If you keep up with technology even in the slightest, no doubt you’ve heard about the wonders of ChatGPT.  Developed by the artificial intelligence (AI) research laboratory OpenAI, Chat Generative Pre-Trained Transformer, ChatGPT for short, is an artificial intelligence-powered language model designed for conversational systems such as chatbots and virtual assistants.

But is has become much more than that, and that’s why a lot of red flags are being raised for consumers to understand both its pros and cons when it comes to privacy and security with the potential of significant data breaches.

ChatGPT doesn’t have any knowledge of its own. It generates responses and information based only on the data it was trained on such as information from the internet, books and much, much more.

Many hail it as a life-changing development in technology that is already starting to transform how we live. ChatGPT is already writing and debugging code, translating text, creating summaries of long documents, writing music, creating art and automating many other challenging tasks. And it is easy to use.

Let’s look at some of the things both businesses and consumers should be wary of.

What are the Security Risks of ChatGPT?

The first thing that new users take from their first experience with ChatGPT is its ability to almost instantly generate realistic responses to questions on just about any subject.

Like any new technology, criminals using cyberattacks are turning those AI capabilities upside down to develop a growing set of threats. Here are a few examples.

Phishing Attacks

These have become an almost daily occurrence in personal and business email inboxes. An email comes from a trusted source asking you to do something that surprises you. It could be from your bank or any other website you have visited. The purpose of these attacks is to get you to reveal sensitive information like credit card numbers, Social Security number or even your login credentials.

Business email compromise has become more sophisticated with ChatGPT as well. This attack uses email to trick someone in an organization into sharing confidential company data or sending money. Security software usually detects these types of attacks by identifying patterns, but an attack like this powered with ChatGPT can get past sophisticated security filters.

Social Engineering and Impersonation: Text and Voice

AI tools like ChatGPT are so advanced they can write text in a real person’s voice and style. This is especially troubling for people in the public’s eye or business leaders who want to convey important and timely information to a mass audience. Imagine the chaos if Elon Musk or Bill Gates fell victim to this type of activity. 

AI can also fake voices to scam people and businesses. AI-driven voice cloning technology can replicate an individual’s voice with only a small sample from sources like interviews, podcasts or social media videos. Scammers use these voices to impersonate someone the victim knows and trusts, like a family member, friend or colleague. The voice may claim to be in a crisis situation and/or request financial assistance. 

When in doubt, verify the caller’s identity by asking them something only the real person would know, or hang up and contact the real person for verification. And, it probably goes without saying, don’t give them any important information about you or your company.

Automated Customer Service Scams

Many companies are moving to automated customer support technology using AI chatbots that allow you to “chat” with an AI-driven program to solve many of the more simple issues customers typically call customer service for. Cyber criminals can replicate these capabilities and convince individuals to reveal sensitive personal or business information as part of the chat history and make payments to the criminals, not the company.

Malware and Spam

One of the major security concerns is how AI can be used to generate text that appears legitimate in emails and can evade even the most sophisticated website spam filters. Criminals use these emails to get individuals to click on links that distribute malware or ransomware to their devices. 

Spam. While many people have become more competent at spotting spam, there remains a large percentage of society that will be fooled into a dialog with simple offers. The bad thing about ChatGPT is that spam output can be generated exponentially in seconds, often with embedded malware that can lead users to malicious websites. The ability to generate professional-looking phishing emails that mimic outreach from legitimate sources such as banks or retailers is closely aligned with this. Users who click links to respond put themselves at significant risk of a bad experience and the potential exposure of personal data. 

Ransomware. One of the darker ways that ChatGPT is being used is to embed ransomware that hijacks computer systems. To unlock systems, victims must pay extortionists large sums of money to regain control. Attackers usually don’t write their code. Instead, they buy it from ransomware creators on dark web marketplaces, but that could change as ChatGPT becomes more adept at generating malicious ransomware code.

Fake Reviews and Ratings

Some criminals use AL-generated content to flood e-commerce platforms with fake product reviews, ratings and comments. These fake reviews can influence consumer decisions, leading them to purchase low-quality or counterfeit products. 

User Data Protection and Data Privacy from ChatGPT Incursions

To protect yourself from these scams never share confidential information such as name, address, login credentials and credit card information. Here are some other steps to protect yourself. 

Password Protection Strategies. This seems basic, but so many of us are guilty of choosing ease over effectiveness when assigning passwords. A strong password is one of the most effective defenses against data incursions. Mix it up and use biometric security and multi-factor authentication when possible. 

