This paper explores the possibility of using ChatGPT to develop advanced phishing attacks and automate their large-scale deployment. We make ChatGPT generate the following parts of a phishing attack: i) cloning a targeted website, ii) integrating code for stealing credentials, iii) obfuscating code, iv) automating website deployment on a hosting provider, v) registering a phishing domain name, and vi) integrating the website with a reverse proxy. The initial assessment of the automatically generated phishing kits highlights their rapid generation and deployment process as well as the close resemblance of the resulting pages to the target website. More broadly, we demonstrate that recent advances in AI underscore the potential risks of its misuse in phishing attacks, which can lead to their increased prevalence and severity. This highlights the necessity for enhanced countermeasures within AI systems.

翻译：本文探讨了利用ChatGPT开发高级钓鱼攻击并自动化其大规模部署的可能性。我们让ChatGPT生成钓鱼攻击的以下组成部分：i) 克隆目标网站，ii) 集成窃取凭据的代码，iii) 代码混淆，iv) 在托管提供商处自动部署网站，v) 注册钓鱼域名，以及vi) 将网站与反向代理集成。对自动生成的钓鱼工具包的初步评估显示，其生成和部署过程迅速，且生成的页面与目标网站高度相似。更广泛地说，我们证明了人工智能的最新进展突显了其在钓鱼攻击中被滥用的潜在风险，这可能导致其普遍性和严重性增加。这凸显了在AI系统内加强对抗措施的必要性。