New ChatGPT Phishing Scams You Need to Know About
New ChatGPT Phishing Scams You Need to Know About

Phishing scams have existed since 1996, as it was the first time that the term “phishing” was used in the digital world. The action “phishing” is so named because the action itself involves luring a person and draining them of their financial resources after the deception (akin to luring a fish with bait and reeling it in when caught). It is also the most common form of scams; BEC scams come closest.  

According to Statista, phishing scams take up 8% of Canada’s total number of scams and financial fraud, second only to credit card fraud scams. Phishing scams are becoming a staple in the digital world at this time, and individuals and businesses must learn how to protect themselves from this inevitable form of scams and maintain superb business cybersecurity levels. However, this is getting more difficult by the day, and here’s why.

The recent advent of AI tools and applications has made many internet users abandon conventional work methods, opting for AI instead. ChatGPT is a good example of an app powered by AI and commonly used globally. As users continue to employ this AI tool to develop content for their businesses, malicious actors are also using this application to carry out sophisticated phishing. This article highlights these new ChatGPT phishing scams and how to defend your business. 

How Scammers are Using ChatGPT to Create New Phishing Scams

Back in the day, it was easier to recognize phishing scams. Some pointers were spotting misspellings, poor grammar, and blurry or poor quality images. Here is an example.

Most businesses have a specific way of writing emails. As a result, hackers using phishing tactics and strategies typically find it difficult to get into these businesses unless they do their proper homework, which will require much more than just phishing activities. 

However, with the advent of AI tools such as ChatGPT and the Internet, hackers and malicious actors can access a lot of information about any company and ask ChatGPT to develop emails for specific use.

This has made spotting phishing emails much more difficult and could potentially fast-track a business’s IT downfall.

New ChatGPT Phishing Scams and How to Avoid Them

Here are some of these phishing scams aided by ChatGPT and how you can recognize and avoid them:ChatGPT Email Scams

This is by far the most common phishing scam, so it is no surprise to find many of them developed or powered by ChatGPT.

Email has always been a channel for distributing and spreading scam information and attacks since time immemorial. Since it can hold different types of information, such as pictures, documents, and even videos, email has become commonly used to spread malware and wreak havoc in various ways.

As previously discussed, before ChatGPT, it was easier to recognize bogus emails requesting payments on behalf of a certain company due to spelling and grammatical errors. You can check this article for how to spot phishing emails. However, with ChatGPT, hackers can develop countless content on ChatGPT and curate them as “clean” emails ready to be used for malicious purposes.

With ChatGPT, you do not have to speak the language of the target. All you need to do is to instruct the AI tool to develop an email for a specific purpose, giving it a certain context.

Presumably, ChatGPT makes developing phishing emails easier for malicious actors and cybercriminals. This is sure to increase the amount of phishing emails as the years go by. To prevent this, ensure you respond only to signed emails.  

Fake ChatGPT website

Initially, ChatGPT offered its services on its website when it launched in November 2022 and garnered over a million users in just five days.

However, users began to complain of slow service offerings in early 2023, and malicious actors took that as their cue to enter the market. By late February 2023, there were hundreds of bogus ChatGPT websites looking like the real deal. By the time the paid version of ChatGPT was introduced in early February 2023, people who could not identify real from bogus accounts began to supply sensitive financial details to the fake websites, and by the time they found out, much money had been lost to the scammers.

To prevent this, ensure you type in the website instead of copying it online. You can get started with the real service at https://chat.openai.com/

Fake ChatGPT browser extensions

Browser extensions have become an important component of every internet user’s arsenal and for a good reason. With a single click, these highly useful components can help you download pictures, images, and numerous/various other tasks that, when undertaken, can reduce a person’s productivity and efficiency.

While there are many actual ChatGPT-supported extensions (an example is Enhanced ChatGPT), many of the other offerings should be used. A good example of one ChatGPT browser extension to avoid is “Chat GPT for Google,” which went viral in March 2023. While it was being touted as the best browser extension at the time, it was extracting Facebook details from the devices of users.

There is an actual “ChatGPT for Google” tool, but since most users could not identify the real deal, it was easy to fall for this scam.

To prevent this, verify the actual “ChatGPT for Google” extension. Also, keep an eye out for other extensions (the name is the best way to find out), and check their details and the developer before downloading it.

ChatGPT account certification scam

To use ChatGPT, one needs to create an account. The premium service, named ChatGPT Plus, gives users access to better ChatGPT service eliminating downtime and faster response speeds. Due to this update, malicious actors now pose as ChatGPT employees requesting an account verification process. However, the link provided will very likely be a link leading to a bogus ChatGPT website. The scammer then harvests all the information and gets to work.

To prevent this, understand that it is highly unlikely that you will need to verify your ChatGPT account. The signup process is very straightforward and should be as smooth as possible. Hence, no ChatGPT employee will contact you for this process.

Fake ChatGPT app

OpenAI recently released a mobile app for the ChatGPT service. However, it was released for the iOS platform only. Nevertheless, scammers continue to develop and release Android versions for the sole purpose of phishing.

So, unless you have an iOS mobile device, you cannot use the ChatGPT application.

Protect Your Business Form ChatGPT Phishing Scams with Data First Solutions

Every business needs to feel secure digitally, which is what Data First Solutions offers Canadian businesses. Learn how to spot phishing scams, and let us help you improve your business cybersecurity posture. Contact us today to get started.