Skip to main content
To KTH's start page

Phishing will increase with AI – and so will the likelihood of being scammed

Published Nov 06, 2023

Phishing has been a problem for a long time, both for individuals and businesses. AI and language models like ChatGPT will increase the number of phishing attempts and make them even better.

”Within one to two years, anyone can create personalised scam emails, which will become a significant problem for businesses and individuals. It will be easier to be scammed", says Fredrik Heiding, research assistant at Harvard and PhD student at KTH.

Together with other researchers at Harvard and the Massachusetts Institute of Technology (MIT), Fredrik Heiding has investigated how easy it is to create fake emails using language models . They have also created scam emails by analysing personal information on the internet.

"We have created an automatic tool that goes online and scrapes information. We feed that information into the language model, which then creates a personalised scam email, which makes it even more difficult to trust the material you receive," he says.

The problem will grow

And there is no doubt that scam emails can create significant problems. One of the largest casinos, MGM, in Las Vegas, was recently hacked thanks to a scam email . In addition to disabling machines for two weeks, the hackers obtained personal information from customers, such as social security numbers and passport numbers. The hack is estimated to have cost MGM $100 million.

"We see that this problem will grow even more with AI and language modelling, so we are starting a new study to work with companies to see their concerns. And companies are welcome to contact us,"says Heiding,

Can you protect yourself against attacks created by scam emails?

"It is possible to protect yourself; you can use language models to detect a scam email and use them as a training tool. But this will not solve the whole problem," he says.

Today, almost all training on detecting scam emails with the help of AI is done by companies, and the use for private individuals is small, and being more vigilant only sometimes helps.

"This new technology we haven't had before creates conditions and problems. We don't always know how to handle it".

Some tips to avoid being scammed

  • Think about what you publish online.
  • What do you have that is important? Please take a closer look at it and where it is stored.
  • Does something sound too good to be true? Then it is.
  • Verify that the information is correct by making a phone call.
  • Pause for a second and do a quick check.

Emelie Smedslund 

Related news

Samuel Lavebrink and Madeleine Lindström are studying the Master's programme Machine Learning.

How to stop cyber-attacks with honeypots

In the ever-evolving landscape of cyber warfare, defending against human-controlled cyberattacks requires innovative strategies. A recent study conducted by students at KTH delves into the realm of cy...

Read the article

Cybercampus Sverige inaugurated

On 7 February, Cybercampus Sverige was formally launched at a ceremony at the new headquarters in Stockholm, with Minister for Civil Defence Carl-Oskar Bohlin and Minister for Education Mats Persson i...

Read the article
Gunnar Karlsson with his Headquarters Medal of Merit from the Swedish Armed Forces.
Gunnar Karlsson with his Headquarters Medal of Merit from the Swedish Armed Forces.

Honoured for his work in cyber security

Gunnar Karlsson from the Department of Network and Systems Engineering recently received the Headquarters Medal of Merit from the Swedish Armed Forces for his commitment to training cyber soldiers and...

Read the article