Generative AI Now Makes it Harder to Spot Obvious Email Spoofing

By Karen Jackie, Director of IT, Security, & Tools, Michigan Democratic Party

Overview or Callout:

Generative AI now makes it harder to spot obvious spoofing. In the past, readers could be tipped off from a suspected email riddled with odd and obvious typos. Now, a closer look would be required because hackers can use a conversational tool like ChatGPT to build evil missives that look real.

What is generative AI?

Generative AI is a type of artificial intelligence that allows users to create new content, such as text, images, and music, easily. Current popular platforms include:

  •  Chat-GPT by Open AI
  •  Bard by Google
  •  Claude by Anthropic

With everyone so busy, it’s easy to get tricked by an email trickster. But you now have some tools that you can use to make sure you do not fall into their traps. Be safe out there.

What are some great business cases for using these tools?

  • Discovering trends and gaining insights from data (what does that financial report really tell us?)
  • Summarizing content for faster decision-making (and it happens in seconds)
  • Automating solutions and processes (it can even spit out website code or even help you create pivot tables in minutes)

It’s actually quite fun to use because you can almost converse in natural language to get the information you are looking for back quickly. Writers, for example, should embrace it because you never have to look at a blank screen or blanking cursor again.

When it comes to cybersecurity, what are the downsides of these types of tools?

There’s always someone who makes it so we can’t have nice things. And when it comes to cyber thieves, they already know how to take advantage of the dark side of new tech.

If you receive an email that causes you to pause, there are some tried-and-true recommendations that can tip you off to a spoofer. They include:

  • Typos (including IN the name of the company they say they are attempting to be)
  • Poor grammar (lots of spoofers are not native English speakers and some are even just bored teens)
  • Awkward language (sometimes the calls-to-action for downloading that attachment or clicking on a link don’t make sense)
  • Generic address (using “Mr.” or “Ms.” or “Dear Customer” instead of identifying you by name)
  • Odd logo (it looks low-quality or is just plain wrong)

It is now just a little bit harder to notice fake content and to be sure if the email is, in fact, coming from a legitimate source. As you can see, the classic obvious “errors” now can be all fixed just by using these new friendly generative AI tools.

You can be an expert spoofing spotter.

KJ’s Tips:

  • Examine the sender’s email address carefully
  • Just because it says Microsoft Support as the sender, go deeper and you might see a very random Gmail or Yahoo address underneath the name
  • Note any sight variation or misspellings on the address ( with 3 Os?)
  • Think about the contents or the attachments
  • Would that vendor send an invoice that is formatted like what you received?
  • Would a vendor ask you to open a PDF?
  • Would they want access to your account dashboard?
  • Don’t forget about the email footer
  • Is the sender’s physical address real? (my favorite example is when the sender says Meta’s address as Melon Park when it’s really Menlo Park)
  • Sometimes, there is no footer with a physical address when there should be
  • Slow down
  • Are you expecting an email from a vendor asking you for potentially weird information?
  • Are you being asked to do something you wouldn’t normally do?
  • Is there an artificial time crunch or offer you must do now?

In sum. With everyone so busy, it’s easy to get tricked by an email trickster. But you now have some tools that you can use to make sure you do not fall into their traps. Be safe out there.