An Evaluation of Social Engineering with Open AI Tools

The introduction of Artificial Intelligence (AI) as an everyday tool has instigated a new wave of attack techniques, especially in the Social Engineering (SE) department. The possibility to generate a multitude of different templates within seconds in order to carry out an SE-attack lowers the entry barrier for potential threat actors. This paper conducts three experiments, where it accounts two of the most used social engineering attacks, phishing and vishing, and utilizes them to investigate the success rate of the SE-attack process when assisted by various LLM-agents available to normal, non-expert users. The third one centers around the training of an AI-powered chatbot to act as a social engineer and gather sensitive information from the interacting user. As this work focuses on the offensive side of SE, all conducted experiments return promising results, proving not only the ability and effectiveness of AI-technology to act unethical, but also the little to no implied restrictions or opposed regulations. Gathering an overall opinion on these results, benefits and drawbacks to these findings are reflected upon and potential countermeasures are presented. This research aims to provide a deeper understanding behind the development and deployment of AI-enhanced SE-attacks by non-experts, further highlighting potential dangers.