The dark side of ChatGPT's popularity is that it also draws the attention of scammers who try to profit from using phrases and domain names that appear related to the site.
Between November 2022 and early April 2023, Unit 42 saw a 910% increase in monthly registrations for ChatGPT-related domains. Unit 42 also observed a 17.818 percent growth in related squatting domains from DNS security logs during this period. Unit 42 also recorded up to 118 ChatGPT-related malicious URL detections captured from traffic on a daily basis.
Copycat Chatbots
In the analysis, Unit 42 presents several case studies to illustrate the different methods scammers use to trick users into downloading malware or sharing sensitive information. When OpenAI released its official API for ChatGPT on March 1st, 2023, Unit 42 observed an increasing number of suspicious products using it. Therefore, Unit 42 highlights the potential dangers of using copycat chatbots to encourage ChatGPT users to approach such chatbots with a defensive mindset.
As OpenAI began its rapid rise to become one of the most well-known brands in the field of artificial intelligence, Unit 42 observed multiple instances of threat actors registering and exploiting squatting domains in the wild, using "openai" and "chatgpt" as their domain name ( e.g. openai[.]us, openai[.]xyz and chatgpt[.]jobs). Most of these domains are not hosting anything malicious as of early April 2023, but it is worrying that they are not controlled by OpenAI or other authentic domain management companies. They could always be misused to cause harm.
During research, Unit 42 observed several phishing URLs attempting to impersonate official OpenAI websites. Typically, scammers create a fake website that closely mimics the look and feel of the official ChatGPT website, and then trick users into downloading malware or sharing sensitive information.
Fake ChatGPT sites
Additionally, scammers can use ChatGPT-related social engineering for identity theft or financial fraud. Although OpenAI provides users with a free version of ChatGPT, scammers lead victims to deceptive websites and claim that they have to pay for these services. For example, fake ChatGPT sites try to trick victims into revealing their sensitive information such as credit card details and email addresses. Unit 42 also noted that some scammers are taking advantage of the growing popularity of OpenAI for crypto scams.
While ChatGPT has become one of the most popular apps this year, more and more copycat AI chatbot apps have also appeared on the market. Some of these applications offer their own major language models, others claim that they offer ChatGPT services through the public API announced on March 1st. However, using copycat chat bots could increase security risks. Before the release of the ChatGPT API, there were several open source projects that allowed users to connect to ChatGPT through various automation tools. Given that ChatGPT is not accessible in certain countries or regions, websites built using these automation tools or the API could attract a significant number of users from these areas. This also provides threat actors with an opportunity to monetize ChatGPT by representing their service. Users should always access ChatGPT from the OpenAI official website.
More at PaloAltoNetworks.com
About Palo Alto Networks Palo Alto Networks, the global leader in cybersecurity solutions, is shaping the cloud-based future with technologies that transform the way people and businesses work. Our mission is to be the preferred cybersecurity partner and protect our digital way of life. We help you address the world's biggest security challenges with continuous innovation leveraging the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are the leaders in protecting tens of thousands of businesses across clouds, networks and mobile devices. Our vision is a world where every day is safer than the one before.