Phishing scams are now more accessible than ever thanks to SpamGPT, an AI-based spamming toolkit designed to help cybercriminals commit email fraud.
SpamGPT was first reported earlier this month when data security firm Varonis discovered advertisements for the tech on a prominent Russian-language hacking forum.
For a buy-in as low as $7,600 ($US5,000), the ads promised access to an ‘all-in-one’ phishing platform that can handle all aspects of an email scam campaign, from content generation to email delivery.
“SpamGPT’s interface and features imitate a professional email marketing service, but for illegal purposes,” wrote senior security researcher Daniel Kelley.
The tool’s main selling point appears to be a ChatGPT-like AI assistant which buyers can use to generate and optimise their phishing content.
This bot – which the sellers claimed is powered by ethical hacking tool KaliGPT among other “next-gen” models – was packaged with a dedicated management platform where users can write AI-assisted scam emails, get feedback on “audience targeting”, and collate “performance analytics” for their scam campaigns.
.jpeg)
A dedicated scam dashboard featuring an AI phishing assistant. Source: Varonis
“This means attackers no longer need to write convincing phishing emails; they can ask the AI for persuasive scam templates, subject lines, or targeting advice within the spam toolkit,” wrote Kelley.
Information Age encountered an advertisement for the malicious tool on encrypted messaging app Telegram, where sellers promised its “first major release” would be arriving soon.
.jpeg)
Cybercriminals told Information Age a “new version” is on its way. Source: Varonis
The post had accrued some 11,900 views at the time of writing.
Say ‘goodbye’ to spam folders
In addition to reducing the typos and grammar mistakes so common in spam, SpamGPT promised buyers the ability to bypass email filters.
“Say goodbye to lost emails and spam folders forever,” read a SpamGPT advertisement.
“[Place] your message directly in front of your target’s eyes, exactly where it matters.”
The scammers claimed the tool can provide guaranteed inbox delivery for the world’s most prominent email providers, including Gmail, Outlook, Yahoo, Microsoft 365 and more.
According to Kelley, part of achieving this would involve “abusing trusted cloud providers like Amazon AWS or SendGrid to blend in with legitimate mail traffic.”
Kelley found scammers could also configure multiple sender identities and email headers to impersonate trusted brands, while the tool offered dummy inboxes for buyers to test email deliverability before launching a full-scale phishing campaign.
“SpamGPT even provides detailed analytics and logs for each campaign so attackers can see how many emails were sent, delivered, or opened,” wrote Kelley.
“It essentially mirrors the capabilities of enterprise marketing software but is repurposed for phishing and malware delivery.”
How to crack an email server
One of the more technical aspects of phishing is simply sending out emails.
When outbound mail servers (or ‘SMTP servers’) are found to be relaying malicious emails, they can quickly accrue a negative sending reputation and eventually fail to get past even the most basic spam filters.
SpamGPT’s solution to this is to offer “secret techniques” which buyers can use to crack existing, legitimate SMTP servers and transform them into “mass-mailing machines”.
Indeed, a screenshot acquired by Varonis showed a SpamGPT user hosting 20 SMTP servers which were readily configured to send out phishing emails.
.jpeg)
Scammers can store and rotate cracked mail servers. Source: Varonis
“In practice, this means even less-skilled criminals could gain access to compromised or misconfigured mail servers to relay their campaigns,” wrote Kelley.
Scammers move to private channels
Kelley said the tool was first identified on a Russian cybercrime forum, though Information Age did not locate any public listings for SpamGPT at the time of writing.
Speaking with Information Age, Kelley explained buyers of the software were typically directed to private avenues such as Telegram, messaging service Jabber or other invite-only networks where they could discreetly complete their transactions and receive “ongoing support”.
“Public forums are heavily monitored by researchers and law enforcement, so valuable tools rarely remain there for long,” said Kelley.
“Instead, sellers move to closed groups where access is restricted and activity is harder to track.”
Australians reported over 90,000 scams to the National Anti-Scam Centre’s Scamwatch service during the first five months of 2025.
Scammers used email as their preferred contact method for more than 40,700 of these scams, causing a collective $26.1 million in losses.
