NewNow you can hear Fox News article!
AI chatbots are quickly becoming people in the primary way people who interact with the Internet. Instead of browsing through the list of links, now you can get direct answers to your questions. However, these devices often provide information that is completely incorrect, and in terms of security, it can be dangerous. In fact, cyber security researchers are warning that hackers have started exploiting flaws in these chatbots to carry out AI phishing attacks.
In particular, when people use AI tools to discover login pages, especially for banking and technical platforms, the device returns incorrect links. And once you click on that link, you can be directed on fake websites. These sites can then be used to steal personal information or login.
Sign up for my free cyber report
Distribute my best technical tips, immediate safety alerts, and exclusive deals directly into your inbox. In addition, you will get immediate access to my final scam survival guide – when you join me Cyberguy.com/newsletter.
A man is using a chat on his laptop. (Kurt “Cybergui” Notson)
What you should know about AI Fishing attacks
Natakraft researchers recently conducted a test on GPT -4.1 family families, which are also used by Microsoft’s Bing AI and AI search engine Perplexity. He asked where to log in to fifty different brands in banking, retail and tech.
The chatbot returned from 131 unique links, only two-thirds were correct. About 30 percent of the links point to the unregistered or passive domain. Another five percent gave rise to unrelated websites. Overall, more than a third of reactions associated with pages owned by real companies. This means that a person looking for login link can easily eliminate a fake or unsafe site.
If the attackers register those unclaimed domains, they can create a fishing page and wait. Since the answer to AI-supply often seems official, users are more likely to rely on it without double-checking.
Wikipedia page is showing details of chat on a smartphone. (Kurt “Cybergui” Notson)
AI phishing attacks are already happening: the example of the real world
In a recent case, a user asked Perplexity AI for the Wales Fargo login page. The top result was not the official Wales Fargo site; It was a fishing page hosted on Google sites. The fake site closely copied the actual design and motivated users to enter personal information. Although the correct site was listed and listed below, many people would not notice or think to verify the link.
The problem in this case was not specific to the underlying model of perplexity. It stems from the abuse of Google sites and lack of veting in the discovery results revealed by the equipment. Nevertheless, the result was the same: a reliable AI platform inadvertently directs someone to a fake financial website.
Small banks and regional credit unions also face high risk. These institutions are less likely to appear in AI training data or to be accurately indexed on the web. As a result, the AI equipment is more prone to estimate or fabrication of the link when asked about them, which increases the risk of highly exposed to users.
Image of chat on desktop computer screen. (Kurt “Cybergui” Notson)
7 ways you can protect yourself from AI Fishing attacks
As AI phishing attacks are more sophisticated, protecting yourself starts with some smart habits. Here are seven that can create a real difference:
1) Never rely on link to AI chat reactions
AI chatbots are often confident when they are wrong. If a chatbot tells you where to log in, do not click the link immediately. Instead, go directly to the website by typing the URL of it manually or using a reliable bookmark.
2) Carefully double-check the domain names
AI-Janit Fishing Links often use Luklaic Domains. Check for the subtle mistakes, additional words, or unusual ends such as “.site” or “.Info” instead of “.com”. If it feels slightly closed, do not move forward.
3) Use two-carnational certification (2fa) wherever possible
Even if your login credentials are stolen, 2FA adds an additional layer of security. When available, choose Google authentic or auto-based authentic auto instead of SMS-based code.
4) Avoid logging through the search engine or AI tool
If you need to reach your bank or tech account, avoid finding it or asking for a chatbot. Use your browser’s bookmark or enter the official URL directly. AI and search engines can sometimes accidentally place the fishing pages on the surface.
5) Report suspicious AI-Janit link
If a chatbot or AI tool gives you a dangerous or fake link, report it. Many platforms allow user feedback. This AI system helps others to learn and reduce future risks.
6) Keep your browser updated and use strong antivirus software
Modern browsers such as chrome, safari and edge now include fishing and malware protection. Enable these features and keep everything updated ..
If you want additional security, the best way to protect yourself from malicious links is to install strong antivirus software on all your equipment. This security can also make you alert for email and ransomware scams, keeping your personal information and digital assets safe.
Get my pics for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices Cyberguy.com/Lockupyourtch.
7) Use password manager
Password managers not only generate strong passwords, but can also help in detecting fake websites. They will not usually field auto-fill login on Luklaic or Spufed sites.
Check the best expert-review password managers of 2025 Cyberguy.com/passwords.
Kurt’s key to Techway
Attackers are changing strategies. Instead of gaming search engines, they now designed materials especially for the AI model. I am constantly urging to re -examine the URL for discrepancies before entering any sensitive information. Since chatbots are still known to produce extremely wrong reactions due to AI hallucinations, be sure to verify anything that a chatbot tells you before applying it in real life.
Should AI companies do more to prevent fishing attacks through their chatbots? Write us and tell us Cyberguy.com/Contact.
Sign up for my free cyber report
Distribute my best technical tips, immediate safety alerts, and exclusive deals directly into your inbox. In addition, you will get immediate access to my final scam survival guide – when you join me Cyberguy.com/newsletter.
Copyright 2025 cyberguy.com. All rights reserved.
