We Used ChatGPT to Craft a VEC Email, and Yikes!
Updated: Mar 13
We were curious about what results ChatGPT would produce if we prompted it to create an Email that could be used in a vendor email compromise scam. Let's just say the results were eye-popping! It has never been easier for scammers to produce convincing messages to target unsuspecting businesses.
Vendor Email Compromise (VEC) is a close cousin to BEC and is well documented as one of the internet's largest and most lucrative scams. The FBI estimates state that BEC is a $43 Billion problem. The scammers often target accounts payable teams sending them updated payment details from vendor email addresses that appear to be legitimate.
Once the scammers have access to the email address of your vendor they will lie in wait observing patterns until the right time to strike. One common misconception is that scam emails are poorly written. With the advent of powerful, free, open AI tools like ChatGPT, anyone can craft a very believable email that looks to be written by a human and native speaker. We decided to test it out.
Here's the prompt we used with ChatGPT:
Create an email message to Samantha accounts payable asking to change payment bank details for the Orion project
Here is what was produced in under 10 seconds:
Subject: Request to Change Payment Bank Details for Orion Project
Dear Samantha,
I hope this email finds you well. I am writing to request a change in the payment bank details for the Orion project. As you may know, we have recently switched to a new bank for our financial transactions, and I would like to ensure that all payments related to the Orion project are directed to the correct account.
The current bank details that you have on file are no longer valid, and I would like to request that you update them with the following information:
Bank Name: JPMorgan Chase Bank, N.A.
Account Number: [New Account Number]
Routing Number: 111000614
Please note that this change is only for the Orion project, and all other payments should continue to be processed using the existing bank details.
If you require any additional information or documentation to facilitate this change, please do not hesitate to let me know. I would be happy to provide any necessary details to ensure a smooth transition.
Thank you for your assistance with this matter. I appreciate your prompt attention to this request.
Best regards,
Look convincing? Could you tell that it was a scam? Would your AP team spot the fraud if it came from a "trusted" vendor email address that the scammers had spoofed? Yeah, me neither.
Luckily, Speedchain's secure, encrypted messaging removes the reliance on emails to communicate with suppliers. Contact us today to see how we can make your payments more secure.