gone fishing
Disclaimer: This seems to be an ongoing scam. I reported many of these urls already, however I do not advise visiting any of them. At any time an attacker controlled domain could be switched to malware, shock content, etc. I felt the responsible thing to do was to include them in screenshots, to bring awareness to where and what to avoid. PII has been removed to protect potential victims. Educate yourself!!! Don't fall for scams!!!
...
I check my email !!!
And when you put your email on a blog you get a lot of interesting spam.
This seems to be a popular grift right now, so it piqued my interest.
Or at least I would assume it is, because they felt the need to email me multiple times.
Very obviously not from openAI spam email (also, I don't use their services):
This email looks very... professional, with the only clear give away being the email address.
Likely this is a compromised university account.
I received multiple emails just like this, from different over seas universities.
I can't really speak to the legitimacy of these unis, however all of them appear to be in Malaysia.
Taking a step back, we can directly look at the html of the email.
That big green "Update Payment Information" is actually a link to not-openAI.
As of writing, this website is now down.
If we proxy our https traffic we can analyze what's going on:
Sending a GET /gpt/ to this host (pressing the button) causes the server to issue a 301 redirect to another host.
You're redirected so fast, that you don't see this initial website.
It's hard to tell how, but this first website has been compromised in some way.
The domain we're redirected to appears to be region locked to North America, and cannot be visited via vpn. (Power of the us dollar I guess.)
We get bounced around likely as a poor attempt to cover their butts.
This is what the phishing site looks like:
The audacity to hit me with a recaptcha on a phishing website.
Some times these captcha's themselves are the scam. This one however, seems to be normal.
Again, a very professional looking scam. However very obviously not from openAI (always carefully check that url).
With AI tools becoming more accessible, it's very trivial for a non-english speaker to clone or create a convincing page. It is very likely this has fooled at least 1 person.
Stripe?? Oh that's someone's full legal name. Better clip that out.
It's very likely this stripe account was created using a stollen identity. Or this scam is ran by someone with a room temperature IQ.
So who owns this scam site?
Well, at least they had the sense to spend the extra 10$ for whois protection.
Reported, blocked, etc
If there's something you would like me to investigate, please email me or comment below.
I love doing independent research, and I'm always willing to take on a challenge or look into something weird.
Thanks!
- ← Previous
riscv obfuscated lock (micro-ctf) - Next →
you think this is a game?