Scammers have been cleverly exploiting the popularity of ChatGPT and OpenAI to scam innocent people with similar-looking websites and identical domain names. ChatGPT phishing websites are everywhere, but what you should do if you spot one, and what measures you should take if you’ve been tricked?
How to Identify a ChatGPT Phishing Site
The following signs can help you spot a ChatGPT phishing website.
Domain Name
Scammers attempt to associate their phishing websites with ChatGPT or OpenAI, and the easiest way to do that is to register a domain name that contains the words “OpenAI” and “ChatGPT.” According toCheckpoint, over 13,000 domains relating to ChatGPT and OpenAI were registered within four months of ChatGPT’s November 2022 release.
“Openai.com"is the official website of the parent company, OpenAI, and"chat.openai.com"is the subdomain to access ChatGPT. Any other domain containing “ChatGPT” probably isn’t associated with OpenAI. It might be a real website offering a genuine service, but it’s unlikely that OpenAI owns it.
As per Checkpoint, one out of every 25 newly registered domain names associated with ChatGPT were malicious. Some of the malicious examples included:
All are seemingly linked to ChatGPT; all are completely fake.
Website Design and Layout
Phishing websites often mimic the design of official ChatGPT or OpenAI websites. Using the official layout, they mislead users into believing they are buying a product from the official site.
If the domain name of a website has the word “ChatGPT” in it, and the website looks like a clone of the official website, it is most likely a phishing site.
If a website contains the word “ChatGPT,” but its design or layout is completely different from the official site, it could be a genuine service website. However, before you trust it, you should check out the website thoroughly to see what it offers.
What the Website Is Trying to Sell You
In contrast, if a website sells ChatGPT-related products, such as AI writing detection tools, premium ChatGPT prompts, courses, etc., you should check its reliability thoroughly.
Other Ways to Assess the Credibility of a Website
The following signs can help you assess the credibility and trustworthiness of a suspicious website selling ChatGPT-related products:
We know criminals will try everything to trick unsuspecting users into their scams. But knowing most of the signs of a ChatGPT phishing site gives you a big advantage and boosts your security.
What Should You Do if You Spot a ChatGPT Phishing Website?
If you see any signs mentioned above or the website appears suspicious at first glance, report it immediately (for example, to CISA in the USA and the NCSC in the UK—both national computer crime agencies for their respective countries). Do not use your personal information, not even to log in, and do not use credit cards or other financial information. Also, avoid downloading attachments or clicking website links.
Besides that, post about the website with its URL in a public forum (somewhere like Reddit or X) and explain why you believe it is suspicious. It will prevent other users from falling victim to it and maybe encourage a security researcher to investigate it.
Already Fallen Victim to a ChatGPT Phishing Website? Here’s What to Do Next
If you have already fallen victim to a ChatGPT phishing website, you can take a few steps to undo some of the damage.
Websites without SSL certificates are mainly used to steal your personal information and then sell it to scammers. Therefore, if you’ve used your credit card on a shady website, request your bank or company to freeze it. If you have signed up on the fraudulent website with your primary email ID or phone number, watch out for phishing emails or phone calls going forward, and change any passwords you use.
Inform the appropriate authorities about any breaches of personal (and crucial) information you mistakenly share on the website, including your social security number, name, address, etc. This will save you from legal repercussions if scammers illegally misuse your information.
If you have downloaded an attachment disguised as an important document or file,scan your device for malwareto ensure it hasn’t been infected. If you’ve installed any apps, uninstall them as soon as possible.
If you have clicked on a link or a popup on the website,check your browser for signs of hijacking. If it appears that your browser has been hijacked, uninstall it completely and then install it again.
Don’t Fall Prey to ChatGPT Phishing Websites
Phishing websites are also on the rise with the growth of ChatGPT. Hopefully, you now better understand how to identify a ChatGPT phishing website and the actions you should take when you spot one. If you have already fallen victim to a phishing website, take the required actions to protect your privacy and finances.
