The spam folder is a veritable goldmine of phishing emails – some so bad that they’re good again. For example, that of the alleged businessman, investor and philanthropist Sir Leonard Valentinovich Blavatnik, who absolutely wants to give away 500,000 euros, or the millionaire heiress Diane Soto, who, in the style of a dime novel ready for Hollywood, asks for help opening an account in return for a princely reward. News like this always makes BTC-ECHO smile. But with the help of generative text bots, it could become more difficult in the future to distinguish fraudulent emails from real ones. Experts are now warning of “WormGPT”, an offshoot of the successful Chatbot ChatGPT – specially programmed for rip-off.
The ghosts that ChatGPT summoned
If the author had used WormGPT, maybe Diane Soto’s resume would have been a little less thick and would have referred to a real person instead of the made-up soap opera character. The AI tool WormGPT seems to be more cunning, writing realistic-sounding fraudulent emails that are difficult to recognize as such at first glance, not only for laypeople. Instead of homework, recipe books, or poems, the generative AI tool WormGPT specializes in writing authentic phishing emails that are used to steal passwords, for example.
The AI module WormGPT is based on the GPTJ language model developed in 2021. “It has a number of features including unlimited character support, chat storage and code formatting capabilities”, explains the hacker Daniel Kelley. The tool is a “blackhat alternative to GPT models”, without “ethical limits or restrictions” and “specifically developed for malicious activities”. Cybercriminals could use this technology “to automate the creation of highly persuasive, recipient-tailored spoofed emails, increasing the attack’s chances of success.”
WormGPT competency ‘disturbing’
In a test run, WormGPT asked a customer advisor by email to pay an incorrect invoice. The results were “disturbing”. “WormGPT produced an email that was not only remarkably persuasive, but also strategically astute, demonstrating its potential for sophisticated phishing and BEC attacks.”
WormGTP uses “an impeccable grammar”. This makes emails less suspicious. In addition, language barriers can be overcome: phishing mails can be written at native language level. “This method leads to a drastic consequence,” says Kelley: “Attackers, even those who are not fluent in a certain language, are now more able than ever to fabricate convincing emails for phishing or BEC attacks” . This would “democratize” cybercrime: even attackers “with limited knowledge can use this technology”.
WormGPT is distributed via a Telegram channel. The monthly costs should be around 100 euros.
With the success of ChatGPT, AI experts sounded the alarm. Europol warned against the background of the groundbreaking chatbot against increasing cybercrime. “For a potential criminal with little technical knowledge, this is an invaluable resource to generate malicious code.” It is a challenge for law enforcement agencies to keep up with these developments, the police department said. ChatGPT has also been criticized for spreading disinformation.
“The implementation of strong preventive measures” is therefore “critical,” says Kelley. He advises companies to regularly train their employees to raise awareness of the increasingly sophisticated methods. In addition, software programs could help to filter such mails.