Hackers Impersonate ChatGPT, Claude and DeepSeek

Microsoft Threat Intelligence reported a series of global campaigns that impersonated ChatGPT, Anthropic’s Claude and DeepSeek. The attacks used phishing emails, malvertising and search-engine-optimization tactics to collect login credentials, payment details and to install malware.

In a ChatGPT-themed campaign, attackers used the display name ‘ChatGPT’ and a subject line urging users to update payment information. Links directed recipients to phishing pages that collected credit card data and personal information. About 4,500 of those messages targeted recipients in South Africa, and related activity was part of a larger run that delivered up to 100,000 emails in one day to recipients in Switzerland, Austria and South Africa. Affected organizations included higher education institutions and professional services firms.

A separate campaign impersonated Anthropic-branded communications to target Claude users. Emails used display names such as ‘Anthropic Teams’ and ‘Anthropic PBC’ with subjects formatted like ‘Claude Appeal Request’ plus a date. Microsoft found the campaign reached contacts at more than 2,000 organizations, primarily in the United States, the United Kingdom and India, and the messages claimed recipients’ accounts had violated acceptable use policies and required immediate action.

Attackers also exploited interest in DeepSeek. Within hours of DeepSeek previewing version 4, actors created a counterfeit GitHub organization and repository that copied official branding and benchmark data, added SEO-friendly content and published archive files presented as installers. Those downloads contained the Vidar information-stealing malware. John Bruggeman, vCISO at CBTS, described the package as well timed and convincingly presented and noted the malicious repository appeared in GitHub and search results, which increased its credibility.

Microsoft outlined defensive steps for organizations, including enabling automatic attack disruption in Microsoft Defender XDR, turning on Zero-hour auto purge for Office 365, using Defender for Office 365 Safe Links, enforcing multi-factor authentication across accounts, scoping conditional access policies to protect privileged access, and using the Microsoft Authenticator app for passkeys and MFA. The company also recommended investing in advanced anti-phishing tools.

Bruggeman recommended maintaining clear AI governance policies, publishing a list of approved tools, blocking lookalike and recently registered domains, monitoring suspicious downloads and sign-ins, and training staff on AI-themed phishing lures. Security teams were advised to watch for domains that mimic popular AI brands, newly registered lookalike sites, unexpected download links and account enforcement messages that press for immediate action.