AI chatbots, increasingly used for interacting with the web, are becoming a target for cybercriminals who are exploiting their flaws to carry out phishing attacks. Cybersecurity researchers have uncovered that hackers are using these tools to generate deceptive login links for financial institutions and tech platforms. This poses a significant security risk, as users often trust AI responses without verifying their authenticity.
Studies conducted by Netcraft on models such as GPT-4 and Perplexity found that a substantial portion of the links returned were incorrect or led to unregistered domains. One notable case involved a user being directed to a phishing page masquerading as the official Wells Fargo site, highlighting the dangers of relying on AI for sensitive tasks. This vulnerability stems not only from the AI models but also from how search results are curated, allowing malicious actors to exploit these weaknesses.
To mitigate these risks, experts recommend adopting cautious habits when using AI chatbots. Users should verify URLs manually, avoid clicking on AI-generated links, and utilize two-factor authentication for increased security. As the sophistication of these attacks continues to grow, it is crucial for both individuals and organizations to remain vigilant and adopt proactive measures to safeguard against potential threats.