Cybersecurity vendor Bitdefender has discovered a new phishing scam that targets users in several countries, including Ireland, Australia, Germany, Denmark, and the Netherlands, by redirecting them to a fake version of OpenAI’s ChatGPT chatbot.
The scam is a “highly sophisticated financial scam,” according to Bitdefender, and the attackers send an unsolicited email with various subject lines containing a link to the fake chatbot.
Once victims click the link, they are asked to invest at least €250 and enter their banking card details, email address, ID credentials, and phone number.
A copycat version of ChatGPT is then delivered to the victim, offering only pre-determined answers to their queries. Victims are then contacted by someone claiming to represent a London-based firm called Import Capital and asked to invest in crypto and international stock.
They are also asked for crucial financial information such as their permission to calculate their and their family members’ median daily salary, passive income sources, hours they daily spend working, and if they are satisfied with their current income.
Users are advised to stay alert as this campaign is quickly expanding to other regions. The domain of Import Capital was never authorized for business in the UK, according to the alert from the FCA (Financial Conduct Authority).
Users must use ChatGPT only through its official website and avoid clicking on links in unsolicited emails. Bitdefender also recommends using a reliable antivirus solution and keeping software up to date to protect against cyber threats.
This is not the first attempt by cybercriminals to exploit ChatGPT’s immense popularity to develop malware and carry out other malicious attacks. There are also several fake ChatGPT apps that are carrying out invasive data harvesting against Android and iOS users.
Hackread.com has tested a legitimate ChatGPT app called “DialogueAI AI Chat Bot App,” which uses the official API of OpenAI’s ChatGPT and does not collect any data from the user’s device.
