Cybercriminals are Using Gen AI to Scale Their Email Attacks

Cybercriminals are Using Gen AI to Scale Their Email Attacks

March 29, 2024 / in Blog / by Zafar Khan, RPost CEO

Cybercriminals can now subscribe to black-hat AI as easily as Netflix.

Join the April 4 webinar to learn how RPost's AI can prevent cybercriminals from stealing your funds.

Armand here again reporting for Tech Essentials. This week, I’m writing to you from…my mom’s basement. This is so that I can try and get in the mindset of a cybercriminal trying to leverage AI to perpetrate a sophisticated email scam. Now I know that most of these schemes are perpetrated by much more organized groups of people working in near office-like conditions, but I thought I’ll stick with the age-old stereotype of the loner in the family basement. (Plus, I’ve been racking up a lot of travel costs recently.) 

Anyways, you’ve probably heard in the media (or from yours truly) that cybercriminals are now actively leveraging generative AI models to create chatbots that can lure hapless victims into giving up sensitive information. As I noted a couple weeks back, this is NOT your father’s Nigerian Prince email scheme complete with broken English and mismatched fonts. These AI bots can seem like a reliable human contact who can seamlessly make people part with their personal info (and cash). 

In fact, cybersecurity researchers recently happened upon “FraudGPT,” an AI bot exclusively designed for criminal activities that is available on Dark Web markets and Telegram. FraudGPT crafts SMS phishing messages, effectively impersonating banks and other financial organizations that you may have chatted with only yesterday.

By using FraudGPT, a cybercriminal can also easily craft enticing emails to scale and lure recipients into clicking a malicious link—crucial for mass email phishing campaigns. Just like Netflix or Amazon Prime, FraudGPT is available on a subscription basis, with pricing ranging from $200 per month to $1,700 per year. 

Now the truly scary part: Before FraudGPT was released (or just widely adopted), there was already $2.9 billion in reported losses reported in the US in 2023 due to Business Email Compromise (BEC) attacks, a 10% increase from 2022. The average loss was $150,000 per incident for these attacks. However, the FBI estimates this is vastly underreported because only 20% of victims usually report to the FBI. And note that BEC scams have been reported in all 50 states and 177 countries around the world with over 140 countries receiving fraudulent transfers. 

Now can you imagine how much more these attacks will get scaled up? It’s enough to make me want to stay in this basement forever! (At least I’d get to enjoy my mom’s famous grasshopper souffle, an armadillo classic.)

RPost's PRE-Crime email security service will thwart these types of email attacks (chatbot-driven or not). Any combination of our proprietary Eavesdropping™ Notifications, Aggregate Eavesdropping Heartbeat™ Monitor, and Sender-Authenticated Invoices will give you a serious leg up over these new, scaled BEC attacks. 

While some cybersecurity solutions help protect organizations from miswiring their own funds, they remain exposed to scenarios where it’s their clients falling for these scams via email lures. Our PRE-Crime™ module harmoniously extends your existing email security systems, adding elegantly easy encryption, unique BEC targeted attack detection with our own white-hat AI to extend DLP automation.

I’m feeling a lot better now. Maybe it’s time to go upstairs, leave the house, and get some sunlight. To learn more about PRE-Crime protection, don’t hesitate to contact us to learn more.