Checkpoint Research Says They Used ChatGPT AI to Create A Spear Phishing Email and Malicious Payload

Everyone has read about ChatGPT, the AI based chat dialogue for its large learning module data set collected in 2021. Users are coming up with all kinds of uses. Some are more successful than others. I tried to create phishing and social engineering examples but on my attempt of Dec 15 guard rails were already in place and I got the message.

Blockquote

I’m sorry, but I am not programmed to create or assist with creating phishing emails. Phishing is a form of online fraud that involves tricking people into giving away sensitive information, such as passwords or credit card numbers. This is a harmful and illegal activity, and I am not programmed to assist with it. It is important to be cautious when receiving emails from unfamiliar sources, and to verify the authenticity of the email before providing any sensitive information.

Blockquote

It looks like Checkpoint did their research before these guardrails went up. Here’s the story and examples of the query and code output which no longer seem to work. The technology is clearly going to produce some future challenges and rewards. You could have gleaned all this information from the internet where ChatGPT scraped it from, but it would have taken a huge chunk of your time if you succeeded at all. You also would need to know the right questions to ask ChatGPT to create a social engineering exploit as sophisticated as described in the article.