Meta Warns of ChatGPT Scams On Facebook and Instagram

There's a thin line between hype and fraud.

OpenAI's ChatGPT program against Instagram logo backdrop
(Image credit: Getty Images)

ChatGPT is the latest technology craze, building off the same kind of hype cycle that built Bitcoin and other cryptocurrencies into household names. But as with crypto, there's a thin line between hype and outright fraud. 

Meta Platforms is sounding the alarm about new ChatGPT scams that exploit the growing buzz to separate users from their money and private information. 

ChatGPT, explained

ChatGPT is a next-generation AI system that essentially mimics a conversation between users and an artificial intelligence. According to the Associated Press, the system responds to questions and requests from users with increasingly sophisticated outputs, including complex arguments, realistic photos and videos, and even silly poems and original songs. The Guardian reports that users have used the chatbot to write up convincing college essays, fictional stories, haikus and even job application letters.

Subscribe to Kiplinger’s Personal Finance

Be a smarter, better informed investor.

Save up to 74%

Sign up for Kiplinger’s Free E-Newsletters

Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.

Profit and prosper with the best of expert advice - straight to your e-mail.

Sign up

San Francisco-based startup OpenAI launched ChatGPT on Nov. 30, 2022 as part of a broader set of artificial intelligence technologies. But unlike previous "large-language models" like OpenAI’s GPT-3, ChatGPT is free and much easier to use by anyone with an internet connection.

Millions of users have experimented with the tool since its launch, all the while helping ChatGPT get smarter and more human in its responses. 

How to spot the scams

Since March 2023, Meta's security researchers have discovered 10 new families of malware, or computer software with malicious intent, using ChatGPT and related themes to target internet users.

In just the few months since ChatGPT launched, scammers have built mountains of fake browser extensions, mobile apps and other programs offering the promise of ChatGPT tools. Certain scam programs actually have semi-functional chatbot capabilities that exist alongside the core malware to evade detection for longer. 

Many scam chatbots mimic offerings from Google and TikTok as those products trend in the news. In response to crackdowns, some scammers turn to targeting smaller services like Buy Me a Coffee to host and deliver malicious programs.

Scammers promote product downloads via convincing ads targeting vulnerable users across Facebook and Instagram, as well as email and other internet platforms. Once users download these fake programs from landing pages like the one below, scammers can gain access to the victims' most private data and even bank accounts.

Meta warns that users' devices may be infected with malware if they exhibit the following signs: 

  • Shorter device battery life
  • Suspicious account activity that users didn't authorize, including financial charges  
  • Slower device speeds or unexpected freezing
  • Suspicious popups appearing frequently in your browser
  • Odd toolbars, icons or tabs that you didn't install

ChatGPT scam webpage example from Meta Platforms report

(Image credit: Meta Platforms)

What Meta is doing about it

Meta has blocked over 1,000 unique ChatGPT-themed scam web addresses from their social media platforms and shared them with other tech companies to take action on their properties. 

Meta is also rolling out new malware removal support for businesses affected by ChatGPT fakes and other scams. The company's new support tool guides users through how to identify and remove malware, including using third-party antivirus tools. 

Meta is boosting authorization requirements for sensitive Meta Business account actions like accessing a credit line or changing business administrators. Businesses will now need to user two-factor authentication, email verification or coworker approval to complete actions that might have significant financial or corporate impacts.

To prevent scammers adding themselves as Facebook or Instagram business admins, businesses can now create restrictions to only allow administrators to access their Meta business managers from trusted, selected domains and more effectively audit people’s access.

Finally, Meta will soon introduce Meta Work accounts that finally separate administrators' personal Facebook and Instagram profiles from the Business Manager login process. Hackers often begin by hacking the personal accounts of key business employees to gain access to their more lucrative corporate logins. This step could mitigate one of the most common threat vectors for hacking corporate Facebook and Instagram accounts. 

Related Content

Ben Demers
Audience Engagement Manager,

Ben Demers manages digital content and engagement at Kiplinger, informing readers through a range of personal finance articles, e-newsletters, social media, syndicated content, and videos. He is passionate about helping people lead their best lives through sound financial behavior, particularly saving money at home and avoiding scams and identity theft. Ben graduated with an M.P.S. from Georgetown University and a B.A. from Vassar College. He joined Kiplinger in May 2017.