AI is Making Phishing Emails Much Harder to Spot

It has been almost 6 months since the release of Chat GPT – the Ai tool that rocked the world through its capabilities paired with its accessibility. It is no surprise that it has taken no time at all for it to already be used in malicious ways. One way that is growing in commonality is its use for creating scam and phishing emails.

One of the most common areas where phishing emails are identified is in there grammar and spelling. This is usually in the form of spelling mistakes, misplaced commas, missing punctuation incorrect word choice or lack of capital letters. These can often be spotted very easily, try it yourself with this phishing email spot the difference.

If you manged to spot all the mistakes then you would be fine dealing with phishing emails of the past, it’s the present and future emails that you’ll need to worry about.

How is AI Effecting Phishing Emails?

With the use of Chat GPT a scammer can easily craft an email to be both grammatically correct and more convincing than regular scam emails. And the worst part is, these are so easy to create. While you can’t just ask the bot to create a scam email, you can ask it to ‘write a short email to alert someone of a data breach in their account, asking them to click a link to reset their password’.

You can even edit the prompt so that it looks like it has come from a specific company. This also removes the unprofessional language that is often seen in scam emails such as ‘Download Now!’ or ‘URGENT ACTION NEEDED!!’

What you Should Look Out For.

If good writing is paired with convincing email signatures and a similar looking email domain, it will be very difficult to identify what is a phishing email and what isn’t. This is why it is so important to know what to look out for when dealing with phishing emails.

1. Suspicious sender: Check the sender’s email address carefully to see if it looks suspicious or unfamiliar. Phishing emails often use fake or spoofed email addresses that are similar to legitimate ones.
2. Generic greetings: Phishing emails often use generic greetings like “Dear valued customer” instead of addressing you by name.
3. Suspicious links: Phishing emails often contain links that lead to fake login pages or malware. Hover your mouse over the link to see the URL and check if it looks legitimate.
4. Unexpected attachments: Be cautious of unexpected email attachments, especially those in .zip or .exe format, as they may contain malware.

There will always be something that isn’t right about a scam email. But if you’re still not sure and want to be 100% certain, don’t hesitate to call the company the email is claiming to be. Remember, they will never ask for your password.

How to Protect Your Business From Phishing Emails.

Another way to protect yourself and your business from scam emails is to use simulated phishing attacks. This is where a service provider will send your staff a fake scam email to test their abilities in identifying scam emails. This can help educate your staff on what to do when finding a scam email and what to look out for. You will receive a full risk score and receive continual training after the initial test.

To find out more about simulated phishing click the link – Simulated Phishing Campaigns – Increase User Awareness (genmar.co.uk)

And if you were curious on if you spotted all the differences