How to Spot a ChatGPT Phishing Site—and What to Do if You Spot One

The following signs can help you spot a ChatGPT phishing website.

Domain Name

Scammers try to associate their phishing websites with ChatGPT or OpenAI, and the easiest way to do that is to register a domain name that contains the words "OpenAI" and "ChatGPT." According to Checkpoint, over 13,000 domains relating to ChatGPT and OpenAI were registered within four months of ChatGPT's November 2022 release.

"Openai.com" is the official website of the parent company, OpenAI, and "chat.openai.com" is the subdomain to access ChatGPT. Any other domain containing "ChatGPT" probably isn't associated with OpenAI. It might be a real website offering a genuine service, but it's unlikely that OpenAI owns it.

As per Checkpoint, one out of every 25 newly registered domain names associated with ChatGPT were malicious. Some of the malicious examples included:

chat-gpt-pc.online chat-gpt-online-pc.com chatgpt4beta.com chatgptdetectors.com chat-gpt-ai-pc.info chat-gpt-for-windows.com

All are seemingly linked to ChatGPT; all are completely fake.

Website Design and Layout

Phishing websites often mimic the design of official ChatGPT or OpenAI websites. Using the official layout, they mislead users into believing they are buying a product from the official site.

If the domain name of a website has the word "ChatGPT" in it, and the website looks like a clone of the official website, it is most likely a phishing site.

If a website contains the word "ChatGPT," but its design or layout is completely different from the official site, it could be a genuine service website. However, before you trust it, you should check out the website thoroughly to see what it offers.

What the Website Is Trying to Sell You

As of this writing, anyone can access ChatGPT-3.5 for free. If a website demands you pay a few cents or a dollar to access ChatGPT-3.5, it's a scam. Similarly, you can only purchase ChatGPT Plus (and ChatGPT-4) subscriptions from the official website. If scammers offer a cheaper price as a reason to subscribe to ChatGPT Plus, it's probably trying to trap you in a scam.

In contrast, if a website sells ChatGPT-related products, such as AI writing detection tools, premium ChatGPT prompts, courses, etc., you should check its reliability thoroughly.

Other Ways to Assess the Credibility of a Website

The following signs can help you assess the credibility and trustworthiness of a suspicious website selling ChatGPT-related products:

Check the website's age. If a website is just a few weeks old, your best bet should be to stay away. Review the website's content. If the content is poorly written or contains grammatical errors, scammers probably operate the website. If the website creates an urgency to buy a product, such as by showing a countdown, don't buy anything from it. Google sometimes warns users when they visit highly reported websites. If you receive such a warning, stay away from the website. If there is no padlock symbol beside the website URL and you see "Non-secure" written there, the website doesn't have the SSL-protection, which is a phishing sign. Search using the website's URL on Google or any other search engine. If there are bad reviews or negative comments about the website on public forums, that's another sign it could be malicious. If there are no details about the company that owns the website or the site lacks important pages (like a privacy policy or contact page), it might be a scam. If the website doesn't have any reviews or online presence, that suggests it's pretty new, so it's best to steer clear of it.

We know criminals will try everything to trick unsuspecting users into their scams. But knowing most of the signs of a ChatGPT phishing site gives you a big advantage and boosts your security.

What Should You Do if You Spot a ChatGPT Phishing Website?

If you see any signs mentioned above or the website appears suspicious at first glance, report it immediately (for example, to CISA in the USA and the NCSC in the UK—both national computer crime agencies for their respective countries). Do not use your personal information, not even to log in, and do not use credit cards or other financial information. Also, avoid downloading attachments or clicking website links.

Besides that, post about the website with its URL in a public forum (somewhere like Reddit or X) and explain why you believe it is suspicious. It will prevent other users from falling victim to it and maybe encourage a security researcher to investigate it.

Already Fallen Victim to a ChatGPT Phishing Website? Here's What to Do Next

If you have already fallen victim to a ChatGPT phishing website, you can take a few steps to undo some of the damage.

If you've just landed on a phishing site and haven't done anything else, you're probably safe. All you have to do is leave the website and never visit it again. If you have purchased a product or subscribed to a service on the phishing website and realized it too late, immediately contact your credit card company or bank for a refund and request they monitor your account for suspicious activity.

Websites without SSL certificates are mainly used to steal your personal information and then sell it to scammers. Therefore, if you've used your credit card on a shady website, request your bank or company to freeze it. If you have signed up on the fraudulent website with your primary email ID or phone number, watch out for phishing emails or phone calls going forward, and change any passwords you use.

Inform the appropriate authorities about any breaches of personal (and crucial) information you mistakenly share on the website, including your social security number, name, address, etc. This will save you from legal repercussions if scammers illegally misuse your information.

If you have downloaded an attachment disguised as an important document or file, scan your device for malware to ensure it hasn't been infected. If you've installed any apps, uninstall them as soon as possible.

If you have clicked on a link or a popup on the website, check your browser for signs of hijacking. If it appears that your browser has been hijacked, uninstall it completely and then install it again.

Don't Fall Prey to ChatGPT Phishing Websites

Phishing websites are also on the rise with the growth of ChatGPT. Hopefully, you now better understand how to identify a ChatGPT phishing website and the actions you should take when you spot one. If you have already fallen victim to a phishing website, take the required actions to protect your privacy and finances.

The above is the detailed content of How to Spot a ChatGPT Phishing Site—and What to Do if You Spot One. For more information, please follow other related articles on the PHP Chinese website!