Future of Work News Free eNews Subscription

New Study Reveals the Role Large Language Models Play in Phishing Attacks

By

While phishing (in several forms) has taken place for decades, this type of fraud tends to evolve with technology. One of the most prominent phishing scams today involves “vishing,” in which supposed links to voicemail messages con victims into revealing their credentials for secure email gateways, software or web sites.   

According to a new report by cybersecurity company Egress, missed voice messages accounted for 18% of phishing attacks today, making them the most phished topic of the year so far. The report’s findings demonstrate the evolving attack methodologies used by cybercriminals that are designed to get through traditional perimeter security including secure email gateways. The study, entitled, “Phishing Threat Trends Report,” delves into key phishing trends, including the most phished topic, explores prevalent obfuscation techniques being used to bypass perimeter defenses, and examines whether chatbots have really revolutionized cyberattacks.

All phishing threat data and examples contained within the report were taken from Egress Defend, an Integrated Cloud Email Security solution that uses intelligent technology to detect and defend against the most sophisticated phishing attacks.

The report also highlights the role that large language models (LLMs) have played in enabling certain types of phishing attacks.

“Without a doubt, chatbots or large language models (LLMs) lower the barrier for entry to cybercrime, making it possible to create well-written phishing campaigns and generate malware that less capable coders could not produce alone,” said Jack Chapman, VP of Threat Intelligence for Egress.

One of the most concerning (but least-talked-about) applications of LLMs is reconnaissance for highly targeted attacks, according to Egress. Within seconds, a chatbot can scrape the internet for open-source information about a chosen target that can be leveraged as a pretext for social engineering campaigns, which are growing increasingly common.

“I’m often asked if LLM really changes the game, but ultimately it comes down to the defense you have in place,” noted Chapman. “If you’re relying on traditional perimeter detection that uses signature-based and reputation-based detection, then you urgently need to evaluate integrated cloud email security solutions that don’t rely on definition libraries and domain checks to determine whether an email is legitimate or not.”




Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
Author Info
Tracey E. Schelmetic

Future of Work Contributor

Click here to read full bio

SHARE THIS ARTICLE

Related Articles

4CRisk.ai Introduces Ask ARIA Co-Pilot, its AI-Driven Risk Management Solution

By: Tracey E. Schelmetic    4/26/2024

AI-powered risk and compliance company 4CRisk.ai recently announced a new product: Ask ARIA Co-Pilot. The solution is an intuitive, accurate, and conv…

READ MORE

4 Key GFI Products Now Powered by AI

By: Greg Tavarez    4/23/2024

GFI announced the integration of its CoPilot AI component into four of its core products.

READ MORE

A Winner's Mindset: Alan Stein Jr. Helps Businesses Build Winning Teams

By: Alex Passett    4/22/2024

At SkySwitch Vectors 2024 in downtown Nashville, Tennessee, last week, the keynote speaker was Alan Stein Jr. He stylishly presented to the Vectors au…

READ MORE

Atomicwork and Cohere Partner on AI-Powered Workplace

By: Greg Tavarez    4/22/2024

Atomicwork launched its innovative digital workplace experience solution, co-developed with Cohere.

READ MORE

Hybrid Work Fuels Demand for SASE, Zero-Trust Security

By: Greg Tavarez    4/16/2024

Around 80% of respondents said hybrid work is driving the need for SASE and zero-trust networking tools, according to an Aryaka report.

READ MORE
VIEW ALL