Hoping to capitalize on the massive interest in GPT-4 - ChatGPT's new multimodal model - scammers have launched phishing campaigns via email and Twitter to steal cryptocurrency.
A day after the highly anticipated launch of OpenAI's Generative Pre-trained Transformer Version 4 (GPT-4), scammers have jumped on the bandwagon. They have started sending phishing emails and tweeting phishing links to cryptocurrency prospects about a fake OpenAI token. At the time of Tenable's blog post, OpenAI was only offering GPT-4 access to ChatGPT Plus subscribers and developers via its API. The unintended effect of this restricted access is that scammers have an ideal hook to lure unsuspecting users to their phishing sites.
Fake emails from OpenAI
The phishing email itself contains only a single block of text: "Don't miss out on the limited-time OpenAI DEFI token airdrop". It contains an image of an OpenAI email based on a template of what a legitimate OpenAI email might look like. However, the fake email contains a number of grammatical and spelling errors.
The phishing email claims that GPT-4 is "now only available with the OpenAI token." This aligns with OpenAI's decision to restrict access to GPT-4, which aims to give some legitimacy to the scam itself. However, the email also contains a false date, claiming that the “token airdrop” will begin on Wednesday, March 14th, when in fact Wednesday was March 15th.
It is unclear how the scammers are targeting users with this campaign and if they managed to get a list of OpenAI users. One possibility is that they created a target list using data from SendGrid that revealed information about users of crypto tax service CoinTracker.
Compromised Twitter accounts
On March 16, journalist Zack Abrams tweeted a photo of a tweet message he received from a compromised Twitter account impersonating OpenAI. Abrams called the scam attempt savvy, adding that "the picture, name and blue tick match the real OpenAI." The image of Abrams' tweet also shows scammers promoting a "$GPT coin" and saying it "can be distributed to GPT-4 crypto users."
Fake cryptocurrency giveaways on social media are not new, and spamming a user's Twitter mentions has become a key component in the persistence of these types of crypto scams.
Phishing website
When a user clicks the link in the phishing email, they are redirected to a website that looks very similar to the real OpenAI website for ChatGPT and GPT-4. However, a key difference of the phishing website is that it promotes the “time-limited OpenAI DEFI token airdrop”. The use of terms like “time-limited” is linked to one of the most important components of cryptocurrency scams: scarcity.
Stating that a "limited" number of tokens will be distributed for a "limited" time creates a sense of urgency. This creates a fear of missing out and increases the likelihood that potential victims will ignore red flags, such as: B. the wrong date (Tuesday was March 14, not March 16) or the fact that “Decentralized Finance” should actually be called DeFi and not DEFI.
Another notable aspect of this phishing website is the use of a hyphen in the domain name to make the first half of the URL appear as if the main domain is "openai.com". This is achieved by using the sub-domain "openai" with a second-level domain ".com-token" followed by the top-level domain ".info".
The website includes text claiming that holders of the (fake) OpenAI token will get exclusive access to preview "upcoming products" and test prototypes before public release. The scammers also state that the OpenAI token will be denoted by the token symbol $OAI. At the time of writing this blog post, OpenAI had not yet launched a cryptocurrency token, and all tokens on the Ethereum blockchain using the $OAI symbol are not associated with OpenAI.
Wallet connected to phishing website
In order to “claim” the alleged OpenAI tokens, users are instructed to click a button that says “Click here to claim”, which will then present options for connecting their wallets to the website. This process is familiar to most cryptocurrency users, who often connect their wallets to decentralized apps – or dApps for short. Since it is a familiar process, users might not think twice about connecting their wallet to this phishing website. Users have the option to connect to the popular browser-based cryptocurrency wallet MetaMask or WalletConnect, a way to connect over 170 wallets to dApps.
After the connection is established, the phishing website is able to steal all cryptocurrency tokens in the wallet, including non-fungible tokens (NFTs), by automatically transferring them to its own wallet. Once these tokens are transferred, there is little to no chance of recovery.
Airdrops as a convenient way for scams
An airdrop is a type of event in the cryptocurrency space where users are rewarded with free tokens based on their participation in a protocol. The terminology is familiar, making it a convenient way for scammers to scam users who are expecting an airdrop or hoping to participate in an already-announced airdrop.
For example, the Arbitrum Foundation recently announced that it intends to do an airdrop. Within a day of this announcement, scammers have already copied the Arbitrum Foundation website template as part of a phishing website.
Unlike Arbitrum, Coinbase also announced the launch of Base, its own Layer 2 scaling solution for Ethereum, but noted that there would be no native token for Base. However, that hasn't stopped scammers from creating a Base phishing website promoting an airdrop of $BASE tokens.
Cryptocurrency scam using new technologies
In recent years, cryptocurrency scammers have been shown to be opportunistic, posing as notable figures or brands to promote fake tokens such as Tesla tokens and SpaceX tokens, as well as a plethora of fake giveaways. Mimicking OpenAI and promoting a fake OpenAI token continues this trend.
For users interested in GPT-4 and ChatGPT or cryptocurrencies and the blockchain, it is paramount that they continue to act with a high level of skepticism when it comes to cryptocurrency giveaways and token airdrops. Users should continue to do their own research before connecting their wallets to such websites.
More at Tenable.com
About Tenable Tenable is a Cyber Exposure company. Over 24.000 companies worldwide trust Tenable to understand and reduce cyber risk. Nessus inventors have combined their vulnerability expertise in Tenable.io, delivering the industry's first platform that provides real-time visibility into and secures any asset on any computing platform. Tenable's customer base includes 53 percent of the Fortune 500, 29 percent of the Global 2000, and large government agencies.
Matching articles on the topic