this post was submitted on 28 Oct 2023
258 points (94.2% liked)

Technology

60084 readers
4914 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

IBM researchers said a ChatGPT-generated phishing email was almost as effective in fooling people compared to a man-made version.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 40 points 1 year ago* (last edited 1 year ago) (4 children)

And crafting a carefully targeted phishing email took a human team around 16 hours

Ummm what? Back in college, I used to budget 30-45 minutes a page for essays. What the hell are they writing that took a team of people 16 fucking hours for a few paragraphs of text?

[–] [email protected] 28 points 1 year ago (2 children)

A targeted phishing email is usually pretty sophisticated and requires days or weeks of research. For example, you might send an email pretending to be from someone's IT department regarding a hardware audit, and ask a user to report back with the barcode sticker on their laptop, providing them with a photo of an example tag in similar format. You'll pretend to be a specific individual at the company, or a contractor the company actually uses, and show knowledge of the internal software and hardware, and refer to other real employees by name/email to establish trust. Most of this data will be scraped from publicly available sources like LinkedIn profiles, job listings, and photos shared on social media by employees. This process is called OSINT (Open-Source Intelligence) and it's a fascinating rabbithole to read about. Targeted phishing attempts are much, much more sophisticated than the ones you'll see in spam email.

[–] IphtashuFitz 6 points 1 year ago

This is pretty much what happened at the company I work for. The assistant to the CEO received an email that appeared like it came from the CEO requesting confidential financial information. The email contained mannerisms of the CEO, was sent when the CEO was out of the office, etc. The assistant almost fell for it… She would have if our mail system didn’t clearly flag external emails so that it’s obvious they weren’t sent internally.

[–] afraid_of_zombies 1 points 1 year ago

My old employer would get a call every few months from someone pretending to be our client and informing us we should change the banking information. No one could figure out how they figured out that there was a business relationship between the two companies let alone who was the financial person at my job.

[–] monk 20 points 1 year ago

How many people clicked the phishing links in your college papers?

[–] [email protected] 7 points 1 year ago

I guess they mean person hours since they are referring to a team. An initial brainstorming session, another review session or two and 16 hours are quickly gone.

[–] cybersandwich 2 points 1 year ago

What the hell are they writing that took a team of people 16 fucking hours for a few paragraphs of text?

An invoice full of billable hours.