Monitor Accounts. Make it a habit to monitor your banking, credit card, emails and other sensitive data pages and accounts so you can quickly spot abnormal activities. Turn on page alerts for all accounts. The use of ChatGPT by hackers can generate compelling phishing attacks.  

Keep Software Current. Always install the latest updates, which may patch security breaches and vulnerabilities crooks could use to steal your data. 

Antivirus Protection. Advanced cybersecurity software has morphed into a fully comprehensive protection package to guard against ransomware and other potentially invasive ways to steal your data. 

Enable Operating System’s Firewall. This will create a barrier that monitors traffic and blocks potentially malicious attempts to harm your cyber presence. For added protection, you can also activate your router’s firewall or invest in a virtual private network (VPN) to encrypt your data. 

Multi-Factor Authentication.  MFA can secure your accounts with an added layer of protection.  When MFA is activated, you are sent a code to your phone or email address to authenticate a login attempt. 

Network Detection and Response (NDR) Technology.  Effective NDR solutions can detect threatening patterns and prevent unauthorized access, even if a hacker has stolen login credentials. 

ChatGPT is still in its infancy, and while it will continue to improve lives in countless ways, thieves will do everything they can to make your life miserable through all the ways we’ve documented above.  

You don’t need ChatGPT to tell you why an ounce of prevention is worth a pound of cure. The best thing you can do is take proactive steps before you become a victim. Be smart and understand the potential threats, then take steps to ensure ChatGPT works for you instead of against you.

Hacking and identity theft are as prevalent as ever. At some point, don’t be surprised if one or more bad guys come looking for your sensitive information to criminally exploit.

New scams pop up constantly. You know this if you’ve ever gotten one of those “potential data breaches” emails or letters which I suspect most people have by now. Nobody is 100% safe in a digital environment, but there are several things you can do to make it harder for hackers in advance of an attempted breach and actions you can take after an attempted hack.

What to do Before an Attempted Hack Occurs

If you haven’t done so already, the easiest and smartest thing to do is turn on two-factor authentication for your financial accounts. Hackers may try to get around this by going after password manager systems instead.

That means that you could be contacted by text or email that you’ve been targeted by a hacker trying to steal your information. However, don’t automatically assume security protocols have kicked in due to an attempted breach. Some people are contacted repeatedly by hackers who appear to be administrators. Before you give up sensitive password change information, it’s best to reach out to the institution supposedly requesting the change to verify they have actually done so.

After you verify, start the process of changing your potentially impacted passwords. While it’s unsettling that a hacker obtained at least one of your passwords, be thankful that virtually every financial institution now has red flags and warning systems to alert you to suspicious activity.

You should also know that there are multiple types of two-factor authentication. Biometric data is one of the more secure ways to protect your accounts. Two-factor authentication via text is secure, but it is susceptible to hacking. Criminal activity is why the industry is slowly moving away from passwords. Hackers long ago learned how to defeat almost any password system.

If you have the option, switching your two-factor authentication from SMS (text message) to an authenticator app is not a bad idea.

If you suspect a hack is taking place, another way to lock out criminals is to freeze your credit. Freezing your credit at the three major credit bureaus makes it difficult for anyone to open accounts in your name with your Social Security number. You can easily unfreeze your credit if you want to open a new account or other similar reasons.

You’ll need to go through Experian, Equifax, and TransUnion separately to freeze your records.

What to do After a Hack

Here’s the #1 rule you must follow after being hacked.

Act fast!

Do not let data breaches or hacks of any kind go into your “I’ll get to it eventually” stack of things to do. Treat the breach urgently to minimize damage to your accounts and online identity. Don’t be surprised if you start getting notifications after a breach from your banks, credit card providers, Google, online merchant accounts, and other places where your identity lives.

Not every hack is large or steals information from millions of accounts. Some hacks also take a while to uncover, meaning that your data may be compromised over a long period. Many hacks are small such as your credit card information being compromised by a crooked online merchant, a credit card skimmer at a local gas station, or just about anyone you hand your card to while shopping and dining.

You may not notice anything unusual until you get your next statement. Always read those bills and figure out what every line means, even the smallest of the charges that appear. Card thieves sometimes put through a few small purchases just to make sure the card is “live” before making a big purchase.

An identity thief can also use your personal information to open credit accounts without your knowledge. This could lead to months of charges until somebody spots the problem and notifies you. One way to limit the duration is to use AnnualCreditReport.com to request a free report from Equifax, Experian, and TransUnion once per year, spreading the requests out at four-month intervals.

Keep in mind that credit monitoring agencies are not immune from hackers either. A recent breach of Equifax went on for months and exposed sensitive data of millions of accounts. Equifax ended up paying $650 million in damages after the discovery.

