ChatGPT is the latest technology craze, building off the same kind of hype cycle that built Bitcoin and other cryptocurrencies into household names. But as with crypto, there's a thin line between hype and outright fraud.
Meta Platforms is sounding the alarm about new ChatGPT scams that exploit the growing buzz to separate users from their money and private information.
ChatGPT, explained
ChatGPT is a next-generation AI system that essentially mimics a conversation between users and an artificial intelligence. According to the Associated Press, the system responds to questions and requests from users with increasingly sophisticated outputs, including complex arguments, realistic photos and videos, and even silly poems and original songs. The Guardian reports that users have used the chatbot to write up convincing college essays, fictional stories, haikus and even job application letters.
From just $107.88 $24.99 for Kiplinger Personal Finance
Become a smarter, better informed investor. Subscribe from just $107.88 $24.99, plus get up to 4 Special Issues
Sign up for Kiplinger’s Free Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.
Profit and prosper with the best of expert advice - straight to your e-mail.
San Francisco-based startup OpenAI launched ChatGPT on Nov. 30, 2022 as part of a broader set of artificial intelligence technologies. But unlike previous "large-language models" like OpenAI’s GPT-3, ChatGPT is free and much easier to use by anyone with an internet connection.
Millions of users have experimented with the tool since its launch, all the while helping ChatGPT get smarter and more human in its responses.
How to spot the scams
Since March 2023, Meta's security researchers have discovered 10 new families of malware, or computer software with malicious intent, using ChatGPT and related themes to target internet users.
In just the few months since ChatGPT launched, scammers have built mountains of fake browser extensions, mobile apps and other programs offering the promise of ChatGPT tools. Certain scam programs actually have semi-functional chatbot capabilities that exist alongside the core malware to evade detection for longer.
Many scam chatbots mimic offerings from Google and TikTok as those products trend in the news. In response to crackdowns, some scammers turn to targeting smaller services like Buy Me a Coffee to host and deliver malicious programs.
Scammers promote product downloads via convincing ads targeting vulnerable users across Facebook and Instagram, as well as email and other internet platforms. Once users download these fake programs from landing pages like the one below, scammers can gain access to the victims' most private data and even bank accounts.
Meta warns that users' devices may be infected with malware if they exhibit the following signs:
- Shorter device battery life
- Suspicious account activity that users didn't authorize, including financial charges
- Slower device speeds or unexpected freezing
- Suspicious popups appearing frequently in your browser
- Odd toolbars, icons or tabs that you didn't install
What Meta is doing about it
Meta has blocked over 1,000 unique ChatGPT-themed scam web addresses from their social media platforms and shared them with other tech companies to take action on their properties.
Meta is also rolling out new malware removal support for businesses affected by ChatGPT fakes and other scams. The company's new support tool guides users through how to identify and remove malware, including using third-party antivirus tools.
Meta is boosting authorization requirements for sensitive Meta Business account actions like accessing a credit line or changing business administrators. Businesses will now need to user two-factor authentication, email verification or coworker approval to complete actions that might have significant financial or corporate impacts.
To prevent scammers adding themselves as Facebook or Instagram business admins, businesses can now create restrictions to only allow administrators to access their Meta business managers from trusted, selected domains and more effectively audit people’s access.
Finally, Meta will soon introduce Meta Work accounts that finally separate administrators' personal Facebook and Instagram profiles from the Business Manager login process. Hackers often begin by hacking the personal accounts of key business employees to gain access to their more lucrative corporate logins. This step could mitigate one of the most common threat vectors for hacking corporate Facebook and Instagram accounts.
Related Content
-
December Fed Meeting: Live Updates and CommentaryThe December Fed meeting is one of the last key economic events of 2025, with Wall Street closely watching what Chair Powell & Co. will do about interest rates.
-
This Is Why Investors Shouldn't Romanticize BitcoinInvestors should treat bitcoin as the high-risk asset it is. A look at the data indicates a small portfolio allocation for most investors would be the safest.
-
I'm a Federal Benefits Pro: I Answer These 2 Questions a LotMany federal employees ask about rolling a TSP into an IRA and parsing options for survivor benefits, both especially critical topics.
