Novel Social Engineering Attacks Soar 135% Amid Uptake of Generative AI (itpro.com) 15
Researchers from Darktrace have seen a 135% increase in novel social engineering attack emails in the first two months of 2023. IT Pro reports: The cyber security firm said the email attacks targeted thousands of its customers in January and February 2023, an increase which it said matches the adoption rate of ChatGPT. The novel social engineering attacks make use of "sophisticated linguistic techniques," which Darktrace said include increasing text volume, sentence length, and punctuation in emails. Darktrace also found there's been a decrease in the number of malicious emails that are sent with an attachment or link.
The firm said that this behavior could mean that generative AI, including ChatGPT, is being used by malicious actors to construct targeted attacks rapidly. Survey results indicated that 82% of employees are worried about hackers using generative AI to create scam emails which are indistinguishable from genuine communication. It also found that 30% of employees have fallen for a scam email or text in the past. Darktrace asked survey respondents what the top-three characteristics are that suggest an email is a phish and found:
- 68% said it was being invited to click a link or open an attachment
- 61% said it was due to an unknown sender or unexpected content
- Poor use of spelling and grammar was chosen by 61% too
In the last six months, 70% of employees reported an increase in the frequency of scam emails. Additionally, 79% said that their organization's spam filters prevent legitimate emails from entering their inbox. 87% of employees said they were worried about the amount of their personal information online which could be used in phishing or email scams.
The firm said that this behavior could mean that generative AI, including ChatGPT, is being used by malicious actors to construct targeted attacks rapidly. Survey results indicated that 82% of employees are worried about hackers using generative AI to create scam emails which are indistinguishable from genuine communication. It also found that 30% of employees have fallen for a scam email or text in the past. Darktrace asked survey respondents what the top-three characteristics are that suggest an email is a phish and found:
- 68% said it was being invited to click a link or open an attachment
- 61% said it was due to an unknown sender or unexpected content
- Poor use of spelling and grammar was chosen by 61% too
In the last six months, 70% of employees reported an increase in the frequency of scam emails. Additionally, 79% said that their organization's spam filters prevent legitimate emails from entering their inbox. 87% of employees said they were worried about the amount of their personal information online which could be used in phishing or email scams.
Current AI is a lie! (Score:3, Insightful)
Re: (Score:1)
Re: (Score:2)
You're confusing spam & 419 scams with spear phishing.
I'd like to see a breakdown (Score:2)
A generation has now grown up with internet. (Score:2)
Re: (Score:2)
WTF do they still trust anything in an email without even a second thought?
If the extent of TikTok challenge attempts is any proof, then YES
Re: (Score:2)
Tide pod challenge. I rest my case.
AI Voice Scam was last month (Score:4, Informative)
Scammers are using artificial intelligence to sound more like family members in distress. People are falling for it and losing thousands of dollars.
https://www.washingtonpost.com... [washingtonpost.com]
Re: (Score:3)
See ... (Score:2)
Novel Social Engineering Attacks Soar 135% ...
Books are bad. Still unsure about pamphlets ...
speculation (Score:2)
Is there any part of this that is not speculation?
I Don't Trust This Type of Self Reported Data (Score:1)
I mean, we are relying on your everyday user to determine what "legitimate" emails are in this case... What a user calls legitimate in an anymous survey and what a company and their IT department calls legitimate are not in harmony here. I guarantee that at least half and probably more of that 87% who are worried about how much of their data is online are also clicking those "sign in with google" buttons while signed in with their work account. Also, im not really bothered that users are worried about Gener
GNUPG (Score:2)
The protocols for exchanging secure, encrypted email are more than two decades old.
And sadly, the only people using them are (probably) on government watchlists. Except RMS - he's on the AARP watchlist.