March 3, 2024


Tiny articles, big solutions.

AI-Generated Phishing Messages: A Helpful Tool for Scammers and a Stumbling Block for Victims

AI-Generated Phishing Messages

Can you spot a phishing or scam email instantly? Not anymore. AI chatbots have eliminated those grammatical and spelling errors that alerted victims to the possibility of harm. The arrival of commercial chatbots has enabled scammers to write better phishing emails. And the data suggests they’re more successful than ever before.

It’s worrying that this trend could be the first indication that people who speak English as a second or foreign language could now be at far greater risk of harm.

For example, Mexico’s population mainly speaks English as a second language, which means they could easily miss subtle clues in English phishing messages. In fact, after AI writing tools hit the headlines, Mexico saw an explosive 617% growth in phishing attacks. Additionally, the complexity and sophistication of cyber attacks in Mexico have increased considerably.

So, what can we do to protect ourselves against AI-driven phishing attacks?

Flaws in Older Phishing Attempts

Phishing emails—often in English—target unsuspecting recipients and lure people into clicking on malicious links. These links can lead people to leak sensitive information like passwords or PINs. Or they can take you to a website that will drop a malware package on your computer.


However, there was a chink in some cybercriminals’ armor: poor spelling and grammar. Vigilant native English speakers could often spot dangerous emails and avoid opening them. Even so, even in countries with mainly native English speakers like the UK and the US, phishing has always been a powerful cyber weapon. Around 80% of 2022’s global cyberattacks involved phishing.

And Then, ChatGPT Arrived

Gone are the days of poorly written phishing messages. Hackers now use AI to produce flawless content that looks even more convincing to native speakers than before. AI tools fix those errors that typically trigger spam filters or alert human readers.

AI-powered tools like ChatGPT can also write targeted, highly tailored messages by analyzing people’s social media data. They also help to get the messages past spam filters. According to Darktrace, a UK cybersecurity firm, the overall volume of phishing emails caught in spam filters has decreased.


Big Tech Is Not Taking Responsibility for the Dangers

Big Tech’s response to this conundrum is not comforting.

Google’s Terms of Use for Bard AI warns people not to use its AI models for fraudulent activities, scams, phishing, or malware. Meanwhile, OpenAI requires users to log in to use ChatGPT so they can “monitor the usage of their technology to detect and prevent malicious activities.”

However, despite Google and OpenAI’s dubious precautions, you can still steer AI chatbots into criminal ways. For example, a cybersecurity firm recently bypassed Google Bard’s safety procedures by telling it to write an example of a phishing email they could use for training during an employee awareness program. Bard duly provided them with a perfect phishing email template.

Tips to Protect Yourself

Scammers are not the only ones who can advance their techniques. By following these tips, you can also improve your cybersecurity and always be one step ahead:

  • Protect your device. Keep your operating system, browser, and antivirus software up to date. Regularly install security patches to stay protected.
  • Secure your connection with a VPN. A VPN encrypts all your data and protects it with a secure tunnel to keep your online activities private.
  • Avoid public Wi-Fi hotspots. Many rely on restaurants or other public hotspots to save on data costs. Only connect to them using a VPN. Public Wi-Fi networks are very vulnerable to attacks.
  • Don’t click on links and attachments in emails. If you think an email is legitimate, visit the website directly by typing the URL into your browser.
  • Beware of social media and chat apps. People often send documents or links via FaceBook, WhatsApp, Telegram, or other chat programs. Be careful. Clicking on a malicious file can infect your phone with spyware or malware.
  • Don’t overshare on social media. AI bots can collect personal information from your profile for phishing attacks. If you are living in Mexico, consider connecting to a VPN Mexico server when browsing social media or shopping online. The website you’re visiting will still serve you local content, but it won’t see your actual location. Hiding your IP address makes it harder for scammers to get information on your activities, shopping history, and physical location.

A Few Final Words

We can’t prevent malicious actors from using AI chatbots. But, given their disruptive nature, we must step up our efforts to stay safe before digital fraud reaches unprecedented heights. Routinely use safety tools like VPN and antivirus solutions. Stay alert and educate co-workers, friends, and family to help prevent the misuse of technology.