- Octa warns Genai Tool V0.Vev is utilized to build phishing –
- The malicious sites are hosted on the Vercel infrastructure to seem more legitimate
- AI tools also often cite false URLs, which puts unsuspecting users at risk of attack
New Octa Research has revealed how threat players use Vercel’s V0.V to build realistic phishing sites that mimic legitimate login pages with researchers who successfully reproduce the alleged technique to prove its opportunity.
V0.VAn allows users to create web interfaces from simple, natural language recovery, which researchers say relate to because technology has now been shown to lower the technical barrier to phishing attacks and other types of cyber crime.
Although Vercel and Octa have worked together to limit access to known sites, many claim that there is very little that can be done to prevent such attacks, AI tools have now become so widespread.
Genai is now creating phishing -Webot
Octa found that the fake phishing sites were to emulate corporate logos and other assets to reduce detection of unsuspecting victims where the sites hosted Vercel’s infrastructure to seem more legitimate. Microsoft 365 and false cryptosides were among the most popular.
Open source accessibility of V0.V -clones and guides on GitHub have also expanded access to these opportunities for less experienced developers and attackers.
Octa recommends that all users created multi-factor approval on supported accounts that bind authentificors to original domains via tools such as Octa Fastpass to ensure that fake websites do not have access to your credentials.
“Organizations can no longer rely on teaching users how to identify suspicious phishing -sites based on imperfect imitation of legitimate services,” noted Octas scientists.
Companies should also update their cyber security programs to tackle the risks of AI-generated phishing attacks and social technology.
The news comes shortly after another report revealed about a third of Genai Chatbot response containing login-URLs were false, with attackers registering false domains cited by tools such as chatgpt to establish their own phishing campaigns.
