How Hackers Can Up Their Game by Using ChatGPT
Artificial intelligence, by mimicking the writing style of individuals, can make cyberattacks much harder to detect
Artificial intelligence, by mimicking the writing style of individuals, can make cyberattacks much harder to detect
Consumers, beware: AI chatbots like ChatGPT are likely to drive an increase in the use and effectiveness of online fraud tools such as phishing and spear-phishing messages.
In fact, it could already be happening. Phishing attacks around the world grew almost 50% in 2022 from a year earlier, according to Zscaler, a cloud-security provider. And, some experts say, artificial-intelligence software that makes phishing messages sound more believable are part of the problem. AI reduces or eliminates language barriers and grammatical mistakes, helping scammers impersonate a target’s colleagues, friends or relatives.
“This new era is going to be worse than what we had before,” says Meredith Broussard, research director at the New York University Alliance for Public Interest Technology. “And what we had before was really, really bad.”
High stakes
AI chatbots have exploded in popularity, with perhaps the best-known being ChatGPT, developed by the AI-research company OpenAI, a strategic partner of Microsoft. But dozens of chatbots, using what are referred to as large language models, are becoming more widely available and can closely mimic human communication based on data they amass. These models can be used for many purposes, such as helping office workers create routine memos more quickly. But they can also be used by criminals—to defraud victims, for instance, or to spread malicious viruses.
Telltale signs of a phishing attack have long included mistakes in grammar or spelling. But AI can give a phishing attack more credibility—and reach—not just because of its ability to generate fluent, grammatical messages in many languages, but also because of its ability to mimic the speaking or writing styles of individuals.
“The whole point with large language models is their ability to emulate what humans sound like,” says Etay Maor, senior director of security strategy at Cato Networks, a cloud networking and security provider.
Thus, given the opportunity to learn the style in which a certain person writes emails and texts, Maor says, an AI program can be used to mimic communications from a company executive.
“It’s all about trust, and if I can make you think I’m one of you, you’re going to begin to do things with more trust and less skepticism,” says Roger Grimes, a computer-security professional with KnowBe4, a security-awareness training and simulated-phishing platform.
Using AI, Grimes says, criminals can quickly determine industry-specific terms that give them more ability to target companies such as hospitals, banks and fintech.
Targeted campaigns
AI’s usefulness in phishing and spear-phishing attacks doesn’t stop with its ability to mimic authentic human communication. The analytic skills of machine learning can also be useful in determining who best to target in an organization and how exactly to attack them.
Sean McNee, vice president of research and data at DomainTools, an internet intelligence company, offers a hypothetical example. Say an accountant at a company innocently posts on social media about his frustrations with a recent audit. AI could determine the accountant’s peers, his company’s reporting structure and who else at the company might be most susceptible to an attack. The attacker then could create a spear-phishing email purporting to be from the chief financial officer referring to a discrepancy in the audit and asking the recipient to open an attached spreadsheet that contains a virus.
Ramayya Krishnan, dean of Carnegie Mellon University’s Heinz College, recommends being proactive to protect against such attacks.
First, before acting on something, he says, people should always verify the legitimacy of the request through independent means. This means before clicking on a link or sending money, the recipient should call the individual through a familiar phone number or walk into the person’s office to confirm the request, Krishnan says.
Maintain a healthy dose of skepticism for everything you receive, Maor says. Ask yourself, why is my bank emailing me? Why is there a sense of urgency? Why is there an attachment to click on? It’s also advisable to hover over a link before clicking to see if it leads to an expected URL. “If you have some reason to think something is amiss, don’t click on it,” Maor says.
Other guardrails
Strong regulation of AI could also help, says Broussard, who is also an associate professor at the Arthur L. Carter Journalism Institute of New York University.
AI itself should also be enlisted to help identify malicious content with its origins in AI, says Dave Ahn, chief architect at Centripetal, a cybersecurity company. But first the models for doing so will have to evolve and the data will have to improve. Data on successful AI-based attacks will help cybersecurity experts train new models to identify malicious activity better, says Ahn.
Other possible security measures include giving users a way to distinguish their content as authentic. The use of hidden patterns known as “watermarks,” for instance, can be buried in AI-generated texts to help identify whether the words are written by a human or computer, Krishnan says. But the applicability of these tools is limited.
Says Krishnan, “We’re not near deploying them at scale where it’s a solution to the bad-actor potential we have today.”
This stylish family home combines a classic palette and finishes with a flexible floorplan
Just 55 minutes from Sydney, make this your creative getaway located in the majestic Hawkesbury region.
The best course when stocks slide is for investors to stand pat, but ‘put’ options are one way to hedge against a drop and lock in some profits
The past five years have been good to stock-market investors. The S&P 500 index has climbed an annualised 12% during that period, outstripping the 9% annualised gain over the past 40 years. This year alone the index is up 6.9% as of April 26, tacking on to the 24% gain in 2023.
But signs are emerging that the stock market could be due for a breather. As of April 25, the S&P 500 went 133 trading days without a decline of at least 10%, according to PNC Institutional Asset Management. To be sure, that’s still short of the 172-day average since 1928. But the S&P 500 has jumped 24% in the past six months (about 180 days), which buttresses arguments for a correction.
