New findings from the VIPRE Security Group underscore the increased danger posed by the use of generative artificial intelligence (AI) tools like Chat-GPT and the growing popularity of cloud services in the realm of spam and phishing emails.
According to VIPRE’s latest report, the rise in cloud usage by consumers has attracted the attention of hackers, who are leveraging this trend. The report reveals that link-based malware delivery constituted 58% of all malicious emails during the quarter, with attachments comprising the remaining 42%.
Cloud storage services have emerged as a significant avenue for delivering malspam, accounting for a substantial 67% of all malspam delivery methods during the same period. The remaining 33% involved legitimate but compromised websites.
Furthermore, the incorporation of generative AI tools has made the detection of spam and phishing emails considerably more challenging. Traditionally, these malicious emails often contained clues such as poor grammar, spelling errors, or unusual formatting, which enabled recipients to identify phishing attempts before engaging with email attachments or clicking on links.
However, the use of AI tools like Chat-GPT has enabled hackers to craft well-structured, highly articulate messages that closely resemble benign communications. This tactic compels potential victims to deploy additional security measures to counter the heightened threat.
VIPRE’s security tools identified a staggering 233.9 million malicious emails in the third quarter of the year. Among these, 110 million emails were linked to malicious content, while 118 million contained malicious attachments. Alarmingly, 150,000 emails displayed “previously unknown behaviors,” indicating that hackers are continually experimenting with new tactics to optimize their attack strategies.
Phishing and spam emails continue to be among the most favored attack vectors for cybercriminals. They are cost-effective to produce and disseminate, and with some luck, they can reach a large pool of potential victims. In response, businesses are advised to educate their employees about the risks associated with phishing attacks and encourage them to scrutinize every incoming email, regardless of the sender’s apparent identity.
