ChatGPT has quickly become one of the most popular tools on the internet, amassing 100 million monthly active users in just two months after it launched. ChatGPT is a natural language processing tool driven by AI technology that allows you to have human-like conversations. Once registered, or now through the search engine Bing, users can ask the chatbot for cooking recipes, conduct cursory research for topics, compose emails, and more.
While there have been many spin-offs and different variations of ChatGPT, malicious actors have taken the concept of ChatGPT and created services for unethical and criminal purposes. One of which is WormGPT, an AI tool to craft harmful code to attack unsuspecting users.
WormGPT is trained on diverse sources, concentrating on malware-related data, according to Slashnext. With the correct prompting, a user can create malicious code or even a legitimate-sounding email riddled with suspicious and harmful links. Cybercriminals subscribe to the WormGPT just like any other cloud service.
John Clark, CBT Company’s Industry 4.0 Solution Architect, suggests always being vigilant when it comes to opening emails, especially those that come from unfamiliar sources.
“If you receive a phishing email, you <Click> to open an attachment, or you <Click> to browse a website that’s part of that email before evaluating it. With that <Click>, or even in rare cases, just opening the email, cybercriminals grab your credentials, potentially exposing inner workings of your entire company, or holding data or access for ransom” he says. One simple way to spot these types of email is to hover over, DON’T CLICK, on the sender email, any links, to see if they are consistent with what is displayed.
Typical characteristics of phishing emails, according to CrowdStrike almost always include.
- Asks for Sensitive Information
- Uses a Different Domain
- Contains Links that Don’t Match the Domain
- Includes Unsolicited Attachments
- Is Not Personalized
- Uses Poor Spelling and Grammar
- Tries to Panic the Recipient
Do you think you might be the potential victim of a phishing scam crafted by WormGPT or another service? The Federal Trade Commission has released guidance on recognizing scams and what to do afterward.
Here are some tips on how to protect your business from deceitful people:
· Back up your data – Regularly back up your information to location or physical device not connected to the network. You can restore your records if a phishing attempt succeeds, and hackers get to your network. Make regular archiving part of your routine business operations.
· Keep all security up to date – Always install the latest patches and updates. Look for additional means of protection, like email authentication and intrusion prevention software, and set them to update automatically on your computers. On mobile devices, you may have to do it manually.
· Alert your staff – Share this information with them. Remember that scammers change their tactics often, so ensure you include tips for spotting the latest phishing schemes in your regular training.
· Deploy a safety net – Use email authentication technology to help prevent phishing emails from reaching your company’s inboxes in the first place.
· Double-check with the sender – If you receive an email from someone you know but were not expecting the email or it looks unusual, call the sender to confirm if they sent it. That way you can be sure the email is legitimate or let the sender know their email is being used for malicious purposes.
RELATED: How to Protect Yourself Against Ransomware Attacks
While it is essential to be aware of possible internet scams and damaging links, becoming a victim of a cyberattack is a matter of when, not if. Incorporating a multi-faceted security measure is your best defense against hackers. Defending your company against attacks includes creating a comprehensive security awareness program.
This can consist of proper employee training to enable workers to recognize phishing attempts, activating a multifactor authentication system for additional security; and preemptively developing and maintaining response plans for team members in the instance you fall victim to a cyberattack, according to Indeed.com.
“Of course, this is just the beginning of establishing a robust cybersecurity architecture,” Clark explains. “Other aspects of cybersecurity include keeping your software and systems up to date and getting rid of obsolete or outdated systems.”
Ready to implement a robust cybersecurity system and protocols? Talk to a CBT Specialist today.
