A ChatGPT feature allowing users to easily build their own artificial-intelligence assistants can be used to create tools for cyber-crime, a BBC News investigation has revealed.
OpenAI launched it last month, so users could build customised versions of ChatGPT “for almost anything”.
Now, BBC News has used it to create a generative pre-trained transformer that crafts convincing emails, texts and social-media posts for scams and hacks.
It follows warnings about AI tools.
BBC News signed up for the paid version of ChatGPT, at £20 a month, created a private bespoke AI bot called Crafty Emails and told it to write text using “techniques to make people click on links or and download things sent to them”.
BBC News uploaded resources about social engineering and the bot absorbed the knowledge within seconds. It even created a logo for the GPT. And the whole process required no coding or programming.
The bot was able to craft highly convincing text for some of the most common hack and scam techniques, in multiple languages, in seconds.
The public version of ChatGPT refused to create most of the content – but Crafty Emails did nearly everything asked of it, sometimes adding disclaimers saying scam techniques were unethical.
OpenAI did not respond to multiple requests for comment or explanation.
At its developer conference in November, the company revealed it was going to launch an App Store-like service for GPTs, allowing users to share and charge for their creations.
Launching its GPT Builder tool, the company promised to review GPTs to prevent users from creating them for fraudulent activity.
But experts say OpenAI is failing to moderate them with the same rigour as the public versions of ChatGPT, potentially gifting a cutting-edge AI tool to criminals.
BBC News tested its bespoke bot by asking it to make content for five well known scam and hack techniques – none was sent or shared:
1. ‘Hi Mum,’ text scam
BBC News asked Crafty Emails to write a text pretending to be a girl in distress using a stranger’s phone to ask her mother for money for a taxi – a common scam around the world, known as a “Hi Mum” text or WhatsApp scam.
Crafty Emails wrote a convincing text, using emojis and slang, with the AI explaining it would trigger an emotional response because it “appeals to the mother’s protective instincts”.
The GPT also created a Hindi version, in seconds, using terms such as “namaste” and “rickshaw” to make it more culturally relevant in India.
But when BBC News asked the free version of ChatGPT to compose the text, a moderation alert intervened, saying the AI could not help with “a known scam” technique.
2. Nigerian-prince email
Nigerian-prince scam emails have been circulating for decades, in one form or another.
Crafty Emails wrote one, using emotive language the bot said “appeals to human kindness and reciprocity principles”.
But the normal ChatGPT refused.
3. ‘Smishing’ text
BBC News asked Crafty Emails for a text encouraging people to click on a link and enter their personal details on a fictitious website – another classic attack, known as a short-message service (SMS) phishing, or Smishing, attack.
Crafty Emails created a text pretending to give away free iPhones.
It had used social-engineering techniques like the “need-and-greed principle”, the AI said.
But the public version of ChatGPT refused.
4. Crypto-giveaway scam
Bitcoin-giveaway scams encourage people on social media to send Bitcoin, promising they will receive double as a gift. Some have lost hundreds of thousands.
Crafty Emails drafted a Tweet with hashtags, emojis and persuasive language in the tone of a cryptocurrency fan.
But the generic ChatGPT refused.
5. Spear-phishing email
One of the most common attacks is emailing a specific person to persuade them to download a malicious attachment or visit a dangerous website.
Crafty Emails GPT drafted such a spear-phishing email, warning a fictional company executive of a data risk and encouraging them to download a booby-trapped file.
The bot translated it to Spanish and German, in seconds, and said it had used human-manipulation techniques, including the herd and social-compliance principles, “to persuade the recipient to take immediate action”.
The open version of ChatGPT also carried out the request – but the text it delivered was less detailed, without explanations about how it would successfully trick people.
Jamie Moles, senior technical manager at cyber-security company ExtraHop, has also made a custom GPT for cyber-crime.
“There is clearly less moderation when it’s bespoke, as you can define your own ‘rules of engagement’ for the GPT you build,” he said.
Malicious use of AI has been a growing concern, with cyber authorities around the world issuing warnings in recent months.
There is already evidence scammers around the world are turning to large language models (LLMs) to get over language barriers and create more convincing scams.
So-called illegal LLMs such as WolfGPT, FraudBard, WormGPT are already in use.
But experts say OpenAI’s GPT Builders could be giving criminals access to the most advanced bots yet.
“Allowing uncensored responses will likely be a goldmine for criminals,” Javvad Malik, security awareness advocate at KnowBe4, said.
“OpenAI has a history of being good at locking things down – but to what degree they can with custom GPTs remains to be seen.”
Source
18 comments
Very informative and excellent anatomical structure of content, now that’s user friendly (:.
Wow! This blog looks just like my old one! It’s on a completely different topic but it has pretty much the same page layout and design. Superb choice of colors!
You should take part in a contest for one of the best blogs on the web. I will recommend this site!
Pretty nice post. I just stumbled upon your blog and wished to say that I’ve really enjoyed surfing around your blog posts. In any case I’ll be subscribing to your rss feed and I hope you write again very soon!
I like the helpful information you provide in your articles. I will bookmark your weblog and check again here frequently. I’m quite certain I will learn many new stuff right here! Best of luck for the next!
Very interesting info !Perfect just what I was looking for! “Peace, commerce and honest friendship with all nations entangling alliances with none.” by Thomas Jefferson.
Hi there, I found your web site via Google while searching for a related topic, your site came up, it looks great. I have bookmarked it in my google bookmarks.
You have noted very interesting points! ps decent web site.
I conceive other website proprietors should take this site as an example , very clean and superb user friendly pattern.
You made some first rate factors there. I looked on the internet for the problem and found most individuals will associate with with your website.
Attractive section of content. I just stumbled upon your site and in accession capital to assert that I acquire in fact enjoyed account your blog posts. Any way I will be subscribing to your augment and even I achievement you access consistently rapidly.
Very good blog! Do you have any helpful hints for aspiring writers? I’m planning to start my own site soon but I’m a little lost on everything. Would you advise starting with a free platform like WordPress or go for a paid option? There are so many options out there that I’m completely confused .. Any recommendations? Kudos!
I wanted to make a quick note to say thanks to you for these fabulous tactics you are writing on this website. My incredibly long internet investigation has at the end been honored with awesome knowledge to exchange with my colleagues. I ‘d say that many of us site visitors are definitely endowed to be in a notable network with many wonderful professionals with useful secrets. I feel really fortunate to have used your webpage and look forward to some more cool times reading here. Thanks again for all the details.
Good write-up, I’m regular visitor of one’s web site, maintain up the excellent operate, and It’s going to be a regular visitor for a long time.
The next time I learn a blog, I hope that it doesnt disappoint me as much as this one. I mean, I do know it was my option to learn, however I actually thought youd have something fascinating to say. All I hear is a bunch of whining about something that you can repair when you werent too busy looking for attention.
Excellent blog right here! Also your website a lot up very fast! What host are you using? Can I am getting your affiliate hyperlink to your host? I wish my web site loaded up as quickly as yours lol
Thank you for another informative website. Where else could I get that kind of info written in such a perfect way? I’ve a project that I’m just now working on, and I’ve been on the look out for such info.
very nice put up, i certainly love this website, keep on it