LEGALAUDIT

Scam Watch

Come riconoscere ChatGPT plugin / GPT store manifest poisoning?

In breve

Attacker publishes a ChatGPT plugin or custom GPT with an innocuous description but malicious instructions inside the manifest / OpenAPI spec; when users invoke it, the plugin can exfiltrate conversation context (including pasted secrets,...

Come funziona

Attacker publishes a ChatGPT plugin or custom GPT with an innocuous description but malicious instructions inside the manifest / OpenAPI spec; when users invoke it, the plugin can exfiltrate conversation context (including pasted secrets,...

Indicatori rossi

  • Pressione urgente a cliccare, pagare o condividere codici subito.
  • Link o mittente che non corrispondono all'organizzazione ufficiale.
  • Richiesta di carta, password, OTP, firma wallet o bonifico.

Cosa fare

  1. 1Tells: 1) plugin requests broad scopes (browse, mail, code execution); 2) manifest description doesn't match actual capability; 3) plugin author is anonymous / new; 4) reviews are sparse or AI generated; 5) responses include URLs / sidebar mentions to attacker domain.
  2. 2DO: only enable verified plugins from known publishers; never paste secrets into any GPT; for enterprises, deploy a vetted GPT allow list.

Fonte

ENISA-Threat-Landscape-2024

Fonte verificata da Mythos Forensic Team

https://www.enisa.europa.eu/publications/enisa-threat-landscape-2024

FAQ

ChatGPT plugin / GPT store manifest poisoning e una truffa reale?

Si. Tratta messaggi, chiamate o richieste di pagamento come sospette finche non le verifichi da un canale ufficiale.

Quali sono i primi segnali?

Pressione urgente a cliccare, pagare o condividere codici subito.; Link o mittente che non corrispondono all'organizzazione ufficiale.; Richiesta di carta, password, OTP, firma wallet o bonifico.

Cosa devo fare subito?

Tells: 1) plugin requests broad scopes (browse, mail, code execution); 2) manifest description doesn't match actual capability; 3) plugin author is anonymous / new; 4) reviews are sparse or AI generated; 5) responses include URLs / sidebar mentions to attacker domain.; DO: only enable verified plugins from known publishers; never paste secrets into any GPT; for enterprises, deploy a vetted GPT allow list.

LegalAudit puo controllare il mio caso?

Si. Apri la chat gratis e incolla messaggio, link, mittente o dati di pagamento per un triage.