Cybercriminals are increasingly abusing AI-assisted website generators to quickly craft convincing phishing sites, according to researchers at Palo Alto Networks’ Unit 42.
In many cases, even when these services have safeguards in place to prevent abuse, criminals are able to bypass these measures in order to create phishing pages. Unit 42 tested a popular website generator to see how easy it was to spin up a spoofed website.
“The website builder only required a valid email address to establish a trial account and publish a page impersonating our company,” Unit 42 says.
“Since these pages are intended to quickly establish a web presence for a new company or organization, they lack the design elements that criminals would otherwise use to spoof a targeted brand. In our test, the website builder promised to generate a free AI website in 60 seconds, which is an accurate statement. Our only input was a brief description of the company for an initial text prompt.”
Additionally, the researchers found that approximately 40% of AI abuse by threat actors involved writing assistants or chatbots. These tools can help attackers write tailored phishing messages that are free from typos or grammatical errors.
“Text generation tools — such as conversational, writing and meeting assistants — can enhance productivity, content creation and customer interaction,” Unit 42 says. “However, attackers can manipulate them to generate convincing phishing content, spread misinformation or leak confidential data.”
AI tools are rapidly increasing in sophistication, and Unit 42 says misuse of these tools will keep pace. The researchers state, “Our telemetry reflects the growing adoption of GenAI applications and services, and we expect a corresponding increase in attacks that take advantage of GenAI as time passes.”
AI-powered security awareness training can give your organization an essential layer of defense against evolving social engineering attacks. KnowBe4 enables your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
Unit 42 has the story.
