They said AI would make life easier, and it is… for scammers, of course. A new tool on the dark web — dubbed SpamGPT — is enabling cyber criminals to enact massive phishing scams that are, unfortunately, very effective.
AI has experienced its fair share of bad press over the last few years. From egregious errors to full-on hallucinations, the technology isn’t exactly at the top of its game just yet.
This is even worse, though, as AI technology is clearly being used to make scams even harder to spot in 2025.
What Is SpamGPT?
SpamGPT is a cybercrime toolkit that is being used to generate and dispense massive phishing campaigns to users in 2025.
The AI tool has been discovered on unground forums like the dark web, sold as a “spam-as-a-service” platform that cyber criminals can use to develop more sophisticated attacks on unsuspecting individuals.
This just in! View
the top business tech deals for 2025 👨💻
SpamGPT is reportedly being sold on these underground forums for $5,000.
How Does SpamGPT Work?
SpamGPT works like any email marketing platform. It offers tools like SMTP/IMAP email server, email testing, and campaign performance monitoring in real time. There’s also an AI marketing assistant named KaliGPT, which is built directly into the dashboard for assistance.
However, where it differs from email marketing platforms is that it is specifically designed for creating spam and phishing emails to steal information and financial data from users.
More specifically, SpamGPT is “designed to compromise email servers, bypass spam filters, and orchestrate mass phishing campaigns with unprecedented ease,” according to a report from Varonis, a data security platform.
How to Protect Yourself From SpamGPT
While SpamGPT sounds pretty terrifying, the reality is that you don’t have much to worry about as a business if you’re already taking phishing scams seriously.
SpamGPT mostly just increases the number of emails cyber criminals can send out, while also making the phishing scams a bit more convincing. As a result, any business that has trained its employees and put in safeguards against phishing should still be safe.
Unfortunately, that’s not necessarily the case. In fact, a recent study found that the majority of businesses could be vulnerable to these attacks, with 98% of owners not being able to recognize all the signs of a phishing attack.
