ChatGPT-Related Domains Seeing a Rise in Malicious Activities
In recent years, hackers have taken advantage of various buzzreplaces such as COVID-19, crypto, and tax season to conduct malicious activities online. With the growing popularity of Open AI and ChatGPT, cybercriminals have now set their sights on these technologies. Check Point Research has revealed that in the first four months of 2023, they tracked 13,296 domains registered in relation to Open AI and ChatGPT, and shockingly, 1 in 25 of these domains were found to be malicious.
Signs to Look for in Malicious ChatGPT Sites
The fake ChatGPT-related domains registered by cybercriminals are typically designed to look like the real thing. Some of these fake sites simply copy OpenAI’s actual landing page as closely as possible. Others tend to overtly project their relation to ChatGPT, using domain names such as chat-gpt-pc.online, chatgpt4beta.com, and chatgptdetectors.com. Some even go as far as offering related services, such as software for detecting ChatGPT prose.
Risk of Falling for Fake ChatGPT Sites
The threat of these malicious ChatGPT sites lies not only in their ability to deceive individuals but also their potential to harm enterprises. According to Omer Dembinsky, the data group manager at Check Point Software, and the lead researcher behind the report, there are two main potential issues for enterprises. Firstly, employees can inadvertently download malicious files and applications from these sites, providing cybercriminals with a foothold on their corporate network. Secondly, because these fake sites mimic ChatGPT so convincingly, employees may submit queries containing sensitive corporate information to these fake websites.
Protecting Against Malicious ChatGPT Sites
To avoid falling for these traps, Check Point Research recommends that individuals practice basic cyber hygiene around phishing emails. This includes avoiding replying to, clicking on links, or opening attachments in unverified emails; reporting suspicious emails to IT or security teams; deleting suspicious emails; and being on the lookout for lookalike and fake domains.
However, the researchers caution against relying solely on awareness of common phishing tactics and anti-phishing best practices. Modern phishing attacks are incredibly sophisticated and some will always slip through. As a result, Dembinsky advises enterprises to educate their employees and to implement effective anti-phishing measures.
Final Thoughts
The rise of malicious ChatGPT-related domains is a significant concern for cybersecurity and online safety. These domains pose a considerable risk to both individuals and enterprises. Therefore, it’s imperative that individuals practice basic cyber hygiene around phishing emails, and companies implement effective anti-phishing mitigations to prevent potential harm to their corporate network.
<< photo by Henry Be >>
