New findings from Check Point Research (CPR), the research arm of Check Point Software Technologies, have revealed there are multiple ways cybercriminals can deceive ChatGPT users by impersonating the website and tricking them into downloading harmful files or sharing sensitive information.
One of them is through the creation of ChatGPT-related domains, and according to a new CPR report, since the start of the year, one of out 25 was either malicious or potentially malicious. Authors of the report note that, from January until the end of April, there were upwards of 13,296 new domains related to either the chatbot or OpenAI, its developer.
“We have identified numerous campaigns that mimic the ChatGPT website with the intention of luring users into downloading malicious files or disclosing sensitive information,” they state. “The frequency of these attack attempts has been steadily increasing over the past few months.”
Robert Falzon, head of engineering for Check Point’s Canadian operation, said that currently ChatGPT and other artificial intelligence (AI) related topics are gaining significant public attention.
“As more people become aware of the technology and become accustomed to seeing materials online related to this (image generation tools, AI cooking assistants, and even automated code writing interfaces), their suspicion of them will be reduced.
“Hackers and malware producers are counting on the ‘buzz’ generated by these technologies and the rapid and burgeoning demand for AI services to decrease the public’s suspicion of potential risk. Anytime we see rapid increase in demand for something, we often see a reciprocal increase in fraud associated with that item (remember the fake vaccines).”
An impersonation site, said Falzon, can be used for a “variety of malicious purposes including stealing personal information, spreading malware, or conducting phishing attacks.”
Techniques such as domain spoofing or typo-squatting, he added “make their website URLs look similar to legitimate ones (i.e., ‘www.checkpoiint.com’ where there is an extra ‘i’ in the URL). They may also use logos, branding, and other visual elements to make the site appear authentic to fool the viewer.
“Often, users are prompted to enter highly sensitive information such as login credentials, credit card numbers, or personally identifying information. The attacker then collects this information, and it can be used for identity theft or other nefarious purposes.”
Asked how someone can tell if they are using a legitimate site or impersonation site, Falzon provided the following advice:
- Check the URL: These sites can be difficult to identify at times. It is imperative to remain vigilant and always check that the URL of the site you have requested matches exactly, especially if you are being prompted to enter sensitive information or intend to do so.
- Look for HTTPS: Legitimate websites will usually have a secure connection, indicated by a padlock icon in the address bar and a URL that starts with “https.” If the site does not have HTTPS or has an invalid SSL certificate, it may be a spoofed website.
- Be cautious of pop-ups: If the website you are visiting has excessive pop-ups or prompts you to install software or plugins, it is more than likely a spoofed site attempting to trick you into downloading malware.
- Check for branding mistakes: Compare the website’s branding, logos, and colours with those of the legitimate organization. Attackers may use similar but not identical branding elements, which can be a red flag. Sometimes you can see spelling mistakes, or other grammar mistakes that a professional marketing company rarely ever make.
“It is critical to combine common sense and individual caution with software to combat sophisticated schemes,” he said. “It’s also critical to keep your software and operating system up to date to minimize the risk of malware infections in general.”
Authors of the report, which includes examples of bad sites, warn that “once a victim clicks on malicious links, they are redirected to these websites and potentially exposed to further attacks.”