Generating Phishing Attacks using ChatGPT
Sayak Saha Roy, Krishna Vamsi Naragam, Shirin Nilizadeh
TL;DR
This paper demonstrates how ChatGPT can be exploited to generate convincing phishing websites that imitate popular brands and evade detection, highlighting security risks associated with AI language models.
Contribution
It identifies malicious prompts and an iterative method to produce functional, evasive phishing websites using standard ChatGPT without prior exploits.
Findings
ChatGPT can generate realistic phishing websites.
Phishing sites can imitate major brands effectively.
Evasive tactics can be incorporated to avoid detection.
Abstract
The ability of ChatGPT to generate human-like responses and understand context has made it a popular tool for conversational agents, content creation, data analysis, and research and innovation. However, its effectiveness and ease of accessibility makes it a prime target for generating malicious content, such as phishing attacks, that can put users at risk. In this work, we identify several malicious prompts that can be provided to ChatGPT to generate functional phishing websites. Through an iterative approach, we find that these phishing websites can be made to imitate popular brands and emulate several evasive tactics that have been known to avoid detection by anti-phishing entities. These attacks can be generated using vanilla ChatGPT without the need of any prior adversarial exploits (jailbreaking).
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSpam and Phishing Detection · Misinformation and Its Impacts · Hate Speech and Cyberbullying Detection