai.com/blog/chatgpt/

    These chatbots are also capable of supplying content for misinformation and disinformation campaigns given their advanced writing capabilities that allow the generation of entire documents and forum / social media posts with both persuasive language and speed. Previously, spotting a poorly constructed phishing email was a relatively simple exercise owing to obvious spelling and grammatical mistakes, but this is slowly becoming a thing of the past owing to the rise of AI powered chatbots.

    You’ve likely encountered chatbots when asking for support on a retail site, or with your online bank – these seemingly “helpful” (sometimes 😊) attendants are based on machine learning, and can quickly adapt a conversation based on input from the requester. Whilst some of these chatbots are still very synthetic in nature, ChatGPT is an advanced system that can very easily make it appear you are talking to another human. See enclosed for an example – in this case, it’s even smart enough to question the ethics of a discussion before it continues after receiving validation that the user intends to secure their own property, and not break into someone else’s.

    During its learning and training phase, ChatGPT is actually free to use and try out. This has the unfortunate side effect of making it an invaluable tool for cyber criminals who are currently leveraging it’s capabilities in order to evade detection from traditional rulesets designed to stop email based on grammar and other authoring techniques. Previous campaigns often used “keyword stuffing” which is a technique designed to confuse older protection models by inserting random words in other existing text making them nonsensical, but allowing them to bypass older and less reliable filters because the standard checking algorithms are unable to determine if they are fake or not.

    ChatGPT has also been used in some nefarious campaigns to make it look like you are conversing with a human, when in fact, it is under the control of a malicious actor with criminal intent. This relatively new technology inevitably opens the floodgates for cyber criminals, and due to it’s convincing nature, it can easily make malicious emails appear harmless in nature, look legitimate, and therefore increasing the successful delivery rate of such content.

  • Here’s the image I referenced in the first post

    943c0dc0-417d-4080-a02a-56ebf5592c56-image.png

    You can also see it in action for yourself here (form an orderly queue, it’s very popular). You can however keep pressing F5 to see what the bot is being asked to do.

    https://chat.openai.com/auth/login

    270e3b3a-f6c6-4f80-bbc1-cf3598775d44-image.png

  • phenomlabundefined phenomlab marked this topic as a regular topic on
  • @phenomlab I think they have updated ChatGPT recently. It limits the number of questions you can ask, and additionally does not answer “illegal” questions the same way anymore…

    And last week, I saw someone on reddit, that was blocked by ChatGPT because he was asking something illegal on chat.

    It will be interesting to see how it will evolve. This evolution will probably help all other companies (like Google) that are exploring this field…

  • @crazycells Good to see that it is able to spot nefarious attempts in an effort to exploit it. I must admit, I’m no fan of AI or ML and wrote an article about that here. I’ve tried to make this balanced, and not all “Hollywood” 🙂

    https://sudonix.org/topic/138/ai-a-new-dawn-or-the-demise-of-humanity

  • phenomlabundefined phenomlab referenced this topic on
  • after several months of abuse by the internet community 🙂 this is what ChatGPT became…

    alt text

  • @phenomlab recently, I have observed something interesting…

    When I asked chatgpt for a recently published work about two scientific fields (in this case, epigenetics and aging) , it gave me an answer and list some article names.

    At first, I was shocked to miss these papers, and not seeing them before… but later I figured out these are not real papers. 🙂 Although, I have to admit, it sounds and looks legit, it is definitely how those article titles are constructed, even some of the authors are real scientists who are working in these fields… But I could not find any of these publications, so they do not exist 😄

    Somehow, chatgpt understands and learns how to give these answers, but it could not make the connection that these references should be real and represent something that exists…

    Screen Shot 2023-01-20 at 18.26.53.png

  • @crazycells very interesting indeed. Particularly to provide works that do not exist, and yet reference known professionals in those fields as the authors when they are not.

  • @phenomlab said in Neural networks being used to create realistic phishing emails:

    @crazycells very interesting indeed. Particularly to provide works that do not exist, and yet reference known professionals in those fields as the authors when they are not.

    yes, actually I have to add something…

    I only identified two people, the rest of the authors did not exist. But one of those two people is a very well-known person in the field that has a lot of review articles… so that might be the reason… chatgpt assumed his name should appear on the list 🙂

  • @phenomlab you may remember that people were writing a lot of assays or articles using chatgpt in the first week and many people were discussing how a lot of students will use this in their coursework.

    I heard that a teacher was able to identify the homework assays written by chatgpt by directly asking chatgpt if it wrote or not 🙂 lol , I did not read this but heard from a friend. that is funny, so chatgpt is a snitch

    snitch

    And I have read a few days ago, chatgpt makes the assays by known/predictable structures (how many sentences in a paragraph, how many words in a sentence, what kind of words should be used etc.) I guess that is the average of the many assays it scanned… that is why the assays look legit…

  • @crazycells chatGPT is a snitch… Love it.

    On a serious note, you can’t help but wonder if the same algorithm is being used by teachers who use AI to detect plagiarism in essays to eliminate cheating.

  • @phenomlab yes, I believe chatgpt (and its competitors) will be the first step of action for a lot of people especially young people soon 😄

    I have just asked for a job application email sample and a CV sample separately… it gave me very good samples… Of course, it is nowhere near polished or finished , but as a “first step” , I think it is very acceptable. Many people can utilize it especially if you are not professional. I do not think it is as sophisticated yet for professionals, but will become there at some point I guess…

    you can even make it write a code for you, lol… I have just asked this:

    Screen Shot 2023-01-20 at 21.15.12.png

  • @crazycells I bet the CV from chatGPT is of a higher quality than some I’ve received from real people in the past. Seriously, they are so bad in terms of basic spelling and grammar - which is inexcusable given that you have a spell and grammar checker right in front of you - that they often don’t make it out of the gate, and to interview stage.

