Hackers abuse generative AI tool to create phishing sites in as little as 30 seconds

Hackers are using generative AI tools, specifically Vercel's v0, to rapidly create convincing phishing websites. These sites mimic legitimate login pages, like Okta's own portal, to steal user credentials. Okta researchers discovered attackers abusing v0 to generate phishing infrastructure directly, a new tactic. This allows attackers to quickly create and deploy fake login pages with simple natural language prompts. The ease of use enables the rapid creation of phishing sites targeting various services, including cryptocurrency platforms and Microsoft 365. While no successful credential harvesting has been confirmed, the speed and scale of site creation are concerning. Vercel has taken down the identified phishing sites and is working with Okta to combat abuse. Security experts warn that generative AI will accelerate low-sophistication cyberattacks like phishing. Okta found cloned versions of the v0 tool, indicating the potential for continued phishing campaigns. The best defense against these new phishing attacks is to adopt passwordless technologies.