Artificial intelligence has been a source of innovation and creativity over the last few years. Amplifying various industries, tools, products, and services, its ubiquity is inescapable. But the same is true of the negative aspects of this tool. AI has made it easier for threat actors to hack, phish, and scam unsuspecting victims.
With sophisticated technology at their disposal, online phishing has become more convincing. Phishing is one of the most common forms of online scamming, with approximately 3.4 billion phishing emails sent out per day. Impersonating organizations and individuals is easier than ever with AI technology.
According to cybersecurity experts, malicious phishing emails have increased by 1,265% since the arrival of ChatGPT. Security professionals have been hard at work creating anti-phishing software to combat the scourge. This article explores some of the latest developments in the industry.
How do scammers implement AI?
A good starting point to understand how these attacks are being combatted would be to unpack how they occur. While the vast majority of AI tools exist to help us with daily tasks and provide search engine functions, the opposite is also true. AI tools like WormGPT and FraudGPT exist on the dark web to aid fraudsters in their efforts to deceive and scam targets. These tools use generative AI to create replica emails, websites, and other requests.
According to Chris Steffen, research director at Enterprise Management Associates, “Gone are the days of the ‘Prince of Nigeria’ emails that presented broken, nearly unreadable English to try to convince would-be victims to send their life savings. Instead, the emails are extremely convincing and legitimate sounding, often mimicking the styles of those that the bad guys are impersonating, or in the same vein as official correspondence from trusted sources,” such as government agencies and financial services providers.
This threat has a real, tangible cost: $15 million annually or more than $1,500 per employee. To combat this, researchers are developing anti-phishing software.
Anti-phishing software development
Shirin Nilizadeh is leading the charge in developing anti-phishing software. The assistant professor in the Department of Computer Science and Engineering at the University of Texas Arlington and doctoral students Sayak Saha Roy and Poojitha Thota have developed software that prevents AI chatbots from creating phishing websites.
This is a significant development as one of the major concerns is the ability of threat actors to “jailbreak” ordinary tools like ChatGPT. In other words, scammers have found loopholes in ChatGPT that assist in creating phishing material. With the software developed by Dr. Nilizahdeh, these loopholes and prompts are circumvented by improving detection and rejection.
While tools like WormGPT and FraudGPT exist, they require access to the dark web and are paid services. For non-technical scammers with limited coding capabilities, ChatGPT offers a convenient alternative to building fake websites. “These tools are very powerful, and we are showing how they can be misused by attackers,” Nilizadeh said.
The team used machine learning to program software to recognize prompts for creating phishing websites. Once the software could detect these prompts, it was instructed to react to specific keywords and patterns and subsequently block these prompts from being implemented on ChatGPT.
Awards, recognition, and integrations
The need for this software is underscored by the awards and recognition it’s attracted in a relatively short amount of time. Their work has been published at the 2024 IEEE Symposium on Security and Privacy; a leading cybersecurity industry body. They were also the recipients of the Distinguished Paper Award, highlighting the quality of their research as well as its impact.
“I want people to be receptive to our work and see the risk,” Saha Roy said. “It starts with the security community and trickles down from there.”
As part of their next steps, the team of researchers looks forward to collaborating with the major tech companies that drive these chatbots, including Google and OpenAI. They aim to integrate their findings into broader AI security strategies.
“I’m really happy that I was able to work on this important research,” Thota added. “I’m also looking forward to sharing this work with our colleagues in the cybersecurity space and finding ways to further our work.”
A Closer look at anti-phishing software
Anti-phishing software detects and blocks this kind of attack. Typically, anti-phishing software incorporates the following techniques:
- Web Analysis: This software analyzes websites and detects phishing indicators like suspicious URLs or fake SSL certificates.
- Email filtering: Statistics indicate that 3.4 billion phishing emails are sent daily. Anti-phishing software scans incoming emails and filters suspicious messages that may contain phishing links or attachments.
- Link protection: One in three people click on malicious links. Some anti-phishing software that protects users against harmful links works by analyzing and blocking suspicious URLs in real-time.
- User education: The best way to prevent users from falling prey to threat actors through phishing is through education. Many anti-phishing software providers include comprehensive educational resources that help users recognize phishing attempts through various means.
By using anti-phishing software, organizations can significantly reduce the risk of falling victim to phishing attacks. It helps protect sensitive information, prevents financial loss, especially ransomware, and safeguards the reputation of individuals and businesses.
When choosing anti-phishing software, it is important to consider its effectiveness, ease of use, and compatibility with existing security systems. Regular updates and maintenance are also crucial to stay protected against evolving phishing techniques.
How does anti-phishing software protect me from online threats?
We increasingly operate in an online world. Banking, business, and even education are online, cloud-based activities. This makes us especially vulnerable to phishing attacks. Anti-phishing software is a necessary guardrail against the many, varied attacks from threat actors.
Staying abreast of the latest tactics and methods can be difficult as phishing activity becomes more sophisticated. This is where anti-phishing software makes a difference. Once a potential phishing attack is detected, the software automatically blocks or flags the suspicious content, preventing it from reaching your inbox or web browser. This real-time, immediate intervention is crucial to reducing the chances of falling prey to scams.
As new phishing methods and strategies emerge, the software adapts and updates its algorithms and databases. Regular updates and maintenance ensure the software remains effective against the latest threats.
In addition to protecting against attacks, anti-phishing software often includes other security features to enhance overall cybersecurity. These features may consist of email encryption, data loss prevention, and user authentication mechanisms. By bundling these capabilities into a single software solution, organizations and individuals can streamline their security operations and improve their overall risk management.
Conclusion
Anti-phishing software plays a vital role in protecting individuals and organizations from the ever-present threat of phishing attacks. This technology identifies and blocks potential threats by proactively scanning and analyzing emails and web content, preventing users from falling victim to scams. It also educates users about common phishing tactics and keeps up with emerging techniques through regular updates.
Sharin Nilizadeh and her team have taken an important first step in creating anti-phishing software that considers the role that AI plays in exacerbating cyber threats, hacks, and phishing scams. AI has made these attacks more effective by easily (and quickly) replicating websites, links, emails, and more.
Constant vigilance is no longer enough to protect users against phishing, and with the abundance of anti-phishing software, added security measures can provide effective safeguards against scams.
