ChatGPT-4 Phishing Websites and Other Threats
Author: Trend Micro
The advanced chatbot, ChatGPT-4, has been one of the big news stories of the year so far, understandably as its ingenious uses continue to impress. Unfortunately however, it’s not all positives: the chatbot can also be used for various malicious purposes. Researchers have warned that cybercriminals can use ChatGPT to compose the text for phishing emails — meaning more phishing emails and more cyberthreats. Then there’s the problem of fake ChatGPT apps, websites, and associated malware, which we’ve previously reported on.
This week we’ve discovered yet more ChatGPT-4 phishing attacks and other threats. Read on for the low-down.
ChatGPT-4 Phishing Websites
AI Pro
Ink AI
Both AI Pro and Ink AI are highly suspect and operate in the same way: a chaotic phishing email arrives in your inbox, promising a new AI chatbot that has seemingly appeared out of nowhere but is supposedly superior to ChatGPT. Both AI Pro and Ink AI claim to be able to do all that ChatGPT can do — and more! You may wonder then, why you’ve never heard of either in the news: that would be a good question.
If you click on the phishing links in the emails, you’ll then be taken to the websites seen above, which appear to have been designed by a lunatic with rainbows for eyes. Aside from the randomness and optics, there are other red flags that suggest these two websites are scams:
- The websites were only created last month.
- There is no support available — or contact details.
- There is a proliferation of grammatical errors and strange word choice, especially in the emails.
- There are exaggerated claims, and strangely precise — yet completely hypothetical — figures, such as the $569.56 claim, and the 45 seconds mentioned by both.
- Both AI Pro and Ink AI appear to share duplicated content.
Our advice? Stay away from emails and websites like these, and stick to OpenAI’s official ChatGPT or other reputable chatbots, such as Google’s Bard.
ChatGPT-4 “Banker” Phishing Attack
The ChatGPT “Banker” phishing attack involves fake webpages and a trojan virus. Would-be victims are deceived by malicious websites impersonating ChatGPT, such as the below.
Sample fake website
A phishing lure will be used, in this case a request for service permissions, to entrap the victim. If the victim complies, an Android banking trojan will be downloaded onto the victim’s device, at which point the cybercriminal can steal financial credentials.
Sample phishing lure
Be on the lookout for these dangerous ChatGPT phishing websites:
- openai-pro[.]com
- pro-openai[.]com
- openai-news[.]com
- openai-new[.]com
- openai-application[.]com
Other threats we’ve seen include:
Backdoor ChatGPT Threat
Opens a limited webpage of OpenAI and demands remote control access of a victim’s device.
Backdoor
Spyware ChatGPT Threat
Utilizes malicious fake apps that request excessive device permissions and then install spyware in order to steal personal credentials.
Spyware
Billfraud ChatGPT Threat
Discreetly subscribes its target to various premium services through SMS billing fraud.
Billfraud
Protecting Your Social Media and Personal Info
We would encourage readers to head over to our new FREE ID Protection platform, which has been designed to meet challenges such as those above. With it, you can secure your social media accounts with our Social Media Account Monitoring tool, with which you’ll receive a personal report:
Aside from this, you can also:
- Check to see if your data (email, number, password, social media) has been exposed in a leak,
- Receive the strongest tough-to-hack password suggestions from our advanced AI.
All this for free — give it a go today. As always, we hope this article has been an interesting and/or useful read. If so, please do SHARE it with family and friends to help keep the online community secure and informed — and consider leaving a like or comment below. Here’s to a secure 2023!
This article was published in collaboration with Trend Micro.
Report a Scam!
Have you fallen for a hoax, bought a fake product? Report the site and warn others!
Scam Categories
Help & Info
Top Safety Picks
Your Go-To Tools for Online SafetyDisclaimer: Some of the links here are affiliate links. If you click them and make a purchase, we may earn a commission at no extra cost to you.
- ScamAdviser App - iOS : Your personal scam detector, on the go! Check website safety, report scams, and get instant alerts. Available on iOS
- ScamAdviser App - Android : Your personal scam detector, on the go! Check website safety, report scams, and get instant alerts. Available on Android.
- NordVPN : NordVPN keeps your connection private and secure whether you are at home, traveling, or streaming from another country. It protects your data, blocks unwanted ads and trackers, and helps you access your paid subscriptions anywhere. Try it Today!
- Incogni : Incogni automatically removes your personal data from data brokers that trade in personal information online, helping reduce scam and identity theft risks without the hassle of manual opt-outs. Reclaim your privacy now!
Popular Stories
As the influence of the internet rises, so does the prevalence of online scams. There are fraudsters making all kinds of claims to trap victims online - from fake investment opportunities to online stores - and the internet allows them to operate from any part of the world with anonymity. The ability to spot online scams is an important skill to have as the virtual world is increasingly becoming a part of every facet of our lives. The below tips will help you identify the signs which can indicate that a website could be a scam. Common Sense: Too Good To Be True When looking for goods online, a great deal can be very enticing. A Gucci bag or a new iPhone for half the price? Who wouldn’t want to grab such a deal? Scammers know this too and try to take advantage of the fact. If an online deal looks too good to be true, think twice and double-check things. The easiest way to do this is to simply check out the same product at competing websites (that you trust). If the difference in prices is huge, it might be better to double-check the rest of the website. Check Out the Social Media Links Social media is a core part of ecommerce businesses these days and consumers often expect online shops to have a social media presence. Scammers know this and often insert logos of social media sites on their websites. Scratching beneath the surface often reveals this fu
How do I recover my crypto after it’s stolen? What happens if your crypto wallet is compromised? Can stolen crypto be traced, and can police actually recover crypto in 2026? These are the questions most people ask within minutes of realizing their wallet has been drained. Crypto theft is fast, quiet, and unforgiving. By the time most victims notice something is wrong, the funds are already moving across the blockchain. Once seen as a problem for exchanges and whales, crypto theft now heavily affects everyday investors. Phishing links, fake support chats, wallet approval scams, SIM swaps, and malware attacks have become common. Knowing what recovery realistically looks like—and what it doesn’t—can prevent panic, bad decisions, and costly follow-up scams. In a Nutshell Crypto recovery is possible, but only in limited situations Blockchain transactions are irreversible, but stolen crypto can still be traced Speed and documentation matter more than optimism Police and exchanges play a bigger role than private recovery services Guaranteed recovery offers are almost always scams Is it Actually Possible to Recover Stolen Crypto? Yes, crypto recovery is possible, but only under specific conditions and rarely through direct action by the victim. Blockchain transactions are final by design. Once crypto is sent and confirmed, it cannot be reversed. There is no central authority, no chargeback process, and no technical “undo” button, even if the transaction was clearly fraudulent. This is where many people ask whether stolen crypto can be traced. In most cases, it can. Every transaction