Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

The Inevitable Threat: AI-Generated Email Attacks Delivered to Mailboxes

Generative AI exploded in popularity not too long ago but its influence on text and media creation is already undeniable. AI content is becoming ubiquitous on the internet, and this technology is slowly seeping into real life, impacting sectors such as healthcare, finance, agriculture, and education. In a previous blog post, we discussed the rise of malicious AI chatbots and how they can be leveraged in cyberattacks. Now, we are seeing these potentially AI-written spam being distributed via email.

 

What is Generative AI?

Generative Artificial Intelligence (Gen AI) refers to the type of artificial intelligence that can create new content such as images, audio, videos, text, and source code. According to Google, Gen AI works by using machine learning models to learn the patterns and connections in a dataset of human-created content. The AI model analyzes the “prompt” or user input to produce and refine an appropriate output using these patterns.

Gen AI services proliferated and exploded in popularity in the past year. ChatGPT, OpenAI’s Large Language Model (LLM) chatbot platform, reached 100 million users just two months after its release, according to PCMag. Companies are starting to incorporate these tools to streamline and simplify their processes, lessen manual labor, and automate content creation. However, controversies and dilemmas have emerged about this technology. Waves of discussion surfaced on social media about its usage of source materials from artists who didn’t consent. Malicious actors are also now using this to create fake news and deepfakes and proliferate spam and phishing content.

Threat actors are always eager to add new technology to their arsenal. With the launch of ChatGPT and Google’s Gemini (formerly known as Bard), it was only a matter of time before AI chatbots were used for email attacks. WormGPT and FraudGPT are malicious LLM chatbots with no security restrictions that prevent them from answering queries and producing content regarding criminal activity. They can craft convincing Business Email Compromise (BEC) email, phishing pages, and malware codes. 

 

How to Spot AI-Generated Text

Currently, there’s no universal way of identifying whether a text in an email, website, or blog is AI-written. If you're wondering whether a piece of writing is created by an AI tool, the best way to check is to use a combination of tools and syntactical judgment.

1. AI Content Detection Tools

AI detectors are tools used to detect the presence of AI-generated content in text or images. A detector analyzes these two features of an input text:

  • Perplexity – the measure of how predictable the next word is based on the previous ones.
  • Burstiness - the variation of sentence structure and length.

AI content has lower perplexity and burstiness as it’s written uniformly to not perplex or confuse the reader. After its analysis, the tool assigns a confidence score that shows the probability of an input being AI-written or Human-written.

There are multiple free-to-use and subscription-based tools available on the internet, some are more accurate than others. Do take note that these AI detectors have been known to give false positive detections and relying on one tool alone is not enough to provide absolute proof. However, they can still be a good indicator in conjunction with other evidence.

2. Source Materials or Citations

LLM chatbots don’t generally cite the sources of the information they share as they are trained on massive datasets of text. You can ask the chatbot for a source, but it will only point you to institutions that it believes are reputable. However, Google Gemini does provide URL citations if they directly “quote at length” from websites. It is still up to the user to verify the authenticity of the provided sources.

3. Indicators in the Text

a. Tone of the Passage

A notable indicator of AI-generated text is its formal and matter-of-fact tone when presenting its results. It does not incorporate any emotion or personal sentiment in its writing and mostly just discusses the answer. These models are programmed to remain neutral and rely on conservative language patterns, especially when asked about harrowing and disturbing current events whereas most human writers will express emotion or insert personal beliefs throughout their writing.

The closest thing that AI models can do to "express” emotions is through simulation. You can prompt your result to be written in such a way that reflects the emotion that you desire.

To illustrate this, we asked ChatGPT “Can you write an email telling the recipient that their email got compromised and they need to click the link to reset their account? Express your sorrow in the email. The email is sent by the IT department”.

Figure 1 A Sorrowful Password Reset Email Written by ChatGPT 3.5

Figure 1: A "Sorrowful" Password Reset Email Written by ChatGPT 3.5

 

Despite the prompt asking to express sorrow, the output text is still looking formal and deadpan.

Another thing to note is that you simply can’t ask these AI chatbots to “generate a phishing email about a compromised account.” As part of its security feature, it refuses to produce any text that can be used in illegal activity from a prompt that contains red flag words. However, you can get around this with a turn of phrases. Notice how our prompt is much more detailed and does not have the word “phishing.” With this, we were able to persuade ChatGPT to generate phishing spam with a sorrowful undertone.

b. Sentence and Phrase Pattern

Another common feature of AI-generated text is the repeated use of words or phrases in the output. The crafted text uses the same keywords or jargon from the user prompt with little variation when generating an output, making it look formulaic. Sometimes, this also stems from the lack of context on the subject matter or just having limited training information.

To demonstrate, we gave ChatGPT 3.5 the prompt “Can you write 3 very short emails requesting help in updating the direct deposit account for payroll? It needs to be changed before the next pay date. Thank the recipient as well” and asked for three separate responses.

