A new phishing campaign targeting ChatGPT users has surged globally, exploiting the popularity of OpenAI’s services to steal personal and financial data. The campaign uses fraudulent emails that impersonate OpenAI’s ChatGPT Premium subscription, urging recipients to update their payment details. These emails, which appear to come from legitimate OpenAI sources, often contain subject lines like “Action Required: Secure Continued Access to ChatGPT with a $24 Monthly Subscription,” with embedded links leading to malicious websites that harvest user credentials. Despite passing basic email authentication checks like SPF and DKIM, subtle inconsistencies such as mismatched dates and urgent language expose the scam.
The phishing emails leverage ChatGPT’s widespread use and mimic official communication from OpenAI, with logos and typography designed to appear legitimate.
The message often warns users that they will lose access to premium features unless payment details are updated. These emails redirect users to phishing sites hosting fake OpenAI login pages, further complicating detection. Symantec has tracked these malicious domains, which were registered with international IP addresses to mask their origin, though they have since been taken down.
This campaign reflects a broader trend of cybercriminals using AI tools to enhance the effectiveness of phishing attacks. Scammers are utilizing generative AI tools like FraudGPT, which enable them to craft grammatically flawless emails that bypass traditional security checks. The rise of AI-generated phishing content has expanded the reach of these attacks, with fraudulent messages now available in more than 20 languages. As AI technology evolves, it eliminates the typical spelling and grammar errors seen in traditional scams, making it harder for users to distinguish legitimate communications from fraudulent ones.
To mitigate the risks posed by such attacks, cybersecurity experts recommend several preventive measures. Users are urged to scrutinize URLs for subtle discrepancies, as authentic OpenAI services use the official domain, https://chat.openai.com. Enabling multi-factor authentication (MFA) is also recommended to add an extra layer of security. Additionally, user education plays a critical role in defending against AI-driven scams, as studies show many users struggle to identify machine-generated content. OpenAI has reiterated that subscription updates are managed only through its official platform, advising users to report any suspicious communications.