Another way to monitor your credit is to use Credit Karma. This free service automatically pulls your credit from TransUnion and Equifax weekly to keep an eye on your credit. These are “soft” inquiries, not the “hard” inquiries that companies make when you apply for more credit. Soft inquiries have no impact on your credit score. Hard inquiries can degrade your score if there are too many in a short period.

There are several other credit monitoring services you should consider: 

• Avast BreachGuard and IDX Privacy  regularly monitor the Dark Web to ensure your personal data hasn’t come up for sale. 
• Norton 360 Deluxe includes a similar scan, powered partly by the company’s LifeLock identity theft technology.
• Some monitoring services such as Keeper and LastPass also include password manager tools which make it easier to change potentially hacked passwords to a strong, unique password you don’t use for any other site.

Hacked credit cards used by someone else are easier to recover from because you’re not responsible for the fraudulent charges, and once the bank has issued a new card, the problem is solved.

Regaining control of a hacked email account is tougher. You must contact the email provider and prove that you’re the true account holder. This is problematic if the hacker changes your password and you can’t use your regular email to contact the provider. To minimize this, have more than one email address and make each the alternate contact address for the other.

Also, if you used the password from your hacked email account at any other sites, those accounts are compromised too. A hacker who gets hold of your login credentials for one site may try the same username and password pair on many other popular sites.

Resetting your passwords can be a challenge too. When you forget a website password, the first thing you do is hit that “Forgot Password?” link to get a password reset link sent to your email address. A smart hacker who has control of the email account will quickly seek your other accounts, social media, perhaps, or worse, shopping and banking accounts. After a simple password reset, the hacker owns those accounts, exponentially compounding your problems.

When you recover from an email hack, visit every site associated with that email address and change your password.

When you’re out and about, shop at merchants accepting chipped credit cards, which secure in-person transactions. However, they can’t help with online transactions where the chip does not come into play.

Mobile-based payment systems like Apple Pay and Google Pay are more secure than physical credit cards. Each transaction uses a unique number, so hackers gain nothing by stealing existing transaction data. You can use the mobile payment system for online purchases as well. Be sure to protect your mobile device with a fingerprint or a strong passcode, and always keep it with you.

After you’ve done all you can to shut down the breach, you’ll still need to monitor your accounts closely for at least a couple of weeks and maybe longer to make sure all your breach bases are covered.

Another smart action you can take is to visit IdentityTheft.gov to report the theft and get help developing a recovery plan. The information you provide can help authorities monitor the latest trends and develop proactive deterrents to minimize impacts on other potential victims.

Will Rogers is famous for his saying, “Common sense ain’t common.”

And if truer words were ever spoken, I have yet to find them.

While many people take precautions when they shop online, the Covid-19 pandemic has elevated that need to new levels. The percentage of people shopping online today is up, signaling a continuing shift in how many of us buy goods and services. Coupled with an unprecedented closure of brick-and-mortar businesses, that trend is expected to continue.

Even before the pandemic, secure online shopping was a rising concern, whether related to payment fraud, ID theft, data hacking, and other criminal activities.

That’s not going away.

According to a report by Juniper Research, online payment fraud losses will increase by more than 50% between 2020 and 2024. That was before the pandemic was figured in.

Now, according to Nick Maynard, a lead analyst at Juniper, “We anticipate that this growth will accelerate to over 70% over the next four years, compared with the 52% we outlined in March. This is mainly due to the increased usage of e-commerce during the pandemic, which has also generated a rise in fraud.”

Yikes!

While technology continues to improve, the biggest defense against online security issues is most often common sense.

In our research for this article, we reached out to a company we trust—lifelock.com—and found some solid strategies that are worth a few minutes of your time.

1. Shop at websites you trust

Some businesses on the web are fabricated by people who just want your credit card information and other personal details. Play it safe and consider doing online business only with retailers you trust and have shopped with before to play it safe.

2. Check out the business

Did you find the perfect purchase on an unfamiliar website? Break out your detective skills whenever you want to buy something from a new merchant. Does the company interact with a social media following? What do its customer reviews say? Does it have a history of scam reports or complaints at the Better Business Bureau? Take it one step further by contacting the business. If there’s no email address, phone number, or address for a brick-and-mortar location, that could be a signal that it’s a fake company.

3. Beware rock-bottom prices

If a website offers something that looks too good to be true, then it probably is. Compare prices and pictures of the merchandise at similar websites. Rock-bottom prices could be a red flag that the business doesn’t have those items in stock. The website may exist only to get your personal information. You may find a few loss-leader gems, but is saving a few bucks really worth the worry that you could get ripped off for hundreds of times that amount?

