Artificial intelligence programs such as ChatGPT have led to sharp increase in phishing attacks over the past year as cybercriminals increasingly leverage these programs to write authentic-looking emails that trick recipients into revealing information or download malware that breaches their company’s data.
The SlashNext State of Phishing Report for 2023, released Monday, found a 1,265% increase in malicious phishing emails during the 12-month period since the launch of ChatGPT, a language model app that is capable of generating text that mimics human speech. In the hands of criminals, it can be used to send phishing emails without the clunky grammar and misspellings that previously made fraud easier to spot.
Additionally, credential phishing, which is when a hacker attempts to steal an employee’s credentials by pretending to be a trusted party, increased 967%.
“We cannot ignore statistics like this,” said Patrick Harr, CEO, SlashNext, a leader in SaaS-based Integrated Cloud Messaging Security across email, web, and mobile.
“While there has been some debate about the true influence of generative AI on cybercriminal activity, we know from our research that threat actors are leveraging tools like ChatGPT to help write sophisticated, targeted Business Email Compromises and other phishing messages, and an increase in the volume of these threats of over 1,000% corresponding with the time frame in which ChatGPT was launched is not a coincidence,” he said.
In its annual report, SlashNext Threat Labs analyzed billions of threats including link-based, malicious attachments and natural language messages in email, mobile and browser channels during a 12-month period from Q4 2022 to Q3 2023; conducted in-depth research into cybercriminal behavior and activity on the Dark Web particularly as it relates to leveraging Generative AI tools and chatbots; and surveyed more than 300 cybersecurity professionals.
Other key finds in the report include:
- On average, 31,000 phishing attacks were launched daily
- 68% of phishing emails are text-based Business Email Compromise (BEC) – attacks designed to steal money or critical information from organizations
- 46% of cybersecurity professionals polled reported receiving a BEC attack
- 77% of cybersecurity professionals polled reported being targets of phishing attacks, and 28% reported receiving those messages via text message
- 39% of all mobile-based attacks were SMS phishing (“smishing”)
“Among the key themes our research tells us is that mobile-based and multi-stage attacks are growing, primarily because threat actors know that users have fewer protections on mobile compared to email,” Harr said.