OpenAI’s GPT-4 used as bait to launch phishing campaigns

Scammers continue to find novel ways to steal cryptocurrency and this time they’re riding on OpenAI’s launch of GPT-4. Tenable Research has found that a day after the eagerly anticipated launch of OpenAI’s Generative Pre-trained Transformer Version 4 (GPT-4), on 15 March, scammers began sending phishing emails and tweeting phishing links to cryptocurrency enthusiasts about an OpenAI crypto token. The only problem is – an OpenAI crypto token does not exist. 


OpenAI only provides GPT-4 access to ChatGPT Plus subscribers and developers via its API. The unintended effect of this limited access provides scammers with an ideal hook to lure unsuspecting users to their phishing sites. The scammers mimic the OpenAI site to try to get crypto users to link their digital wallets, and once that happens, they drain their accounts. 


The phishing email (screenshot below) contains a single block of text: “Don’t miss out on the limited-time OpenAI DEFI token airdrop.” It includes an image of an OpenAI email based on a template of what a legitimate OpenAI email might look like. However, the purported email contains a number of grammatical and spelling errors.


Similar versions of this message were also spotted being circulated on Twitter.

Image courtesy of Tenable

“Having researched cryptocurrency scams over the last four years, I’ve learned that scammers are opportunistic, impersonating noteworthy individuals or brands to promote fake tokens like Tesla tokens and SpaceX tokens as well as a plethora of fake giveaways,” said Satnam Narang, sr. staff research engineer at Tenable. “The impersonation of OpenAI and the promotion of a fake OpenAI token continues this trend.”

For users interested in GPT-4 and ChatGPT or cryptocurrency and the blockchain, it’s paramount that they continue to operate with a high degree of skepticism regarding cryptocurrency giveaways and token airdrops. Users are urged to conduct extensive research before connecting their wallets to such websites.

More information can be found on Tenable blog and an explainer video by Satnam Narang.


Media contact:

Lewis Khan

Allison + Partners

New Media Releases

Pax8 and CrowdStrike Announce Strategic Partnership to Revolutionise Cybersecurity for Managed Service Providers in the IT Channel

 Pax8, the leading cloud commerce marketplace and CrowdStrike (Nasdaq: CRWD), a leader in cloud-delivered protection of endpoints, cloud workloads, identity and data have announced a strategic partnership. The new alliance will give Managed Service Providers (MSPs) access to bundled product offerings of the CrowdStrike Falcon platform, available directly on the Pax8 Marketplace. The Pax8 and CrowdStrike partnership is the result of a shared commitment to empowering MSPs in effectively mitigating cyber risks for the businesses they serve, ensuring enhanced protection in today’s evolving threat landscape.

Palo Alto Networks and Ingram Micro Australia and New Zealand join forces to bring cutting-edge cybersecurity solutions to businesses

Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, has announced a strategic distribution agreement with Ingram Micro. With heightened demand for cybersecurity solutions across Australia and New Zealand, the agreement will add the full range of Palo Alto Networks solutions, including Prisma Access, Prisma Cloud and Cortex security solutions, to Ingram Micro’s portfolio.

Mastercard Ramps Up Fraud Protection for eCommerce Merchants by Integrating Vesta Solutions into Mastercard Payment Gateway Services

Mastercard today announced the expansion of its partnership with Vesta, the global leader in payment fraud protection. Building on the two firms’ existing fraud detection collaboration, Mastercard will be integrating Vesta’s iron-clad Payment Guarantee™ and Payment Protect risk scoring solution into its Mastercard Payment Gateway Services (MGPS) platform.

Recent Podcast Episodes

The Production Team

The KBI Production Team write and hunt down the information security professionals need to know. They present news updates and thought-piece articles designed to provide educational content and insights for the industry. You can reach out with any ideas or requests for subject coverage to with your message.

Share This