ChatGPT has become a mainstream tool around the world, offering an AI chatbot service to billions. But the popularity of this chatbot is now being capitalized upon by cybercriminals looking to swindle unsuspecting users. So, what kinds of ChatGPT scams should you be looking out for?
1. ChatGPT Email Scams
Email has been used as a scam vector for many years, be it to spread malware, blackmail victims, or steal valuable information. Now, ChatGPT’s name is being used in email scams to trick recipients.
In April 2023, many news publications began reporting a wave of phishing emails written specifically by ChatGPT. Because ChatGPT can write content upon a user’s request, cybercriminals have begun using the AI chatbot to write phishing emails that they can then use in their malicious campaigns.
Say, for instance, a cybercriminal is not fluent in English but wants to target English-speaking individuals. Using ChatGPT, they can have a flawless phishing email written for them, without any spelling or grammatical errors. Well-written phishing emails can more effectively swindle victims, as it fuels the air of legitimacy that the malicious sender is trying to imitate.
In general, using ChatGPT to write phishing emails can streamline the scam process for cybercriminals, which may cause phishing attacks to grow in frequency overall.
2. Fake ChatGPT Browser Extensions
Browser extensions are a popular and convenient tool used by millions, but malicious, phony versions of this software are also used to install malware and steal data. The case is no different for ChatGPT.
While there are ChatGPT-focused extensions out there (such as Merlin and Enhanced ChatGPT), not every extension that you see on your browser’s app store is safe. For example, a ChatGPT extension named “Chat GPT for Google” began spreading from device to device in March 2023. But while spreading, the phony ChatGPT extension was stealing thousands of users’ Facebook information.
The extension was named specifically to confuse users, being almost identical to the legitimate ChatGPT for Google tool. Many people didn’t think twice about the name and installed the extension under the guise that it was safe. In reality, the extension was being used to install hidden backdoors on Facebook accounts and access admin permissions.
So, it’s crucial that you verify the legitimacy of a ChatGPT extension before downloading it. Also keep an eye out for discrete differences in the names of extensions, as a malicious extension can be listed under a very similar name in order to trick users.
3. Fake ChatGPT Apps
Like browser extensions, cybercriminals can also use ChatGPT’s name to spread malicious apps. Malicious apps are nothing new and have been used for years to deploy malware, steal data, and monitor device activity. Now, ChatGPT’s well-known name is being used to push malicious apps.
In February 2023, it was found that cybercriminals had developed a fake ChatGPT app to spread Windows and Android malware. As reported by Bleeping Computer, malicious actors capitalized on OpenAI’s ChatGPT Plus to convince users that they could sign up for a free version of the typically premium tool. The cybercriminals’ goal here is to either steal credentials or deploy malware.
To keep yourself safe from these apps, it’s important to do background research on any given kind of software program to see if it has a positive reputation, or any reputation at all. Even if an app looks enticing, it’s not worth the installation if you can’t verify whether it is safe. Stick to trusted app stores and check user reviews before downloading any kind of app.
4. Malware Created by ChatGPT
There’s been a lot of talk about AI and cybercrime in recent years, as many are concerned this technology may make it easier for malicious actors to scam and attack victims.
This is by no means an unrealistic worry, as ChatGPT can be used in malware creation. It didn’t take long after the launch of ChatGPT for illicit individuals to start writing malicious code using the popular tool. In early 2023, a form of Python-based malware was allegedly created using ChatGPT, as stated in a hacking forum post.
This malware was not highly complex, and no severely dangerous malware, such as ransomware, has been identified as a product of ChatGPT. But ChatGPT’s ability to write even simple malware programs opens a door to people who want to get into cybercrime but do not have much, or any, technical expertise. In any case, this new AI-powered capability may prove to be a big issue in the near future.
5. ChatGPT Phishing Sites
Phishing attacks are often conducted using malicious websites. These sites are designed to log the keystrokes you enter so that valuable data can be stolen and exploited.
If you want to use ChatGPT, there’s a chance you are at risk of falling victim to this kind of phishing scam. Say you click on a website believing it to be the official ChatGPT webpage. Here, you create an account, entering your name, contact details, and other information. If the website you’re using is, in reality, a malicious site, the information you enter will likely be stolen for exploitation.
Alternatively, you may receive an email from a user claiming to be a ChatGPT staff member, stating that your ChatGPT account requires some form of verification. This email will likely include a link to a webpage where you can log into your account and complete the verification, or so the sender claims.
In reality, the link you click on leads to a malicious webpage that can steal any data you enter, including your login credentials. Now, another person can access your ChatGPT account and view your prompt history, account details, and other sensitive data. It’s important to know how to spot phishing scams in order to avoid this kind of cybercrime.
ChatGPT Scams Are Worryingly Common
As ChatGPT continues to grow in prevalence, it is likely that cybercriminals will continue to leverage its popularity to target users, be it for their devices, their activity, or their sensitive data. So, if you’re interested in using ChatGPT, or you want to stay updated on how to protect yourself online, be mindful of the various types of scams and attacks.