- Check Point Research (CPR) sees a surge in malware distributed through websites appearing to be related to Chat GPT
- Since the beginning of 2023, 1 out of 25 new ChatGPT-related domains was either malicious or potentially malicious.
- CPR provides examples of websites that mimic ChatGPT, intending to lure users to download malicious files, and warns users to be aware and refrain from accessing similar websites.
The Age of AI – Anxiety or Aid?
Check Point Research (CPR) started raising concerns about ChatGPT’s implications for cybersecurity.
In our previous report, CPR put a spotlight on an increase in the trade of stolen ChatGPT Premium accounts, which enable cybercriminals to get around OpenAI’s geofencing restrictions to secure unlimited access to ChatGPT.
In this blog, we are reporting that Check Point Research has recently noticed a surge in cyberattacks leveraging websites associated with the ChatGPT brand. These attacks involve the distribution of malware and phishing attempts through websites that appear to be related to ChatGPT.
We have identified numerous campaigns that mimic the ChatGPT website with the intention of luring users into downloading malicious files or disclosing sensitive information. The frequency of these attack attempts has been steadily increasing over the past few months, with tens of thousands of attempts to access these malicious ChatGPT websites.
From the beginning of 2023 until the end of April, out of 13,296 new domains created related to ChatGPT or OpenAI, 1 out of every 25 new domains were either malicious or potentially malicious.
One of the most common techniques used in phishing schemes is lookalike or fake domains. Lookalike domains are designed to appear to be legitimate or trusted domains at a casual glance. For example, instead of the email address email@example.com, a phishing email may use firstname.lastname@example.org. The email substitutes ‘rn’ for ‘m’. While these emails may look authentic, they belong to a completely different domain that may be under the attacker’s control.
Phishers may also use fake but believable domains in their attacks. For example, an email claiming to be from Netflix may be from email@example.com. While this email address may seem legitimate, it is not necessarily owned by or associated with Netflix.
Here are some examples of the malicious websites we have identified:
Once a victim clicks on these malicious links, they are redirected to these websites and potentially exposed to further attacks:
What to Do if You Suspect a Phishing Attack
If you suspect that a website or email may be a phishing attempt, take the following steps:
- Don’t Reply, Click Links or Open Attachments: Never do what a phisher wants. If there is a suspicious link, attachment, or request for a reply do not click, open, or send it.
- Report the Email to IT or Security Team: Phishing attacks are commonly part of distributed campaigns, and just because you fell victim the scam does not mean that everyone did. Report the email to IT or the security team immediately, so that they can start an investigation and perform damage control as quickly as possible.
- Delete the Suspicious Email: After reporting, delete the suspicious email from your Inbox. This lessens the chance that you will accidentally click on it, without realizing it later.
- Beware of lookalike and fake domains: Note the language, spelling and content within the website you are clicking on. Note “small” mistakes in spelling and content that require you to download files.
While awareness of common phishing tactics and knowledge of anti – phishing practices is important, modern phishing attacks are sophisticated enough that some will always slip through. Check Point Harmony Email & Office provides visibility and protection across email phishing techniques. To learn more, you’re welcome to request a free demo.
Pre-Emptive User Protection
Check Point Anti-Phishing solutions eliminate potential threats before they reach users without affecting workflows or productivity.
- Click-time URL protection examines and blocks suspicious links in real-time, removing the risk of URLs that are weaponized after the email has been sent.
- Zero-day phishing protection identifies and blocks new and known phishing sites by analyzing the characteristics of the page and URL.
- Eliminates risk from incoming email by inspecting all aspects of messages before they enter the mailbox, including attachments, links, and email text.