--- title: "The Power of ChatGPT: How ChatGPT is Changing the Phishing Game | Phish Protection" description: "The Power of ChatGPT: How ChatGPT is Changing the Phishing Game: ChatGPT is changing the phishing game for threat actors who can use it for crafting phishing." image: "https://phishprotection.com/og/blog/the-power-of-chatgpt-how-chatgpt-is-changing-the-phishing-game.png" canonical: "https://phishprotection.com/blog/the-power-of-chatgpt-how-chatgpt-is-changing-the-phishing-game/" --- Quick Answer ChatGPT is changing the phishing game for threat actors who can use it for crafting phishing emails and bypassing \*\*MFA\*\*. This text shares the power of ChatGPT in the hands of phishing actors, how it can be used for email crafting, and how you can protect yourself from \*\*AI-powered phishing\*\*. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fthe-power-of-chatgpt-how-chatgpt-is-changing-the-phishing-game%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=The%20Power%20of%20ChatGPT%3A%20How%20ChatGPT%20is%20Changing%20the%20Phishing%20Game&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fthe-power-of-chatgpt-how-chatgpt-is-changing-the-phishing-game%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fthe-power-of-chatgpt-how-chatgpt-is-changing-the-phishing-game%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fthe-power-of-chatgpt-how-chatgpt-is-changing-the-phishing-game%2F&title=The%20Power%20of%20ChatGPT%3A%20How%20ChatGPT%20is%20Changing%20the%20Phishing%20Game "Share on Reddit") [ ](mailto:?subject=The%20Power%20of%20ChatGPT%3A%20How%20ChatGPT%20is%20Changing%20the%20Phishing%20Game&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fthe-power-of-chatgpt-how-chatgpt-is-changing-the-phishing-game%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2023/01/protection-from-phishing-7421.jpg) ChatGPT is changing the phishing game for threat actors who can use it for crafting phishing emails and bypassing **MFA**. This text shares the power of ChatGPT in the hands of phishing actors, how it can be used for email crafting, and how you can protect yourself from **AI-powered phishing**. **ML** (Machine Learning) Models and AI (Artificial intelligence) [chatbot](https://www.ibm.com/in-en/topics/chatbots#:~:text=A%20chatbot%20is%20a%20computer,to%20them%2C%20simulating%20human%20conversation.) technology has come a long way in recent years, and one of the most advanced models is ChatGPT. Making headlines worldwide with its ability to understand and respond to natural language inputs, ChatGPT is a valuable **tool** in multiple industries. However, like two sides of a coin, ChatGPT can significantly **impact** innocent lives in the hands of [threat actors](/blog/threat-actors-using-phishing-as-a-service-phaas/). In this article, we will explore how ChatGPT is changing the phishing game and the potential implications of this technology for both businesses and individuals. ### The Emergence of ChatGPT and its Role in Phishing ChatGPT, OpenAI’s large language model, has brought about significant progress in the field of [NLP (Natural Language Processing)](https://www.ibm.com/in-en/topics/natural-language-processing), with applications ranging from customer service, virtual assistants, and even **phishing detection** and prevention, which is ironical since it can also be used for **malicious** purposes of phishing and targeting innocent individuals without much effort. As technology continues to develop, we can expect to see ChatGPT being used more and more innovatively, making it a **mighty tool** for shaping the future. But we can also see it being used by threat actors to overcome the challenges of crafting phishing emails leading to more **sophisticated** campaigns with this AI chatbot. But how exactly does ChatGPT fit with [phishing](/resources/what-is-phishing/) and cyberattacks? ### ChatGPT Assisting Phishers in Social Engineering and Email Crafting **Phishing** is a common tactic used by [cybercriminals](/blog/cybercriminals-are-duping-millions-of-accounts-in-the-latest-facebook-phishing-campaign/) to trick individuals into sharing sensitive information, such as login credentials or financial information. However, the phishing game is changing with the emergence of AI chatbot technology like ChatGPT. _Where ChatGPT can be trained to detect and respond to phishing attempts, making it a valuable asset in the fight against