Ask Jack: Are There ChatGPT And Phishing Risks Emerging?

By Jack McCalmon, The McCalmon Group, Inc.

What are the emerging risks from ChatGPT?


If it is popular, online threat actors will leverage it. ChatGPT is popular, and now researchers are discovering that bad actors are leveraging the chatbot's name and popularity to distribute malware for Windows and Android users.

The opportunity arose when ChatGPT began to charge a fee for the chatbot with no availability restrictions called ChatGPT Plus. ChatGPT charges $20 a year. To attract targets, the bad actors promised no restrictions for free, but what was downloaded was malware typically in the guise of a Windows desktop client. Criminals are now advertising these free applications via social media, Google Play and third-party app stores.

In addition to malware distribution, there remains the concern about ChatGPT being used to author malware. I wrote about it in a previous piece. Jack McCalmon "Ask Jack: Can I Prohibit The Use Of ChatGPT?" (Mar. 13, 2023).

Remember the old adage nothing is for free…that is true for the Internet and AI. Advise your employees to be cautious of any application that promises better access to ChatGPT, especially if it is for free or comes from some place other than ChatGPT. 

Jack McCalmon, Leslie Zieren, and Emily Brodzinski are attorneys with more than 50 years combined experience assisting employers in lowering their risk, including answering questions, like the one above, through the McCalmon Group's Best Practices Help Line. The Best Practice Help Line is a service of The McCalmon Group, Inc. Your organization may have access to The Best Practice Help Line or a similar service from another provider at no cost to you or at a discount. For questions about The Best Practice Help Line or what similar services are available to you via this Platform, call 888.712.7667.

If you have a question that you would like Jack McCalmon, Leslie Zieren, or Emily Brodzinski to consider for this column, please submit it to Please note that The McCalmon Group cannot guarantee that your question will be answered. Answers are based on generally accepted risk management best practices. They are not, and should not be considered, legal advice. If you need an answer immediately or desire legal advice, please call your local legal counsel.


Finally, your opinion is important to us. Please complete the opinion survey:

What's New

Ask Jack: Part One: What Are Signs My Computer Is Hacked?

Computer acting weird? Does it mean you are a victim of a cybercriminal? Jack takes a look at what should cause you to sweat and what shouldn't in a multi-part series.

Ask Jack: What Do I Need To Know About Malware Delivery Beyond Phishing?

Jack explains why you need to let employees know malware can originate from a lot of places other than their in-boxes.

Ask Jack: Is Deep Fake Voice Tech A Data Risk For Employers?

Deep fake voice scams are hitting families. Jack explains how it is just a matter of time before scammers turn their attention to employers.