How can you protect yourself against phishing attempts in times of ChatGPT?

Written by: Valérie Stragier

Congratulations, you won a vacation! Or did you?

ChatGPT has taken the world by storm. Ranking up millions of users in no less than five days, its system has made it significantly easier to write essays, fix coding mistakes, … Unfortunately, the software is also scarily good at writing phishing e-mails.

While traditionally, we were warned against e-mails containing bad grammar, spelling and language mistakes, this narrative now needs to be changed. Due to ChatGPT’s perfect writing, it has become difficult to spot anything fishy at first glance. With even software having a hard time differentiating between AI-written and human-written text we have to find new techniques to recognise phishing attempts.

Luckily there exist a few questions you can ask, to give yourself and your information a fighting chance.

Is my package really stuck in customs?

1. Did I ask to be contacted?

A phishing e-mail will generally come out of the blue. You will likely have had no previous communication with the organisation, bank, person, … that could have prompted the e-mail. Therefore, it is generally a good idea to raise your guard whenever you get an unsolicited e-mail. 

2. Is this their usual style of communication?

Phishers love trying to impersonate people you know. After all you are more likely to trust an e-mail sent by someone you know, rather than a stranger. Generating an e-mail address that looks like the address of your co-worker, boss, friend, … is relatively easy. Matching their general tone and feel tends to be more difficult.

In other words, if you notice a change in someone’s usual communication style, it might be better to check the e-mail address. Who knows? They might be having a bad day, or you could be talking to a stranger.

TIP: an official organisation will never us a Gmail, Skynet,… account. Also beware of accounts using numbers that look like letters (0 instead of o for instance)

3. Was I supposed to receive this attachment or link?

In our day to day lives, it is not unnatural to receive an email with an attachment or a link. The problem lies in the fact that phishers love including malicious links and attachments in their e-mails. If you fall for their tricks, the result could be the installation of malicious software onto your device.

By asking yourself “why did I receive this attachment or link?” you are able to verify whether you need to be extra careful before clicking. Did you agree on them sending you a link or attachment? Was the e-mail sent in context of a project you are currently working on?

4. Are they offering something for free or with an excessive financial reward?

Getting something offered for free is always tempting. After all who would not want a free vacation? Or an investment that makes you a millionaire within 1 year? This happy feeling can however turn into a sour mood very quickly once you realise you might have been scammed. After all, there is no such thing as a free lunch.

Therefore, it is good practice to ask yourself “Does this sound too good to be true?” whenever you get a message stating you won an iPhone, a vacation,… After all, if it sounds too good to be true, it usually is.

5. Am I really fighting against time?

Pressure is THE textbook way of manipulating people. After all, if you don’t have time to think, you will not be as careful, making it easier to trick you.

So, next time you get an e-mail stating that you have an extremely time sensitive task, give your heart a break, take a deep breath and let your head do the thinking.

6. Do they need to know this?

Phishers will want to make money off you. They don’t only do this by installing malicious software onto your computer and asking for money to release it. Any personal or financial information you share can, and will be, sold on dark web marketspaces in context of fraud or identity theft. For this reason, it is important to only give out personal or financial information after you have verified the credibility of a site or a person.

Additionally, asking yourself the question “Is this information really needed for what I am trying to obtain?” can help safeguard your data. After all, information given out in context of a loan will be completely different from information needed to arrange an Airbnb.

When in doubt, make the call.

If, at any point, you get an uneasy feeling about an e-mail or you are not certain whether or not the e-mail is suspicious, it is best to call the person who sent it. After all, if the e-mail was really sent by your friend, a co-worker, the bank, …  they will be able to tell you so without any issue.