Darktrace warns of phishing scam powered by ChatGPT

Cybersecurity company Darktrace has claimed that threat actors are using ChatGPT to craft more convincing phishing emails

According to Darktrace, there has been a rise in cybercriminals using ChatGPT to create more personalised and authentic-looking phishing emails in an attempt to breach users’ finances, since the chatbot was released last November, reported The Guardian.

However, it’s claimed that there isn’t so much a new wave of attackers targeting businesses and individual users with phishing techniques, as there is a shift in tactics using the Microsoftbacked software.

Common features within the emails include “linguistic complexity, including text volume, punctuation and sentence length”, while techniques relying on malicious links in the text are decreasing.

“We’re seeing a big shift. ‘Hey, guess what, you’ve won the lottery…’ emails are becoming a thing of the past,” Darktrace CEO Poppy Gustafsson told The Times.

“Instead, phishing emails are much more about trying to elicit trust and communication. They’re bespoke, with much more sophisticated language — the punctuation is changing, the language is changing. It’s more about trying to elicit trust.”

This discovery points to a wider trend in cyber threat techniques taking advantage of the chatbot’s currently growing prominence, with cybersecurity vendor Bitdefender recently revealing the circulation of false “ChatGPT” software luring users into an investment scam.

Darktrace also warned of a “noticeable” slowdown in uptake for its security products in the final three months of last year, as profits dropped by 92 per cent in the last six months of 2022.

The decrease in profits has been attributed to a tax bill relating to the vesting of share awards for chief executive Gustafsson, and chief financial officer Catherine Graham, which necessitated a reduction of its forecast of free cashflow this year.

On the flipside however, the company reported a 36 per cent increase in revenue to $259.2m in those six months.


Hervé Tessler – ‘Cyberattacks can mean total reputational death’Noventiq president Hervé Tessler on how SMBs are increasingly aware of the damage done by cybercriminals and why IT leaders are bringing in outside experts.

ChatGPT vs GDPR – what AI chatbots mean for data privacyWhile OpenAI’s ChatGPT is taking the large language model space by storm, there is much to consider when it comes to data privacy.

Avatar photo

Aaron Hurst

Aaron Hurst is Information Age's senior reporter, providing news and features around the hottest trends across the tech industry.

Related Topics