"Generative AI Can Save Phishers Two Days of Work"

According to security researchers at IBM, generative AI tools can save phishing actors 16 hours of work designing a scam email but still can’t match a human.  The researchers noted that with only five simple prompts, they were able to trick a generative AI model to develop highly convincing phishing emails in just 5 minutes.  Among the prompts were the top areas of concern for employees working in specific industries; social engineering and marketing techniques that should be used; and the people/company that should be impersonated.  The IBM X-Force Red social engineering team was marginally more successful in their efforts, which tapped “creativity and a dash of psychology” to resonate more deeply with their targets and add an air of authenticity, which is hard for AI to replicate.  A round of A/B testing revealed the click rate for the human-generated phishing email (14%) was slightly higher than that of the AI-generated email (11%).  It was also reported less frequently (52%) than the AI version (59%).  The researchers noted that AI is likely to become an increasingly disruptive force in the phishing industry going forward, especially when used in malicious tools like WormGPT.

Infosecurity reports: "Generative AI Can Save Phishers Two Days of Work"