New Phishing Scam Targets ChatGPT Users with Fake Subscription Emails

New Phishing Scam Exploits OpenAI’s ChatGPT Brand to Steal Credentials

A newly discovered phishing campaign is targeting unsuspecting users by impersonating OpenAI’s ChatGPT Premium service. Cybercriminals are exploiting the widespread popularity of ChatGPT, using fake subscription renewal emails to trick users into revealing login credentials and financial details.

How the Scam Works

Cybersecurity researchers at Symantec uncovered a wave of phishing emails masquerading as official OpenAI communications. The fraudulent emails claim users must renew a fake “$24 monthly subscription” to continue accessing ChatGPT Premium. They contain urgent subject lines such as:

🚨 “Immediate Action Required: Renew Your ChatGPT Premium Subscription Now”

These messages direct recipients to malicious websites that mimic OpenAI’s legitimate login pages. Once users enter their credentials, scammers harvest the information for unauthorized access and potential financial fraud.

Deceptive Tactics Used by Cybercriminals

The attackers use various methods to make their emails appear genuine:

• Authentic-Looking Logos & Branding – Fake emails contain OpenAI branding, similar typography, and official-sounding messages.
• Convincing Language & Urgency – Scammers use fear tactics, warning users of service disruptions if they don’t renew immediately.
• Fake Payment Portals – Users are redirected to phishing domains that resemble OpenAI’s official website.

Some identified phishing domains include fnjrolpa[.]com and topmarinelogistics[.]com, which cybersecurity firms have flagged as fraudulent. These domains were registered using international IP addresses to obscure their origins.

Rise of AI-Powered Phishing Attacks

This scam is part of a broader trend where hackers leverage AI tools like FraudGPT—a dark web variant of ChatGPT—to craft sophisticated phishing messages. According to Microsoft’s 2023 cybersecurity report, AI-generated phishing scams now operate in over 20 languages, making detection increasingly difficult.

“AI-generated scams lack traditional spelling errors, making them harder to spot, even for experienced users,” a spokesperson from Barracuda Networks stated.

How to Protect Yourself

Experts recommend the following steps to stay safe from phishing scams:
✅ Verify URLs – OpenAI’s official domain is chat.openai.com. Avoid clicking links with slight misspellings or unfamiliar domains.
✅ Enable Multi-Factor Authentication (MFA) – Adding an extra layer of security makes it harder for hackers to access your account.
✅ Educate Yourself & Employees – Regular cybersecurity training can help identify phishing scams, as studies show 60% of users struggle to detect AI-generated scams.

With over 3.4 billion spam emails sent daily, phishing remains one of the most prevalent cyber threats. The increasing use of AI-powered fraud highlights the need for heightened vigilance. OpenAI has reiterated that all official subscription transactions occur solely on its platform and urges users to report suspicious emails.