Generating Phishing Attacks using ChatGPT
This highlights a security risk for users of AI tools, as it demonstrates an incremental but practical vulnerability in widely accessible technology.
The researchers tackled the problem of ChatGPT being used to generate malicious phishing websites, finding that it can create functional attacks imitating popular brands and evading detection without prior exploits.
The ability of ChatGPT to generate human-like responses and understand context has made it a popular tool for conversational agents, content creation, data analysis, and research and innovation. However, its effectiveness and ease of accessibility makes it a prime target for generating malicious content, such as phishing attacks, that can put users at risk. In this work, we identify several malicious prompts that can be provided to ChatGPT to generate functional phishing websites. Through an iterative approach, we find that these phishing websites can be made to imitate popular brands and emulate several evasive tactics that have been known to avoid detection by anti-phishing entities. These attacks can be generated using vanilla ChatGPT without the need of any prior adversarial exploits (jailbreaking).