HKCERT Security Tips: Beware of Fake ChatGPT Apps and Phishing Websites
Recently, the artificial intelligence (AI) ChatBot, ChatGPT, has taken the Internet by storm. It is reported that the tool already has 100 million users. Most users say that compared with traditional search engines which only rely on input queries to provide websites of highly relevance, ChatGPT allows users to ask questions in the format of a person-to-person dialogue and then output responses. In addition, the generated answers are very accurate with detailed explanations, saving the time to search for information after using search engines.
The artificial intelligence chatbot, ChatGPT, which gained 100 million users worldwide within just two months of its launch in November 2022, has recently introduced a paid subscription service called ChatGPT Plus. Unfortunately, this has provided an opportunity for hackers to exploit this new measure by offering fake apps or free access to the premium service, so as to trick users into downloading malware or sharing sensitive information.
According to a recent report from Cyble, a cyber security intelligence company, hackers have created fake websites, social media pages and mobile apps that resemble the official one to lure users to download malicious files unknowingly. Cyble has discovered over 50 counterfeit and malicious apps that use the ChatGPT logo to execute harmful activities, including SMS fraud, spyware, and billing fraud.
In this regard, the Hong Kong Computer Emergency Response Coordination Centre (HKCERT) reminds users to:
Access ChatGPT only through its official channel (https://chat.openai.com/) once the service becomes available to Hong Kong users;
Install applications only from official apps stores and from a reputable publisher;
Verify the social media page by using the social media verification badge function (such as the Blue Badge in Facebook and Instagram);
Do not open unknown files, web pages and emails; Use the “Scameter” of Cyberdefender.hk to identify frauds and online pitfalls through email, URL or IP address, etc.
Always keep the system, software, and antivirus software up to date.
For more details about the security risk of artificial intelligence chatbot, please refer to:
