Skip to content

Hackers caught weaponising Vercel’s AI tool to create phishing pages

  • by
  • 2 min read

Source: Storyblocks

Security researchers have caught hackers using v0, a generative AI tool from cloud application firm Vercel to design increasingly accurate phishing pages. v0 lets users create simple landing pages and even full-stack apps using natural language prompts.

The exploitation was caught by security researchers at Okta. A report into these activities claims that hackers have already been able to successfully create convincing replicas of legitimate landing pages for various brands, including one Okta customer. The phishing pages have been reported to Vercel and have been taken down since.

Additional content related to the pages, such as logos of the impersonated company are also being stored in Vercel’s cloud infrastructure. This likely helps trick unsuspecting users and even some developers to trust the page, especially considering how popular Vercel’s services are in the developer community.

What is phishing? Types of phishing scams and how to protect yourself?

The phishing pages themselves aren’t very different from traditionally coded ones. The main difference here is the ease and technical knowledge required to build a page. With tools like v0, hackers, scammers, and all sorts of other threat actors can set up entire phishing websites that can be visually indistinguishable from legitimate sites by simply entering natural language prompts.

V0 and its many open-source alternatives that are freely available on GitHub give low-skill hackers and scammers an easy way to set up complicated web infrastructure that would otherwise require time, effort, and some degree of web development skill. This can likely increase the number of phishing attacks, while also making them easier to create and more likely to succeed.

Additionally, AI-created deepfakes, fake emails, cloned voices, and more are all a result of hackers quickly leveraging generative AI models and finding new, malicious use cases for them. While running a large-scale phishing or hacking campaign previously took significant workforce and skill, it can now be done by a handful of individuals working with a generative AI model to quickly scale and even automate entire campaigns.

In the News: Meta plans to enforce SEBI verification for investment ads in India

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

A qantas airline flight taking off

Australian airline Qantas says data theft affected 6 million customers

This is an image of meta fb oculus workspace whatsapp messenger instagram

Meta plans to enforce SEBI verification for investment ads in India

This is an image of cyber security hacked breach

Esse Health is notifying over 263,000 patients of a data breach

This is an image of cctv surveillance camera 2

Canada bans Hikvision; company ordered to halt operations

Photo: trismegist san / shutterstock. Com

Mexican drug cartel hired cybercriminals to identify and kill informant

This is an image of ransomware 32988sd

Retail giant breach affects 2.2 million customers

>