The advanced chatbot, ChatGPT-4, has been one of the big news stories of the year so far, understandably as its ingenious uses continue to impress. Unfortunately however, it’s not all positives: the chatbot can also be used for various malicious purposes. Researchers have warned that cybercriminals can use ChatGPT to compose the text for phishing emails — meaning more phishing emails and more cyberthreats. Then there’s the problem of fake ChatGPT apps, websites, and associated malware, which we’ve previously reported on.
This week we’ve discovered yet more ChatGPT-4 phishing attacks and other threats. Read on for the low-down.
Both AI Pro and Ink AI are highly suspect and operate in the same way: a chaotic phishing email arrives in your inbox, promising a new AI chatbot that has seemingly appeared out of nowhere but is supposedly superior to ChatGPT. Both AI Pro and Ink AI claim to be able to do all that ChatGPT can do — and more! You may wonder then, why you’ve never heard of either in the news: that would be a good question.
If you click on the phishing links in the emails, you’ll then be taken to the websites seen above, which appear to have been designed by a lunatic with rainbows for eyes. Aside from the randomness and optics, there are other red flags that suggest these two websites are scams:
The ChatGPT “Banker” phishing attack involves fake webpages and a trojan virus. Would-be victims are deceived by malicious websites impersonating ChatGPT, such as the below.
Sample fake website
A phishing lure will be used, in this case a request for service permissions, to entrap the victim. If the victim complies, an Android banking trojan will be downloaded onto the victim’s device, at which point the cybercriminal can steal financial credentials.
Sample phishing lure
Be on the lookout for these dangerous ChatGPT phishing websites:
Opens a limited webpage of OpenAI and demands remote control access of a victim’s device.
Backdoor
Utilizes malicious fake apps that request excessive device permissions and then install spyware in order to steal personal credentials.
Spyware
Discreetly subscribes its target to various premium services through SMS billing fraud.
Billfraud
We would encourage readers to head over to our new FREE ID Protection platform, which has been designed to meet challenges such as those above. With it, you can secure your social media accounts with our Social Media Account Monitoring tool, with which you’ll receive a personal report:
Aside from this, you can also:
All this for free — give it a go today. As always, we hope this article has been an interesting and/or useful read. If so, please do SHARE it with family and friends to help keep the online community secure and informed — and consider leaving a like or comment below. Here’s to a secure 2023!
This article was published in collaboration with Trend Micro.
