AI phishing
Are the bad guys using AI?
They might! AI tools like ChatGPT or DALL-E-2 are currently widely tested out on the internet – both for the good as well as for the bad.
From my point of view, we are at the very beginning of an interesting development, which will unfold over the next couple of years. AI will play an increasing role in both attacking as well as protecting systems.
I’ve included a very simple example in this post – I’ve used ChatGPT to create an e-mail template an attacker could use within a phishing attack. Pretty impressive – especially if you compare it to the phishing mails loaded with typos and grammatically wrong sentences we’ve been used to some years ago.
Be aware – and always try to be one step ahead of the attacker!
![Image of a AI generated phishing mail template.
The image shows an email notification informing customers that their login credentials have expired and they need to re-verify their credentials to ensure the security of their account. The email includes a link to a re-verification page and instructions on how to complete the process. It also offers an apology for any inconvenience caused and emphasizes the importance of account security. The email concludes with contact information for customer support in case of questions or concerns and expresses gratitude for choosing their company. The email is signed by the company, represented by the placeholder "[Your Company Name]."](https://stefankarg.de/wp-content/uploads/2025/08/image-2-1024x1024.png)