Freely subscribe to our NEWSLETTER

The age of AI – Anxiety or Aid?
In December 2022, Check Point Research (CPR) started raising concerns about ChatGPT’s implications for cybersecurity.
In our previous report, CPR put a spotlight on an increase in the trade of stolen ChatGPT Premium accounts, which enable cyber criminals to get around OpenAI’s geofencing restrictions to secure unlimited access to ChatGPT.
In this blog, we are reporting that Check Point Research have recently noticed a surge in cyberattacks leveraging websites associated with the ChatGPT brand. These attacks involve the distribution of malware and phishing attempts through websites that appear to be related to ChatGPT.
We have identified numerous campaigns that mimic the ChatGPT website with the intention of luring users into downloading malicious files or disclosing sensitive information. The frequency of these attack attempts has been steadily increasing over the past few months, with tens of thousands of attempts to access these malicious ChatGPT websites.
Since the beginning of 2023 until the end of April, out of 13,296 new domains created related to ChatGPT or OpenAI, 1 out of every 25 new domains were either malicious or potentially malicious.

Fake Domains
One of the most common techniques used in phishing schemes are lookalike or fake domains. Lookalike domains are designed to appear to be a legitimate or trusted domain at a casual glance. For example, instead of the email address boss@company.com, a phishing email may use boss@cornpany.com. The email substitutes ‘rn’ for ‘m’. While these emails may look authentic, they belong to a completely different domain that may be under the attacker’s control.
Phishers may also use fake but believable domains in their attacks. For example, an email claiming to be from Netflix may be from help@netflix-support.com. While this email address may seem legitimate, it is not necessarily owned by or associated with Netflix.

Here are some examples of the malicious websites we have identified:
• chat-gpt-pc.online
• chat-gpt-online-pc.com
• chatgpt4beta.com
• chatgptdetectors.com
• chat-gpt-ai-pc.info
• chat-gpt-for-windows.com

What to Do if You Suspect a Phishing Attack
If you suspect that a website or email may be a phishing attempt, take the following steps:
• Don’t Reply, Click Links, or Open Attachments: Never do what a phisher wants. If there is a suspicious link, attachment, or request for a reply do not click, open, or send it.
• Report the Email to IT or Security Team: Phishing attacks are commonly part of distributed campaigns, and just because you fell victimto the scam does not mean that everyone did. Report the email to IT or the security team immediately, so that they can start an investigation and perform damage control as quickly as possible.
• Delete the Suspicious Email: After reporting, delete the suspicious email from your Inbox. This lessens the chance that you will accidentally click on it, without realizing it later.
• Beware of lookalike and fake domains: Note the language, the spelling and content within the website you are clicking on. Note “small” mistakes in spelling and content that requires you to download files.

While awareness of common phishing tactics and knowledge of anti-phishing best practices is important, modern phishing attacks are sophisticated enough that some will always slip through. Check Point Harmony Email & Office provides visibility and protection across email phishing techniques. To learn more, you’re welcome to request a free demo.