Insidious combination

Have you ever experienced the feeling of forgetting your smartphone at home before stepping out? It's the sensation of being disconnected from the outside world, and you're probably familiar with it. Despite your attempts to reassure yourself, there's a sense of something missing within you, and the feeling creeps up on you slowly but steadily. As someone tech-savvy, you may rely heavily on digital platforms for both your personal and professional life, and it may be difficult to recall the last time you went an entire day without using your smartphone. Last night, you received a notification email from the digital locker portal requesting you to verify the link status of your Aadhaar with PAN by clicking on a link. Without giving it a second thought, you clicked on the link, as if you had used your digital locker in the past. Even in the early morning, you have a habit of checking messages before stepping out of bed, you observed your smartphone showing a significant amount of data usage, even in the early hours of the morning. As you checked your messages, you were startled to see an SMS from your bank alerting you that a sizable sum of money had been transferred from your account. You immediately attempted to get in touch with the bank to report the fraud as you did not approve any such transaction. But then you noticed that your smartphone was stuck because you were getting an excessive number of garbage texts. When you rebooted your smartphone, you lost network connectivity, making it difficult for you to contact your bank.

Could it be possible that you were targeted by a string of cyber-attacks, such as phishing emails, SMS flooding, and SIM cloning? Did you unknowingly click a phishing scam link that allowed cybercriminals to access your account? With knowledge of cyber fraud, you are cautious about clicking malicious links in phishing emails. But how is it possible that this happened? Here the actor ChatGPT-4 makes a grand entry. Crafting a digital locker phishing email with exceptional skill, ChatGPT-4 managed to bypass your cybersecurity mindset with ease, leading you to fall into their trap.

If so, what could potentially happen to your UPI account that is linked to your bank account? Don’t you think that cybercriminals had also cloned your SIM card to access any account that required two-factor authentication? Are you certain that other accounts, including your email and social media accounts, will not be compromised owing to the cybercriminal's access to two-factor authentication? Do you not foresee that the social media posts created by online crooks may tarnish your reputation? What actions are you going to take to resolve any misunderstandings and distrust that may develop between you and your family and friends as a result of the unpleasant messages that your breached account will send?

You appear to be acknowledging the potential risks associated with the responses to these queries.

Over-reliance on digital platforms

Without sufficient cybersecurity awareness, relying extensively on digital platforms can carry serious hazards. Do you presently maintain hard copies of your important documents, such as passbooks, Aadhar, PAN, voter IDs, etc. in a secure place at home while keeping soft versions on your smartphone or in various digital lockers? Have you thought about the possibility that someone would deceive you and take the soft copies? What would you do in this circumstance?

ChatGPT-4 generates convincing phishing emails

Cybercriminals who are not native English speakers may encounter difficulties due to poor language proficiency. Spelling mistakes in phishing emails may be due to cybercriminals' language or spam filter evasion tactics. Novice users can generate phishing content using ChatGPT-4. A detector could address the challenge of detecting attackers who use Generative AI. While ChatGPT-4 no longer generates phishing emails on demand, a workaround is to request an example phishing email as an educational tool.

Fraudulent activities

Chatbots' automation threat aside, cybercriminals may find ChatGPT-4's extensive data and language skills alluring for creating credible phishing attacks or malicious code. Individuals and organisations must acknowledge these risks and take precautions to prevent them.

Cybersecurity risk

The possibility exists that cybercriminals could exploit ChatGPT-4 to acquire sensitive user data or disseminate malware to a broad audience. Data theft refers to the illegal usage of private information for fraudulent activities such as identity theft. Phishing involves the use of deceitful emails, masquerading as trustworthy sources, to extract sensitive data such as credit card details and passwords. Cybercriminals often employ this tactic to deceive users into divulging personal information or downloading malware.

Impact on the growth of cybercrime

The growing use of automation in cybercrime may have two significant impacts. Firstly, as ChatGPT improved, they could automate more complex tasks such as creating convincing phishing emails or malicious code, making it easier for cybercriminals to launch attacks, and harder for victims to detect and prevent them. Secondly, ChatGPT-4 may be utilised to generate more convincing phishing emails and messages, becoming harder for users to avoid. Moreover, as Generative-AI becomes more advanced, it may efficiently collect and analyse massive amounts of sensitive data, increasing the risk of cybercriminals obtaining such information.

Preventing cyber-attacks from ChatGPT-4

As technology develops, fraudsters are creating convincing phishing attacks and malware utilising Generative-AI-enabled tools like ChatGPT-4 to target specific individuals. To defend oneself against these hazards, people must take proactive actions. People might, for instance, educate themselves on cybersecurity best practices by avoiding dubious emails or communications, double-checking requests for financial information, and routinely updating their hardware and software. They can also use phishing-resistant MFA and zero-trust security tools to better protect their personal information. Working with cybersecurity-focused vendors and partners and employing AI-enabled cybersecurity tools can also aid in detecting and preventing AI-enabled attacks. By taking these steps, individuals can better protect themselves against the growing risk of cybercrime and safeguard their sensitive data and assets.

The writer is an HoD and Assistant Professor of Dept of Computer Sc & Electronics, Ramakrishna Mission Vidyamandira. Views expressed are personal