4. Avoid public Wi-Fi

You might be tempted to take your online shopping adventures to a coffee shop for a cup of joe. Keep in mind, Wi-Fi networks use public airwaves. With a little tech know-how and the freely available Wi-Fi password at your favorite cafe, someone can intercept what you’re looking at on the web. Shopping online usually means giving out information that an identity thief would love to grab, including your name and credit card information. Bottom line: It’s never a good idea to shop online or log in to any website while you’re connected to public Wi-Fi.

5. Use a Virtual Private Network (VPN)

Still can’t resist the lure of shopping online while sipping that peppermint latte? If you must shop online on public Wi-Fi, consider installing and using a VPN on all mobile devices and computers before connecting to any Wi-Fi network. A VPN creates an encrypted connection between your smartphones and computers and the VPN server. Think of it as a secure tunnel your Internet traffic travels through while you browse the web, making your data safer from interception by nearby hackers.

6. Create strong passwords

If someone has the password to your account, they can log in, change the shipping address, and order things while you get stuck with the bill. Help keep your account safe by locking it with a strong password; “Santa123” won’t do.

Here are some tips on how to create the strongest passwords:

• Use a complex set of lowercase and uppercase numbers, letters, and symbols.
• Don’t use personal information that others can find or guess, such as birthdates, your kids’ names, or your favorite color.
• Don’t use the same password—however strong—on multiple accounts. Admit it! We are ALL guilty of this one. A data breach at one company could give criminals access to your other, shared-password accounts.

7. Check out website security

That small lock icon in the top corner of your URL field tells you that the web page you’re on has privacy protection installed. The URL will start with “https.” These websites mask and transfer data you share, typically on pages that ask for passwords or financial information. If you don’t see that lock or the “s” after “http,” the web page isn’t secure. There is no privacy protection attached to these pages, so we suggest you exercise caution before providing your credit card information over these sites.

8. Watch out for email scams

Sometimes something in your email in-box can stir your consumer cravings. For instance, it might be tempting to open an email that promises a “special offer.” But that offer could be special in a bad way. Every one of us has experienced “click regret” at one time or another.

Clicking on emails from unknown senders and unrecognizable sellers could infect your computer with viruses and malware. It’s better to play it safe. Delete them, don’t click on any links, and don’t open attachments from individuals or businesses you are unfamiliar with.

9. Don’t give out too much information

No shopping website will ever need your Social Security number. This should be the most common sense of all common sense tips in the article. But it still bears mentioning. If you’re asked for very personal details, call the customer service line and request whether you can supply other identifying information. Better yet just walk away and find a more well-known, accommodating website for your purchases.

10. Pay with a credit card

Attention shoppers! You’ll usually get the best liability protection—online and offline—when you use a credit card.

If someone racks up unauthorized charges on your credit card, federal regulations say you won’t have to pay while the card company investigates. Most major credit cards offer $0 liability for fraudulent purchases. Keep in mind, your liability for unauthorized charges on your debit card is capped at $50 if you report it within two business days. But if someone uses your account and you don’t report the theft, after 60 days, you may not be reimbursed at all.

You can also try a virtual credit card. Some banks offer this nifty tool that acts as an online version of your card. With a virtual credit card, the issuer will randomly generate a number that’s linked to your account, and you can use it anywhere online and choose when the number expires. It might be best to generate a new number every time you buy something online or shop with a new retailer. Anyone who tries to use that number will be out of luck.

11. Check your statements

Lots of online shopping can add pages to your credit card statements, especially around the holidays. Check your statements for fraudulent charges at least once a week or set up account alerts. When you receive a text or email about a charge, you can check the message and easily recall whether you made the charge.

12. Mind the details

After you make a purchase, keep the receipt, order confirmation number, and postal tracking number in a safe place. If you have a problem with the order, this information will help the merchant resolve the problem.

13. Take action if you don’t get your goods

Call the merchant and provide the details from the information you saved from your original purchase. If the merchant turns out to be fake, or they’re just plain unhelpful, then your credit card provider can help you sort out the problem. Often, they can remove the charge from your statement.

14. Report the company

If you suspect the business is bogus, notify your credit card company about the charge and close your account. File a complaint with the U.S. Federal Trade Commission. The FTC offers an identity theft recovery plan, should you need it.

The bottom line is that your money is YOUR money. You earned it along with the right to spend it as you choose. With a few simple strategies, you can ensure a cyber thief doesn’t rob you of that pleasure.