- Статьи
- Internet and technology
- By action code: scammers use the ChatGPT viral trend to collect data from Russians
By action code: scammers use the ChatGPT viral trend to collect data from Russians
The popular trend "turn yourself into an artbook with ChatGPT," which has gained popularity on social media in recent weeks, has attracted the attention of scammers. Under the guise of free services for creating personalized images, attackers offer users to upload photos, provide personal information, or log in through third-party resources. However, instead of the promised result, the attackers gain access to accounts, bank data and collect detailed information about the victims. Experts warn that the danger of such schemes lies in the formation of detailed digital dossiers, which can then be used for new attacks.
How Scammers use AI Flash Mobs
The flash mob, which became popular in May 2026, involves creating an artbook-style illustration of a person based on photographs and a detailed story about himself. To get the most accurate results, people upload images and provide the neural network with information about their work, interests, habits, and lifestyle.
Fraudsters have taken advantage of this trend by offering to switch to an allegedly official service or Telegram bot to create an artbook, Igor Bederov, chairman of the coordinating council of the non-governmental security sector of the Russian Federation and founder of the Internet Search company, told Izvestia. For authorization, you are asked to enter a phone number and a confirmation code from Telegram, after which the account ends up in the hands of intruders. In addition, under the guise of a symbolic fee for image generation, victims are asked for bank card data and connected to fraudulent subscriptions.
— To get the most personalized image possible, a person tells you their place of work, social circle, favorite places, habits, and routes. In fact, the user creates an ideal dossier for future attacks using social engineering," the expert noted.
Attackers actively use ads for "secret promts", Telegram bots, and links in comments under viral publications. Direct losses often look insignificant: 100-300 rubles for "image processing", a subscription worth several hundred rubles per week, or a one-time debit. However, such schemes often become an entry point for much more serious consequences, including account loss and access to work correspondence, said Pavel Kovalenko, director of the Informzashita Anti-fraud center.
According to him, high-quality photos and detailed information about users are of particular value to scammers. Such data can subsequently be used to create deepfakes, fake profiles on social networks and on dating sites, as well as to prepare personalized fraudulent scenarios that take into account the interests, habits and social circle of the potential victim.
— The reality is that as soon as a popular flash mob starts, scammers join it. The point is not what kind of flash mob it is, but that when people hear about something well-known, they think less and make decisions faster. This is not unique: fraudsters can write off small amounts of money under any pretext," explained Anton Bochkarev, CEO of information security companies 3side and 4sec.
There are also complaints on Internet forums that the scheme may involve people allegedly providing services to subscribe to the paid version.
— I subscribed through an intermediary, thinking that I was buying a subscription to a real ChatGPT, as a result, the amount was charged twice, and the intermediary stopped contacting me. Now I'm trying to challenge these transfers through the bank, so far unsuccessfully," one of the victims said anonymously.
Fraud with AI services and neural networks
There is no public assessment of the damage caused by this particular flash mob yet, said Lyudmila Bogatyreva, head of the Polylog agency's IT department, ROCIT expert. However, according to her, it fits into the general trend of fraud growth related to artificial intelligence-based services. Since the beginning of 2026, Kaspersky Lab specialists have recorded more than 92,000 attacks worldwide, in which malicious software was disguised as popular AI services. In Russia, over the same period, about 400 sites offering fake neural network subscriptions were identified.
The popularity of such trends makes them a convenient tool for hackers, said Dmitry Ovchinnikov, information security architect at UserGate uFactor. According to him, specific information reasons may change, but the schemes used remain the same: stealing accounts, collecting personal data and gaining access to users' financial information. The expert stressed that the main damage in such cases is related not so much to direct monetary losses as to the collection of personal data. In the future, this information can be sold on shadow platforms and used to organize new attacks, including more targeted and convincing ones.
Of particular value to fraudsters is the data that allows them to identify a person and create a detailed digital profile. According to Sergey Trukhachev, head of the Smart Business Alert service at ESA PRO, an analysis of specialized Telegram chats showed that the most popular categories of information for searching for information about Russians are last name, first name and patronymic, phone numbers, as well as information about Telegram accounts. These categories account for 43%, 40% and 36% of requests, respectively. The total figure exceeds 100%, since attackers usually use several types of data at once within the same search.
The problem is global, according to the experts interviewed. In the United States alone, in 2025, the damage from fraudulent schemes using artificial intelligence exceeded $900 million.
— Repeated charges and fraudulent subscriptions are just the tip of the iceberg. Much more dangerous is the compromise of accounts and bank data, which can be used months after the initial attack. The cumulative damage from one wave of such campaigns can amount to tens of millions of rubles," said Sergey Shcherbakov, Technical Director of Stakhanovets.
At the same time, there is no reason to talk about a systemic or mass campaign yet — it is most likely another attempt by intruders to take advantage of a popular trend to search for potential victims, said Igor Tyukachev, head of the Indid business development department. He recalled that fraudsters quickly adapt to new information occasions and constantly improve the schemes they use.
Experts agree that teenagers and young people remain the most vulnerable audience. They are the ones who are more likely to participate in viral flash mobs, actively experiment with neural networks, and are more willing to use third-party services and bots to create content. Experts recommend that you be wary of offers to subscribe to foreign services that are not available in Russia through third parties or unofficial platforms.
Переведено сервисом «Яндекс Переводчик»
