Cyber criminals and phishing attackers are discovering the ChatGPT platform. A significant increase in fake websites claiming to be affiliated with or related to ChatGPT have been found on the web.
This is how phishing attempts and malware attacks are made. Some scammers even directly impersonate ChatGPT's website to trick users into downloading deceptive files or revealing sensitive information. The frequency of these attack attempts has steadily increased in recent months. At the same time, Check Point registers tens of thousands of attempts to access these malicious ChatGPT websites. From early 2023 to late April, out of 13.296 new domains created in connection with ChatGPT or OpenAI, 1 in 25 new domains was either fraudulent or suspicious, according to Sergey Shykevich, Threat Intelligence Group Manager at Check Point.
Fake similar domains
One of the most common techniques used in phishing attacks is similarly named or spoofed domains. These are designed to look like a legitimate or trusted domain at first glance. For example, a phishing email may use the address "boss(at)cornpany.com" instead of the email address "boss(at)company.com". In the e-mail itself, however, the name is spelled correctly.
Hackers can also use fake but credible domains in their attacks. For example, an email claiming to be from Netflix might come from "help(at)netflix-support.com". While this email address appears legitimate, it is not necessarily owned or affiliated with Netflix, but was created using the company's name in hijacking.
Examples of malicious websites identified:
chat gpt pc (dot) online
chat-gpt-online-pc (dot) com
chatgpt4beta (dot) com
chat-gpt-ai-pc (dot) info
chat-gpt-for-windows (dot) de
What to do if you suspect a phishing attack?
Unfortunately, more and more employees in companies use supposed ChatGPT services to solve their tasks faster. If a website or email is suspected to be a phishing attempt, the following steps should be taken:
- Don't reply, don't open links or attachments: If you receive a suspicious link, attachment, or request for a response, do not click, open the attachment, or respond.
- Report the email to the IT department or IT security: Phishing attacks are usually part of broader campaigns. Such an e-mail should be reported immediately to the IT department or IT security so that they can initiate an investigation and limit the damage as quickly as possible.
- Delete suspicious emails: Suspicious emails should be deleted immediately after being reported. This reduces the likelihood of accidentally falling for the scam later on.
- Take a close look at emails and websites: Watch out for language, spelling and website content that asks to download files.
About check point Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.