#1 Middle East & Africa Trusted Cybersecurity News & Magazine |

43.8 C
Saturday, June 22, 2024
Cybercory Cybersecurity Magazine
HomeTopics 1AI & CybersecurityChatting with Danger: Be Aware, Fake ChatGPT Plugins Threaten User Accounts

Chatting with Danger: Be Aware, Fake ChatGPT Plugins Threaten User Accounts


Related stories

What Is CCPA? Demystifying Data Privacy: A Comprehensive Guide

In today's digital age, our personal data is a...

What Is Data Breach? The Alarming Influx: A Comprehensive Guide

In today's digital age, our personal information permeates every...

What Is Cyberattack? Under Siege in the Digital Age: A Comprehensive Guide

In the ever-expanding digital world, cyberattacks have become a...

What Is A Firewall? The Digital Gatekeeper: A Comprehensive Guide

In today's interconnected world, our devices are constantly bombarded...

What is a Hacker? Demystifying the Hacker: A Guide

The term "hacker" has become ubiquitous, often conjuring images...

The meteoric rise of large language models (LLMs) like ChatGPT has opened exciting avenues for creative expression and information access. However, this popularity also attracts malicious actors seeking to exploit user trust.

A recent wave of fake ChatGPT plugins targeting popular browsers highlights the ever-present threat of social engineering and the importance of online vigilance.

Deceptive Downloads: Stealing Logins in Disguise

In early 2023, cybersecurity researchers discovered malicious browser extensions masquerading as extensions for ChatGPT. These fake plugins promised users easy access to the AI chatbot within their web browser. However, upon installation, the plugins functioned as credential stealers, capturing unsuspecting users’ Facebook login credentials.

The attackers leveraged the popularity of ChatGPT and a lack of user awareness to trick individuals into installing the plugin. Once installed, the plugin likely communicated with a remote server controlled by the attackers, transmitting stolen login credentials. These stolen credentials could then be used to hijack user accounts, spread misinformation, or launch further attacks.

Beyond Facebook: The Broader Threat Landscape

While the reported attacks targeted Facebook logins, the underlying threat extends beyond a single platform. Cybercriminals constantly develop social engineering tactics to exploit user trust and steal login credentials. These tactics can involve fake website login pages, phishing emails imitating legitimate services, or even malicious mobile applications.

10 Ways to Stay Safe from Phony Plugins and Social Engineering:

Here are 10 practical steps you can take to protect yourself from falling victim to fake plugins and social engineering attacks:

  1. Official Sources Only: Download browser extensions exclusively from the official extension stores of your web browser (Chrome Web Store, Firefox Add-ons, etc.).
  2. Scrutinize Reviews: Read user reviews and ratings before installing any extension. Be wary of extensions with few reviews or negative feedback.
  3. Check Permissions: Pay close attention to the permissions requested by an extension before installation. A plugin for ChatGPT should not require access to your social media accounts.
  4. Strong Passwords & MFA: Utilize strong and unique passwords for all online accounts and enable multi-factor authentication (MFA) whenever available.
  5. Be Wary of Unsolicited Links & Attachments: Do not click on links or open attachments from unknown senders, even if they appear to be from legitimate sources.
  6. Hover Over Links: Before clicking, hover your mouse over a link to see the actual destination URL. This can help identify suspicious links disguised as legitimate websites.
  7. Verify Website Legitimacy: Before logging into any website, double-check the URL for typos or inconsistencies. Phishing sites often mimic legitimate website addresses.
  8. Regular Reviews: Periodically review the extensions installed in your browser and uninstall any that are no longer needed.
  9. Security Software: Utilize reputable antivirus and anti-malware software to help detect and block malicious software and phishing attempts.
  10. Stay Informed: Stay updated on the latest cybersecurity threats and social engineering tactics by following reputable security blogs and news outlets.


The case of fake ChatGPT plugins serves as a stark reminder to be cautious when interacting with online tools and extensions. By implementing these security measures and fostering a culture of online skepticism, we can significantly reduce the risk of falling victim to social engineering attacks and protect our valuable online accounts. Remember, if something seems too good to be true online, it probably is.

Ouaissou DEMBELE
Ouaissou DEMBELEhttps://cybercory.com
Ouaissou DEMBELE is an accomplished cybersecurity professional and the Editor-In-Chief of cybercory.com. He has over 10 years of experience in the field, with a particular focus on Ethical Hacking, Data Security & GRC. Currently, Ouaissou serves as the Co-founder & Chief Information Security Officer (CISO) at Saintynet, a leading provider of IT solutions and services. In this role, he is responsible for managing the company's cybersecurity strategy, ensuring compliance with relevant regulations, and identifying and mitigating potential threats, as well as helping the company customers for better & long term cybersecurity strategy. Prior to his work at Saintynet, Ouaissou held various positions in the IT industry, including as a consultant. He has also served as a speaker and trainer at industry conferences and events, sharing his expertise and insights with fellow professionals. Ouaissou holds a number of certifications in cybersecurity, including the Cisco Certified Network Professional - Security (CCNP Security) and the Certified Ethical Hacker (CEH), ITIL. With his wealth of experience and knowledge, Ouaissou is a valuable member of the cybercory team and a trusted advisor to clients seeking to enhance their cybersecurity posture.


- Never miss a story with notifications

- Gain full access to our premium content

- Browse free from up to 5 devices at once

Latest stories



Please enter your comment!
Please enter your name here