What’s more, the multiyear ascent has arguably sent stocks to overvalued levels. The S&P 500’s forward price-to-earnings ratio—a gauge of market valuation based on earnings estimates for the next 12 months—registered 20 as of April 26, exceeding the five-year average of 19.1 and the 10-year average of 17.8, according to FactSet.
“A correction is certainly possible,” says Jack Ablin , chief investment officer at wealth-management firm Cresset Capital, pointing to the high valuations and the prospect that rate cuts will come later than expected thanks to inflation that has been higher than expected.
Given the danger of a stock-market correction, commonly defined as a 10% to 20% drop, how can investors guard the profits they have made in recent years?
Assuming you have a well-diversified portfolio and aren’t counting on the money from your stocks to finance an imminent expense, financial advisers say the best strategy is to hang tight.
Corrections generally don’t stick around long. Since 1985, declines between 10% and 20% for the S&P 500 have lasted only 97 days on average—three-plus months—according to a CFRA analysis of S&P data.
It then has taken the market an additional 101 days on average to recover the ground lost during the correction. So in about six months, investors tend to be back where they were before the correction.
“If there’s a shallow correction of 5% to 10%, we recommend riding it out,” says Karim Ahamed , an investment adviser at wealth-management firm Cerity Partners. “Eventually the market recovers. The idea of selling out and climbing back in is difficult to achieve. You’re more likely to stay on the sidelines with your losses crystallising.”
The S&P 500 did fall more than 5% in recent weeks, from March 28 to April 19.
Some people, though, simply find it impossible to do nothing if they fear a correction is looming. At the least, they want to protect the gains they have earned so far. What’s the most prudent way for them to reduce their market exposure?
Keep in mind that most actions you can take to guard your stock profits carry a cost. The easiest method, selling stocks, subjects you to capital-gains taxes unless you are selling from a tax-advantaged retirement account. That tax rate varies according to your income, but will likely be 15%.
One way to limit the burden is through tax-loss harvesting, says Amanda Agati , chief investment officer of PNC’s asset-management group. That is when you sell stocks at a loss, lowering your net capital gain. If you have any dogs in your portfolio—stocks with poor fundamentals—you can unload those.
If you do sell stocks, you could put the proceeds into a money-market fund for now, financial pros say. Many such funds yield 5% or more, far higher than rates over the past 15 years. Or if you want to increase the safety of your overall portfolio, you could put the money into safe government bonds. Three-year Treasury notes yield around 4.75%.
If you are going to unload stocks, but don’t want to sell right away, you can put in a stop-limit sell order through your brokerage. That order can automatically sell your shares if they slide to a level you designate (they can go below it, too), protecting you from big drops.
Say you bought 100 shares of Tesla at $140, and they are now trading at $165. If you don’t want your profit to disappear in a downturn, you could enter a stop-limit sell order with your brokerage at $150 for some or all of your shares. Those shares can be sold if the price reaches $150, securing some of the gains.
You also might shift your holdings more toward defensive stocks, such as utilities and consumer-staple companies, which generally outperform during market downturns, says Michael Sheldon , executive director of wealth-management firm RDM Financial Group.
PNC’s Agati suggests an emphasis on quality stocks, those with high recurring revenues, strong and dependable profit margins, high cash flow and low debt. These stocks—such as AutoZone and Visa , she says—have lagged behind the leaders of the market’s surge over the past year.
Advisers also suggest looking at “put” options to protect your stock gains. Puts give you the right but not the obligation to sell a security at a preset price by a preset deadline.
Note that we’re talking about a risk-reduction approach here, not the kind of risk-taking—to try to amplify returns— that has been rampant in the options market . The simplest strategy could be to purchase a put option on a market-index exchange-traded fund, such as one based on the S&P 500. You could buy puts on individual stocks rather than an index ETF, but that may get expensive and complicated as each option carries a purchase premium.
Here’s how the ETF strategy would work: First, buy an option that would let you sell the ETF at a price below the current one, protecting you from declines beneath that level. You wouldn’t have to sell the ETF, and you wouldn’t even have to own it. As the S&P 500 falls, the put option gains in value, and you can sell it.
Say on April 16 you wanted to protect 100 shares of SPDR S&P 500 ETF Trust (SPY) from a decline of more than 10%. With the ETF trading at $505 a share, you could buy an option that covers 100 shares for $1,050, or $10.50 a share. You’re paying a premium equal to 2% of your position.
The option’s expiration date is December, and its strike price is $455 a share, or 10% below the current value. The strike price is the price at which you could exercise the option. But generally you sell the option rather than exercising it, so you don’t have to dump any shares, especially if you don’t own them.
If the market doesn’t go down 10% by December, you let the option expire worthless, and you’re out the $1,050 you paid for it. If the market drops more than 10%, you can sell your option at a profit whenever you want until December.
While it might be more lucrative to sell it early, Ablin recommends holding until expiration if you’re using the option to protect your portfolio. “Think of it like homeowner insurance,” he says. “You pay a premium, like a deductible for insurance, and your coverage runs for a term.”
Keeping the option until expiration extends your coverage for the longest possible period.
By using options, you don’t have to sell any of your stocks, which are typically the best asset to generate strong long-term returns. “If you have the wherewithal to hold the S&P 500 for 10 years, your odds of making money are over 90%,” Ablin says.
Just 55 minutes from Sydney, make this your creative getaway located in the majestic Hawkesbury region.
This stylish family home combines a classic palette and finishes with a flexible floorplan