ChatGPT is trending in cybersecurity news for its reported use in creating highly convincing phishing emails. Phishing scams, as it is, can be difficult to identify, as they often use convincing tactics to lure individuals into providing their personal information.
Awareness and alertness play a major role in spotting phishing emails and averting the damage. Here are some signs of phishing scams.
Pristine email body
Phishing emails usually have glaring errors and poorly constructed sentences. Cybercriminals were sold on the idea of creating a perfect phishing email body using ChatGPT. If the friendly crypto trader email with an unknown brand appears unnaturally clean, check it up.
ChatGPT creators OpenAI offers a tool that will help differentiate between text authored by humans and that produced by artificial intelligence models. The results are not 100% accurate, but enough to put us on alert.
Corporate etiquette requites specific addressing and email structure. Anything that violates those norms should raise your eyebrows. An employee would know not to add “Hope this email finds you healthy and happy”, but a cybercriminal will not.
The URL mismatch
The first sign of a phishing scam is that the links or URLs provided in emails are not pointing to the correct location or are pointing to a third-party site not affiliated with the sender of the email. Place the cursor above the URL given in the email and it will show the actual website.
If the two don’t match, it’s a telltale sign. Legitimate organizations will always use URLs that match their domain name or website address. If the URL provided does not match, it could be an attempt to deceive the recipient and steal their information.
Request for PII/documents
Any request for personal information such as social security numbers, bank or financial information, or identity document details should make you alert. Legitimate communications will not generally request personal information from you in the form of an email.
Electronic mail is not a secure method of communication, and sensitive information should only be shared over secure channels. If an email asks for personal information, it should be considered suspect, and the recipient should be cautious about providing any information.
Email address i5 n0t r1ght
Pay attention to the sender’s email address. It was seen that phishing email IDs were similar enough escape attention, but a closer look reveal added numbers or changed letters.
This is an attempt to make the email address appear legitimate while still being different enough to deceive the recipient. If an email address looks suspicious, it is important to double-check the sender’s identity and be cautious about responding or providing any information.
Did you ask for it?
You are not so charming that random, unknown persons from across the world will profess their love for you. You are not so lucky that random, unknown lottery services from across the world will offer their bounty to you.
Unexpected and unsolicited messages should raise a red flag. If you suddenly receive an email from an entity or a person you rarely deal with, consider this email suspect.
Phishing scams often rely on the recipient’s curiosity or fear to trick them into responding, so it is important to be cautious and not respond to unsolicited emails.
Admin privileges needed?
Email should be read without the help of any prompt. A message or attachment asking you to enable macros, adjust security settings, or install applications, are clear signs of risk.
Normal emails won’t ask you to do this. Phishing scams often rely on tricking the recipient into installing malware or giving hackers access to their computer, so it is important to be cautious about following any instructions in an email.
Email-signature mismatch
A clear red signal is the mismatch between the sender email address and the signature on the message itself.
For example, an email may be purported to be from Jade Gao of Contoso Corp, but the sender address is [email protected]. This is a sign of a phishing scam because it is an attempt to deceive the recipient into thinking that the email is from a legitimate source when it is not.