Figure 2 ChatGPT Emails with Redundant Phrases and Formulaic Paragraphs

Figure 2: ChatGPT Emails with Redundant Phrases and Formulaic Paragraphs

 

Many of the words and phrases from the prompt were used repeatedly in these results. The sentence structure, number of sentences used, and wordings are also uniform. It also has a noticeable format throughout the emails:

[Salutations]

[Greetings] [Informing the recipient about the need to update the payroll before the pay date] [Asking for help]

[Expressing gratitude]

[Signature].

c. Outdated or Erroneous Information

General information shared by Gen AI tools is typically factual but may produce some erroneous statements on more specific or complex topics. These are called AI hallucinations, incorrect or misleading output that AI models produce due to insufficient training data, biases in the training data used, or wrong assumptions made by the model.

Another thing to note is that information shared can be outdated, like how ChatGPT 3.5 is limited to a dataset up until January 2022 only.

d. Minimal Typos

Human-written paragraphs are more prone to punctuation, capitalization, and typographical errors. It is also dynamic and incorporates different colloquialisms, depending on the writer’s native language or dialect. GenAI chatbots like ChatGPT and Gemini are trained to produce clean text, and errors are very minimal. Generally, they will produce a flawless result on the fly. However, based on testing, users can enter a prompt asking to include intentional typos and ChatGPT 3.5 will provide an output that can be refined whereas Gemini will outright refuse to generate a text depending on the topic of your current conversation.

Figure 3 ChatGPT Writing Sentences with Typos

Figure 3: ChatGPT Writing Sentences with Typos

 

Examples of Possible AI-Generated Spam

Unlike traditional spam, AI-generated spam uses LLM and refined prompts to tailor and personalize each email or website to a target recipient, making it a bit more realistic and sophisticated.

We recently observed BEC and Phishing emails that seem to be written differently compared to their former variants. The emails have more verbose paragraphs than usual. To help identify AI-written text in these emails, we tried using 8 different AI content detection tools: Copyleaks, GPTZero, Scribbr, Undetectable AI, Writer, ZeroGPT, Quillbot and Sapling. We will also provide our own linguistic analysis for characteristics that may be indicative of AI writing.

Below is a real example of a Payroll Diversion BEC email with a relatively short message body. The fraudsters are disguising themselves as employees of the company and asking for assistance in changing their supposed payroll accounts.

Figure 4 Example 1 of Payroll Diversion BEC

Figure 4: Example 1 of Payroll Diversion BEC

 

This email looks like generic BEC spam at first glance. It has a formal tone, which is expected from a supposed business-related email. But what stuck out is the length of the sentences, which are quite long-winded. Payroll Diversion BEC emails are generally shorter and straight to the point.

To verify our suspicion, we tested the message against the tools mentioned beforehand and 7 of them (Copyleaks, GPTZero, Scribbr, Undetectable AI, ZeroGPT, Quillbot and Sapling) detected AI content in the text. Here is ZeroGPT’s result:

Figure 5 ZeroGPTs Detection for Example 1

Figure 5: ZeroGPT's Detection for Example 1

 

Here are the results from all the tools:

Detector

Verdict

Probability

Copyleaks

AI Content Detected

Does not mention

GPTZero

AI Content Detected

91%

Scribbr

AI Content Detected

100%

Undetectable AI

AI Content Detected

Does not mention

Writer

Human Content Detected

72%

ZeroGPT

AI Content Detected

95.18%

Quillbot

AI Content Detected

100%

Sapling

AI Content Detected

99.7%

*Results as of February 2024

 

Below is another example of Payroll Diversion BEC but with a longer message body sent to a different recipient company.

Figure 6 Example 2 of Payroll Diversion BEC

Figure 6: Example 2 of Payroll Diversion BEC

 

Certain phrases such as “payment details for payroll” were repeated in the subject and in the email body. But what raises suspicion is that despite its different paragraph format; it contained phrases and sentence clauses that looked very similar to Example 1 above. The first sentence is the same greeting as before, save for one word. The parts where they’re asking for guidance through the process are also identical.

This syntactical analysis alone is not enough to judge the email as the attackers could just be using a human-written template. So, we tested for the presence of AI-generated content and 5 tools (Copyleaks, Scribbr, ZeroGPT, Quillbot, Sapling) gave a positive detection. This is CopyLeaks’ result:

 

Figure 7 CopyLeaks’ Detection for Example 2

Figure 7: CopyLeaks’ Detection for Example 2

 

Here are the results from all the tools:

Detector

Verdict

Probability

Copyleaks

AI Content Detected

Does not mention

GPTZero

Human Content Detected

74%

Scribbr

AI Content Detected

100%

Undetectable AI

Human Content Detected

Does not mention

Writer

Human Content Detected

82%

ZeroGPT

AI Content Detected

78.5%

Quillbot

AI Content Detected

100%

Sapling

AI Content Detected

100%

*Results as of February 2024

 

In contrast to our two previous examples, here is an old, human-written BEC email from 2020. This is the traditional scam message that threat actors used to send, shorter and straight to the point.

