OpenAI’s GPT-4 used as bait to launch phishing campaigns
Scammers continue to find novel ways to steal cryptocurrency and this time they’re riding on OpenAI’s launch of GPT-4. Tenable Research has found that a day after the eagerly anticipated launch of OpenAI’s Generative Pre-trained Transformer Version 4 (GPT-4), on 15 March, scammers began sending phishing emails and tweeting phishing links to cryptocurrency enthusiasts about an OpenAI crypto token. The only problem is – an OpenAI crypto token does not exist.
OpenAI only provides GPT-4 access to ChatGPT Plus subscribers and developers via its API. The unintended effect of this limited access provides scammers with an ideal hook to lure unsuspecting users to their phishing sites. The scammers mimic the OpenAI site to try to get crypto users to link their digital wallets, and once that happens, they drain their accounts.
The phishing email (screenshot below) contains a single block of text: “Don’t miss out on the limited-time OpenAI DEFI token airdrop.” It includes an image of an OpenAI email based on a template of what a legitimate OpenAI email might look like. However, the purported email contains a number of grammatical and spelling errors.
Similar versions of this message were also spotted being circulated on Twitter.
“Having researched cryptocurrency scams over the last four years, I’ve learned that scammers are opportunistic, impersonating noteworthy individuals or brands to promote fake tokens like Tesla tokens and SpaceX tokens as well as a plethora of fake giveaways,” said Satnam Narang, Sr. staff research engineer at Tenable. “The impersonation of OpenAI and the promotion of a fake OpenAI token continues this trend.”
For users interested in GPT-4 and ChatGPT or cryptocurrency and the blockchain, it’s paramount that they continue to operate with a high degree of skepticism regarding cryptocurrency giveaways and token airdrops. Users are urged to conduct extensive research before connecting their wallets to such websites.