ChatGPT search: Kaspersky urges users to click links with caution
OpenAI recently introduced ChatGPT search, a new web search tool integrated into its existing interface. It is a useful feature; however, just like with traditional search, users should exercise caution when clicking on links suggested by the chatbot.
A quick check showed that a ChatGPT search might display phishing or suspicious sites when certain queries are made — when users request login pages for some crypto-related resources, for instance. In one case involving a popular crypto game, a phishing link appeared under the title and in the body of the chatbot’s response. The website seemed to prompt users to connect their crypto wallet to allegedly start playing, but in reality, it was attempting to steal funds.
ChatGPT search response
An example of a phishing page that appeared in the chatbot’s response
In another example, a search for a cryptocurrency exchange login page displayed a phishing resource in the results panel on the right, though the body of the chat response correctly included legitimate domains.
Conversely, in a sample of well-known brands among the top five most frequently targeted by phishers (Google, Facebook, Amazon, Microsoft, DHL), search results displayed safe and legitimate links.
This highlights that cyber risks related to the chatbot’s new search feature resemble those faced by traditional search engines. Phishing links can temporarily surface in top search results (this is also known as SEO or SEM phishing), potentially impacting the information ChatGPT summarizes. While the ChatGPT search primarily provides links to official sites, it could also pick suspicious or fraudulent resources in some cases. On the other hand, the chatbot’s world knowledge could act as a safeguard for well-known organizations, as the underlying LLM can have accurate information about their official websites. However, this is not a fool-proof guarantee that no phishing links will slip into the responses.
To ensure safe browsing, users should treat the bot responses with the same caution as search results:
• Verify links before clicking and exercise caution; phishing site addresses often resemble originals with subtle differences and mistakes.
• Save important websites and service links or manually enter the exact URL to avoid fraudulent sites.
• For comprehensive protection, consider solutions like Kaspersky Premium, which secures crypto wallets from scams, miners, and other threats and alerts users to suspicious websites.