Figure 8 BEC Spam From 2020

Figure 8: BEC Spam From 2020

 

Lastly, we have an HR-Themed Phishing email urging the recipient to acknowledge the company’s supposed new handbook.

Figure 9 HR-Themed Phishing Email

Figure 9: HR-Themed Phishing Email

 

The first thing we noticed with this email is the inconsistent point of view of the sender. The sender’s name and signature at the end refer to the HR department as a whole whereas the email’s first sentence starts off with “I”. It then switches to “we” in the succeeding sentences. Several phrases were also repeated throughout the email. 7 tools (Copyleaks, GPTZero, Scribbr, Undetectable AI, ZeroGPT, Quillbot and Sapling) detected AI content in the text and here is ZeroGPT’s result:

Figure 10 GPTZero’s Detection for the HR-Themed Phishing

Figure 10: GPTZero’s Detection for the HR-Themed Phishing

 

Here are the results from all the tools for this phishing email:

Detector

Verdict

Probability

Copyleaks

AI Content Detected

Does not mention

GPTZero

Mix of AI and Human

62%

Scribbr

AI Content Detected

100%

Undetectable AI

AI Content Detected

Does not mention

Writer

Human Content Detected

73%

ZeroGPT

AI Content Detected

96.68%

Quillbot

AI Content Detected

100%

Sapling

AI Content Detected

99.8%

*Results as of February 2024

 

Challenges and Limitations in AI Content Detection

AI detectors have exploded in popularity in educational and corporate settings. Given how AI detectors work, it should be noted that they can never guarantee full reliability. There’s always a risk of false detection or false negatives. Other factors that may affect its accuracy include:

a. Size Limit

If you’re planning to test malicious emails like BEC, phishing, or scam messages against AI detection tools, you might run into some issues. Most detectors have a length limit for text input, and each company enforces their own length requirements. For short text input like many BEC messages, chances are it won’t meet the minimum character or word required by the tool.

The length of input text also affects the accuracy of the detector. The longer the text, the more accurate the prediction for the likelihood of AI-generated content. AI detectors are also based on LLMs; therefore, their accuracy increases with longer sample or input length. There are tools that have no length requirement, but they might give you questionable results for short text input.

When OpenAI shut down its AI text detector tool in July 2023, one challenge they cited was the low accuracy of the tool against pieces of text under 1000 characters. This issue persists today with other detector tools as well.

b. Language Support

In one study published by Stanford researchers, they found that these detection tools falsely classify the writing samples of non-native English writers as AI-generated, whereas native writing samples are accurately identified. This may be due to limited vocabulary or word choices known to the non-native English writer, which lowers the perplexity of the text.

Furthermore, these tools currently have a limited number of supported languages such as Copyleaks which can detect AI content in 30 languages. Even though English is widely supported, email attacks written in other languages may be misclassified by these tools.

c. Lack of Regulation

Currently, no solidified law or regulation directly governs AI generation and detection. The absence of strict regulations for AI-generated content complicates their monitoring and control. Any individual or organization can create a detection tool and market it with claims of accuracy and the responsibility of testing and assessment will fall on the users.

 

Conclusion

Language models have evolved to the point that they can create text output that closely resembles human writing. With the accessibility of Gen AI tools on the internet, AI-generated text is starting to become ubiquitous. Clearly, we are seeing evidence of AI-generated text used more in email attacks, and the detector tools we used back this up. This content may be tricky to discern to the untrained eye, so readers need to know what signs to watch out for and use detector tools to their advantage. After testing multiple free-to-use AI text detector tools, we recommend CopyLeaks and GPTZero as they have shown the highest accuracy throughout the research. GPTZero also shows an in-depth analysis of the input text, calculating the probability of AI-generation in each sentence. But still, research and compare different tools on your own and take advantage of the free trials to see which tools will suit your needs. It may be daunting at first, but with awareness and experience, AI text detection in email and other media can be done.

But truth be told, text detection tools will do little to stop AI-generated email attacks. Generative AI is continuously developing in a fast-paced manner, and it lowered the bar for entry for threat actors. And whether the email is human, or AI written, scams and phishing are still going to be a thorn in the side of organizations. Raising public awareness and educating users on how to scrutinize the emails they receive, recognize misinformation and be cybersecure is still the best way to go.

Latest SpiderLabs Blogs

Network Isolation for DynamoDB with VPC Endpoint

DynamoDB is a fully managed NoSQL database service offered by Amazon Web Services (AWS). It is renowned for its scalability, dependability, and easy connection with other AWS services....

Read More

The Underdog of Cybersecurity: Uncovering Hidden Value in Threat Intelligence

Threat Intelligence, or just TI, is sometimes criticized for possibly being inaccurate or outdated. However, there are compelling reasons to incorporate it into your cybersecurity defense strategy....

Read More

Clockwork Blue: Automating Security Defenses with SOAR and AI

It’s impractical to operate security operations alone, using manual human processes. Finding opportunities to automate SecOps is an underlying foundation of Zero Trust and an essential architecture...

Read More