cybercrime, it also takes care of the challenges that low-level cybercriminals face while crafting phishing emails._ Threat actors, or individuals who engage in phishing attacks, face several challenges when crafting phishing **emails**. Crafting a successful phishing email is a **complex** task that requires a significant amount of skill and knowledge. One of the main challenges is making the email appear as legitimate as possible to increase the likelihood of the recipient falling for the scam or [social engineering](/blog/social-engineering-attack-twilio-compromises-employee-accounts-customer-data/) tactic, which almost always involves creating a **sense of urgency** or fear in the recipient to prompt them to act quickly without thinking. ChatGPT can take care of this to continually craft phishing email templates for **mass phishing campaigns** enabling threat actors to cause all kinds of harm. ![Protection from phishing](https://media.mailhop.org/phishprotection/images/2023/01/protection-from-phishing-7421.jpg) For example, when researchers at HoxHunt were checking how capable the AI chatbot was in crafting phishing emails, they asked it to prepare a [BEC (Business Email Compromise)](https://www.securitymagazine.com/articles/97557-business-email-compromise-is-a-43-billion-scam) phishing attack impersonating the CEO (Chief Executive Officer) for a defunct organization by the name Standard Oil. ChatGPT[delivered](https://www.hoxhunt.com/blog/the-future-of-phishing-spearphishing-and-bec-attacks-according-to-chatgpt)a phishing email with the **CEO** reaching out to individuals for their **immediate attention**, informing them of financial restructuring, and asking them to redirect invoices to a new account. Threat actors can and are already utilizing the AI chatbot for crafting **malicious** phishing emails. Just like RaaS (Ransomware as a service) models transformed [ransomware](/content/protection-against-ransomware/what-is-ransomware/) attacks, enabling threat actors to target more organizations for financial gains, ChatGPT can be a similar **catalyst** for phishing campaigns to target individuals and enterprise workforce. But how is ChatGPT helping threat actors? Let us see. ### How Threat Actors can Utilize ChatGPT for Phishing _ChatGPT has advanced coding capabilities that enable threat actors to carry out malicious activities._ However, limiting the topic to ChatGPT’s ability to provide writing is an **impressive** and dangerous feat. Furthermore, since the chatbot improves quickly and offers various ways to write emails that are indistinguishable from the ones that humans write, phishing actors can utilize the AI chatbot and similar platforms to create anything they need to **dupe** innocent individuals on the Internet, including fake web personas, **fake website** presence, and more. Here are two areas where ChatGPT can help attackers: **_Translation_** ChatGPT has over 20 languages , including English, Chinese, Korean, and more, but individuals on the Internet have tested nearly 100, and ChatGPT comes through. Now that language is no bar, any individual could explain to ChatGPT what they need as an output, and it would provide the writing **promptly**, even if the writing were a phishing email. Even though the AI chatbot is blocked in Russia, individuals and threat actors have found ways to use the chatbot via [VPNs (Virtual Private Networks)](https://www.kaspersky.com/resource-center/definitions/what-is-a-vpn) and foreign numbers. - **\_ Bypassing MFA\_** With the boom of NLP, ChatGPT can convincingly carry on conversations in a human-like manner and can be used to **bypass** [MFA (Multi-Factor Authentication)](https://aws.amazon.com/what-is/mfa/). In the past, threat actors have used SMSRanger, BloodOTPbot, and other similar bots in turbo-charged phishing attacks to automatically follow up credential **harvesting** attacks, asking the victim for the **OTP** (One Time Password) code and making a fool of 2FA (Two Factor Authentication). > When threat analysts at Hoxhunt asked the chatbot how it could bypass MFA, it said, “These chatbots can engage with people in a **human-like** manner and trick them into revealing their personal information or **MFA credentials**. For example, an attacker may use a chatbot to impersonate a trusted individual or organization and request that the victim provide their password or security token.” ![Phishing