ChatGPT Impersonation Fuels a Clever Phishing Scam: INKY

INKY has published a new Fresh Phish that impersonates OpenAI and takes numerous creative steps to harvest credentials. 

To give you an idea of the complexity, here is a recap of the techniques used in this phish:

  • Brand impersonation — using brand logos and trademarks to impersonate well-known brands.
  • Spoofing – disguising an email address so it appears to be from someone familiar. 
  • Malicious links – a clickable link that directs users to an illegitimate or unsafe website, usually for the purpose of harvesting credentials.
  • Credential harvesting — occurs when a victim thinks they are logging in to one of their resource sites but are really entering credentials into a dialog box owned by the attackers.
  • Dynamic redirection — uses elements of the victim’s email address, particularly the domain, to guide the attack flow.

You can read their research here.

Leave a Reply

%d bloggers like this: