Community
WormGPT, a new, AI-powered tool for pretexting attacks, is attracting subscribers among the cyber criminal community, according to reporting from ZD.net. The capabilities of this tool, which uses similar technology to large learning models like ChatGPT, are grounds for significant concern for all business owners.
Researchers from SlashNext were able to access the tool and examine its capabilities. They found the following:
The WormGPT Threat to Businesses
By creating flawless, persuasive, customized emails and texts, WormGPT has the potential to overcome the most obvious fingerprints of a fraudulent Business Email Compromise (BEC) or phishing attack: bad grammar, odd sentence structure and generic requests. Even novice criminals could use this tool to trick employees who have extensive cyber security and fraud prevention training.
Training programs that teach employees to recognize unusual requests or unusual language from customers will still stop most attacks, and programs that emphasize awareness will have some success in thwarting AI-powered attacks with impeccable grammar and urgent requests. The rise of programs like WormGPT does mean that businesses cannot solely rely on language as a way to detect fraudulent emails. To meet this challenge, businesses need to look at technical solutions and their everyday practices.
Effective Techniques to Mitigate WormGPT Threats to Business
The most dangerous WormGPT attacks will attempt to steal goods, money or credentials. Pretexting attacks claiming to come from senior company leaders, clients or IT staff will present the greatest challenge, particularly if criminals have gained access to the actual email accounts of these individuals.
Businesses should take the following steps to prevent sophisticated pretexting attacks of all types:
These steps serve two purposes. First, they will defeat the majority of attempts to steal goods via BEC attacks. Second, they will provide ample evidence to your insurance company that you have policies and practices in place to deter fraud. Banks and insurance companies have been pushing back on claims for reimbursement involving pretexting attacks and BEC fraud on the grounds that employees allowed these attacks to happen. A demonstrated level of internal vigilance and security may help your cause if you need to take a claim to court.
The other necessary defense against WormGPT and other forms of business fraud is employee training. Criminals count on hurried, helpful employees who are motivated to provide service and clear bottlenecks. Employees who learn to recognize the red flags of fraud can still do their jobs efficiently and keep customers happy while protecting your business.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
David Smith Information Analyst at ManpowerGroup
20 November
Konstantin Rabin Head of Marketing at Kontomatik
19 November
Ruoyu Xie Marketing Manager at Grand Compliance
Seth Perlman Global Head of Product at i2c Inc.
18 November
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.