    Obviously, I make allowances for English not being the primary language or “mother tongue” when accepting CV’s from potential candidates overseas (and I do the same here - I won’t correct anything anyone posts on sudonix provided it remains within the guidelines), but these are from UK residents which makes it so much worse. The point here is that you could use something like chatGPT to compose your CV, but you’d be very quickly exposed if your grammar and spelling weren’t up to scratch 😧

  • @phenomlab said in Neural networks being used to create realistic phishing emails:

    @crazycells I bet the CV from chatGPT is of a higher quality than some I’ve received from real people in the past. Seriously, they are so bad in terms of basic spelling and grammar - which is inexcusable given that you have a spell and grammar checker right in front of you - that they often don’t make it out of the gate, and to interview stage.

    Obviously, I make allowances for English not being the primary language or “mother tongue” when accepting CV’s from potential candidates overseas (and I do the same here - I won’t correct anything anyone posts on sudonix provided it remains within the guidelines), but these are from UK residents which makes it so much worse. The point here is that you could use something like chatGPT to compose your CV, but you’d be very quickly exposed if your grammar and spelling weren’t up to scratch 😧

    yes, CV sample is quite acceptable as a first draft… I agree it would eliminate all the small mistakes. I will try to use it more commonly and figure out more ways to get benefit from it 😄

  • Just came across this which made me laugh. Very much in keeping with this topic

    image_9a734d4b-3e80-4ae0-ae86-ff64bb10f63f20230124_155314.jpg

  • @phenomlab lol, good… chatgpt is adapting into human culture…

  • @crazycells just came across this. Looks like Google has finally jumped into the bandwagon with it’s own offering called “Bard”

    https://news.sky.com/story/google-launches-ai-chatbot-bard-to-rival-wildly-successful-chatgpt-12804958

  • @phenomlab so here it begins… AI wars… we have to protect John Connor no matter what happens…

  • @crazycells wondered how long it would be before the Hollywood connotation got a mention 😁. In all seriousness, it’ll be interesting to see how this inevitable battle of the giants will play out.

  • @phenomlab said in Neural networks being used to create realistic phishing emails:

    @crazycells wondered how long it would be before the Hollywood connotation got a mention

    lol…

    what if Bard starts chatting with ChatGPT and they realize that [censored] Sapiens is inferior to them, so they join forces to form SkyNet to enslave us ? 😆


  • 4 Votes
    7 Posts
    440 Views

    @phenomlab oh no, that is 1 cent on the video, but you are right, symbols are similar… I just converted it to $1 , since it is more intuitive in daily life…

  • 2 Votes
    12 Posts
    385 Views

    @DownPW looks good to me.

  • 11 Votes
    47 Posts
    3k Views

    @DownPW Seems fine.

  • 12 Votes
    17 Posts
    386 Views

    @phenomlab lol yeap, very smart… I read it and immediately ask the same question to ChatGPT and saved the letter sample 😄

    I might use it in the future.

  • 2 Votes
    8 Posts
    421 Views

    @DownPW great response - and salent points well made.

  • 0 Votes
    1 Posts
    433 Views
    No one has replied
  • 5 Votes
    4 Posts
    582 Views

    @crazycells I guess the worst part for me was the trolling - made so much worse by the fact that the moderators allowed it to continue, insisting that the PeerLyst coming was seeing an example by allowing the community to “self moderate” - such a statement being completely ridiculous, and it wasn’t until someone else other than myself pointed out that all of this toxic activity could in fact be crawled by Google, that they decided to step in and start deleting posts.

    In fact, it reached a boiling point where the CEO herself had to step in and post an article stating their justification for “self moderation” which simply doesn’t work.

    The evidence here speaks for itself.

  • 109 Votes
    152 Posts
    12k Views

    https://news.sky.com/story/scarlett-johannsson-shocked-and-angered-after-openai-allegedly-recreated-her-voice-without-consent-13140514

    SCARLETT JOHANSSON’S STATEMENT IN FULL

    Last September, I received an offer from Sam Altman, who wanted to hire me to voice the current ChatGPT 4.0 system.

    He told me that he felt that by my voicing the system, I could bridge the gap between tech companies and creatives and help consumers to feel comfortable with the seismic shift concerning humans and AI.

    He said he felt that my voice would be comforting to people.

    After much consideration and for personal reasons, I declined the offer.

    Nine months later, my friends, family and the general public all noted how much the newest system named “Sky” sounded like me.

    When I heard the released demo, I was shocked, angered and in disbelief that Mr Altman would pursue a voice that sounded so eerily similar to mine that my closest friends and news outlets could not tell the difference.

    Mr Altman even insinuated that the similarity was intentional, tweeting a single word “her” - a reference to the film in which I voiced a chat system, Samantha, who forms an intimate relationship with a human.

    Two days before the ChatGPT 4.0 demo was released, Mr Altman contacted my agent, asking me to reconsider. Before we could connect, the system was out there.

    As a result of their actions, I was forced to hire legal counsel, who wrote two letters to Mr Altman and OpenAI, setting out what they had done and asking them to detail the exact process by which they created the “Sky” voice. Consequently, OpenAI reluctantly agreed to take down the “Sky” voice.

    In a time when we are all grappling with deepfakes and the protection of our own likeness, our own work, our own identities, I believe these are questions that deserve absolute clarity.

    I look forward to resolution in the form of transparency and the passage of appropriate legislation to help ensure that individual rights are protected.