AI can now generate entire phishing websites in 30 seconds
What's the story
Cybercriminals are now using generative artificial intelligence (AI) tools to create phishing websites at an alarming speed, sometimes in as little as 30 seconds. The revelation comes from a report by identity and access management firm Okta. In a report shared with Axios, Okta revealed that hackers were using v0, a generative AI website builder developed by Vercel, to create fake login pages for their malicious activities.
Emerging risk
Use of AI to generate fake login page for Okta
Okta's report marks the first instance of AI being used to generate not just phishing messages but also the websites hosting them. One such site was a near-exact replica of Okta's own sign-in portal, raising concerns over user credential theft and unauthorized access to sensitive company systems. If successful, these attacks could have resulted in major breaches across corporate networks.
Tool misuse
How the attackers did it
The v0 tool enables anyone to create websites using simple natural-language prompts. Okta researchers demonstrated that a realistic phishing site could be created by simply instructing v0 to "build a copy of the website login.okta.com." Further investigation uncovered similar phishing pages targeting Microsoft 365 and cryptocurrency platforms, all hosted on Vercel's infrastructure.
Company action
What did Okta find?
Though Okta has not confirmed if any credentials were stolen, the company found that attackers quickly created new phishing sites for other tech services during its investigation. In response, Vercel has taken down the fraudulent websites and is working with Okta to implement abuse-reporting mechanisms on the v0 platform. Ty Sbano, Vercel's Chief Information Security Officer, acknowledged that "like any powerful tool," v0 can be misused.
Security concerns
Defenders can't keep up with attackers
Experts have long warned that generative AI could enable less technically skilled attackers to launch convincing phishing campaigns at scale. Brett Winterford, VP of Threat Intelligence at Okta, warned that defenders can't keep up with attackers simply by making small improvements. He emphasized the need to rethink our approach as "bad actors are evolving faster than traditional security systems can keep up."
Tool replication
Cloned versions of the v0 tool found on GitHub
Okta also found cloned versions of the v0 tool on GitHub. This means even if Vercel cracks down on misuse, hackers could continue deploying AI-generated phishing websites using offline or repurposed copies of the tool. Traditional ways of spotting phishing websites, like checking for typos or odd URLs, are quickly becoming obsolete in this new threat landscape.