Threat Research

Bitdefender Labs warns of fresh phishing campaign that uses copycat ChatGPT platform to swindle eager investors

Securonix

Bitdefender Antispam Labs warns of a fresh phishing campaign that uses a copycat ChatGPT platform to swindle eager investors. The scam targets several countries, leveraging unsolicited emails, a fake investment platform, and a call-center style operation to harvest personal data and funds. #CopycatChatGPT #ImportCapital

Keypoints

  • The campaign hinges on unsolicited emails that lead to a copycat ChatGPT platform offering investment opportunities.
  • Targets Denmark, Germany, Australia, Ireland and the Netherlands.
  • Victims are guided to a fake platform that promises earnings up to $10,000 per month and requires identity verification.
  • A London-based entity named Import Capital is cited, with a related domain importcapital.cc and FCA alerts flagging it as unauthorized.
  • Phishing flows through a WhatsApp-based escalation, a call-center style environment, and requests for personal data and a 250 EUR payment.
  • The scam drains data via forms (including last six digits of an ID) and uses a blacklisted domain timegaea.com to host the fake chat.
  • Protection tips include using official ChatGPT access and Bitdefender’s security solutions to guard against phishing and identity theft.

MITRE Techniques

  • [T1566.002] Spearphishing Link – Unsolicited email directs users to a copycat ChatGPT platform; “Upon accessing the link in the email, users are directed to a copycat version of ChatGPT luring users with financial opportunities that pay up to $10,000 per month ‘on the unique ChatGPT platform’.”
  • [T1056.003] Web Form – Fake investment platform collects personal data via a payment form; “the form requires a variety of personal information, including first and last name, date of birth, physical address and payment method,” and “the last six digits of a valid ID card.”

Indicators of Compromise

  • [Domain] Import Capital domain – importcapital.cc – The domain used by the fake company; “Import Capital a London-based company” and related activity discussed.
  • [Domain] TimeGaea domain – timegaea.com – The fake ChatGPT was accessible via an already blacklisted domain https://timegaea[.]com.

Read more: https://www.bitdefender.com/blog/hotforsecurity/bitdefender-labs-warns-of-fresh-phishing-campaign-that-uses-copycat-chatgpt-platform-to-swindle-eager-investors/