protection](https://media.mailhop.org/phishprotection/images/2023/01/phishing-protection-8358.jpg) Since NLP-enabled and AI chatbots are more **intelligent**, they can keep up with individuals and move with the flow of the conversation to dupe them out of **security codes**, helping the threat actor [bypass MFA](https://www.infosecurity-magazine.com/news-features/mfa-bypass-frontline-security-pros/). ### How to Protect Yourself from Phishing in the age of AI-powered Phishing Campaigns? _The legacy approaches of always being cautious of unsolicited messages and never clicking on links or downloading attachments from unknown or suspicious sources work._ And leveraging [anti-phishing](/content/anti-phishing/) tools and software, such as email **filters** and browser extensions, to detect and block phishing attempts can add a **layer of protection**. But here are some tips to protect yourself from phishing in the age of AI-powered phishing campaigns: Offering a **simple** method for reporting suspicious emails. Scrutinizing web traffic through a [secure web gateway](https://www.gartner.com/en/information-technology/glossary/secure-web-gateway) to safeguard both on-premises and remote users. Verifying URLs (Uniform Resource Locator) for malicious content or **typosquatting**. - \_ Implementing email security protocols such as DMARC (Domain-based Message Authentication, Reporting, and Conformance), DKIM (DomainKeys Identified Mail), and SPF (Sender Policy Framework) to combat domain spoofing and content tampering. **Isolating** Word documents and other attachments in a [sandbox environment](https://softwarelab.org/what-is-a-sandbox-environment/) to prevent them from accessing corporate networks. ### Final Words AI chatbots like ChatGPT can become **powerful** tools for threat actors to carry out phishing attacks. They can mimic human behavior and communication patterns to make their phishing attempts more convincing and automate the process to increase their chances of success, which is why it is imperative for organizations to stay informed about the \*\*latest \*\*phishing tactics and to implement advanced security measures, such as AI-based **threat detection** and response, to detect and respond to these threats. Despite the potential risks and the potential of ChatGPT on the other side, the benefits of ChatGPT in transforming the world and implementing AI chatbots in security are **undeniable** and will continue to play an important role of [phishing protection](/) in the future. ## Topics [ Phishing ](/tags/phishing/)[ Phishing Awareness ](/tags/phishing-awareness/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Foundational 5m 0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[ Foundational 23m Anatomy of a Trust-Based Attack: Deconstructing the Nifty.com Phishing Campaign and the New Frontier of Corporate Defense Jun 10, 2025 ](/blog/anatomy-of-a-trust-based-attack-deconstructing-the-nifty-com-phishing-campaign-and-the-new-frontier-of-corporate-defense/)[ Foundational 5m Business Essentials: The Top Email Marketing Security Strategies for 2023 Dec 13, 2022 ](/blog/business-essentials-top-email-marketing-security-strategies-2023/)[ Foundational 5m Interserve Fined $5 Million by ICO and Why Anti-Phishing Measures are the Need of the Hour Oct 28, 2022 ](/blog/interserve-fined-5-million-ico-anti-phishing-measures-hour/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"The Power of ChatGPT: How ChatGPT is Changing the Phishing Game","description":"The Power of ChatGPT: How ChatGPT is Changing the Phishing Game: ChatGPT is changing the phishing game for threat actors who can use it for crafting phishing.","url":"https://phishprotection.com/blog/the-power-of-chatgpt-how-chatgpt-is-changing-the-phishing-game/","datePublished":"2023-01-24T08:51:59.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2023-01-24T08:51:59.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/the-power-of-chatgpt-how-chatgpt-is-changing-the-phishing-game/"},"articleSection":"foundational","keywords":"Phishing, Phishing Awareness","wordCount":1289,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2023/01/protection-from-phishing-7421.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"The Power of ChatGPT: How ChatGPT is Changing the Phishing Game","item":"https://phishprotection.com/blog/the-power-of-chatgpt-how-chatgpt-is-changing-the-phishing-game/"}]} ```