Artificial intelligence-run ChatGPT has fascinated the world since it was unveiled last year – but cybercriminals have now unleashed 'evil cousins' of the bot aimed at defrauding users.
Bots such as ChatGPT are 'trained' on huge amounts of internet data to allow them to interact in a 'human-like' fashion, but have strict 'guard rails' to prevent them telling people how to make a bomb, or write a phishing email.
In stark contrast, WormGPT, WolfGPT and FraudGPT were created by cybercriminals purely to cause crime – and can create realistic phishing emails (among other things) without the tell-tale errors and poor English typical of such attacks.
Marketed on dark web forums with an advert promising 'EASY MONEY!' WormGPT was the first, but was rapidly followed by other tools built for crime, mostly offered for a fee or subscription on hacker sites.
All can produce phishing emails, fake websites and other attacks which are highly convincing. So how can you avoid being scammed?
What are WormGPT, WolfGPT and FraudGPT?
Marijus Briedis, a cybersecurity expert at NordVPN, told Yahoo News: "Bad things come in threes, and the trio of WormGPT, FraudGPT and WolfGPT are at the frontline when it comes to exploring the dark potential of AI to supercharge scams.
"WormGPT, the original evil chatbot has the ability to create malicious code, craft phishing emails, hijack websites and spread false information. It has become associated with sustained malware and ransomware attacks.”
WormGPT can be used for CEO fraud, where scammers craft emails claiming to be from executives at a company, asking for 'urgent' bank transfers – as well as scams where victims are told they have won lotteries or other prizes.
Read more: ChatGPT – what you need to know
FraudGPT focuses on scamming individuals in 'spear phishing' attacks – creating phishing emails, and persuading people to click on harmful links.
Briedis said: "Finally, WolfGPT is a black-hat AI tool promoted as a Fort Knox for hackers, offering criminals confidentiality while enabling them to produce potent cryptographic malware that is highly difficult to detect.
"This type of malware is often associated with ransomware attacks, encrypting large volumes of personal data on the device of an individual or business and demanding money to restore it."
How can you stay safe from AI scam bots?
So how can users stay safe when tools such as WormGPT can create word-perfect phishing emails?
Staying alert to context can help – why is someone emailing you, and why do they need private information?
It's worth noting that while the text in an email might be perfect, there might be other warning signs – does the email address look unusual? What about the email signature?
Briedis said: "Be careful when communicating online, whether it's through email or instant chat tools.
"Always double-check the legitimacy of unexpected messages, especially when they involve private information or money.
"Keep updated. Make sure you have the latest security software installed on your device, update it regularly, and use reputable antivirus programs."
To avoid being targeted, it also helps to be careful about what you share online – don’t share details such as home addresses or phone numbers.
Briedis said that there are now several tools available that scan automatically for AI scam emails, including NordVPN's Sonar.