Credit and Debit Cardholders in Singapore Report Unauthorized Charges from ChatGPT and Apple


Tl;DR Breakdown

  • Credit and debit cardholders in Singapore report unauthorized charges from ChatGPT and Apple, despite not subscribing to these services.
  • Palo Alto Networks observes a surge in ChatGPT-themed attacks and phishing attempts, highlighting the rise in fraudulent activities.
  • To protect themselves, cardholders should set transaction alerts, monitor statements, and promptly report unauthorized transactions to their banks.

In recent months, numerous credit and debit cardholders in Singapore and overseas have fallen victim to unauthorized charges made by legitimate firms, including OpenAI’s ChatGPT and Apple. These unsuspecting individuals have never subscribed to OpenAI’s paid version or authorized any transactions related to ChatGPT. We will try to look into the details of these incidents, the surge in ChatGPT-themed attacks, the potential risks, and the steps cardholders can take to protect themselves.

Unauthorized charges and impersonation attempts

Since the launch of OpenAI’s artificial intelligence program, multiple reports of unauthorized transactions related to ChatGPT subscriptions have surfaced. Customers have complained about being charged for a service they never subscribed to, despite only registering for a free ChatGPT account. Cybersecurity firm Palo Alto Networks has also observed a significant increase in ChatGPT-themed attacks, with malicious URLs and phishing attempts impersonating official OpenAI sites.

Fraudsters often use various tactics to impersonate legitimate firms and gain access to credit and debit card details. These small unauthorized transactions, which go unnoticed by many users, could serve as a means for cybercriminals to validate or identify card information before carrying out larger fraudulent transactions. Although the Cyber Security Agency of Singapore (CSA) has not received any reports of fraudulent transactions related to ChatGPT subscriptions, the potential risks associated with such incidents are significant.

Vulnerabilities exploited by cybercriminals

Security experts have identified bank identification number (BIN) attacks as a potential method used by fraudsters to obtain credit card details. With the leading six digits of a credit card, criminals can generate the remaining numbers, including the card verification value (CVV) and expiration dates, using specialized software. These fully generated card numbers are then tested against real transactions to validate their authenticity.

In many cases, online merchants do not require users to provide multiple verification factors for transactions that don’t involve physical cards. This lack of stringent security measures, intended to enhance user convenience, leaves room for cybercriminals to exploit vulnerabilities. Remuneration machines can generate numerous combinations of card numbers until a successful transaction is made, bypassing the need for individual approval for each transaction.

Apart from BIN attacks, cybercriminals can also obtain card details through data leaks or when customer data is stolen from unsecured websites. Once the card details are acquired, they can be used to carry out fraudulent transactions. The public is strongly advised to notify their financial institutions and the police immediately if they encounter any suspicious or fraudulent activities.

Protecting against unauthorized charges

Financial institutions play a crucial role in protecting customers from unauthorized charges. Customers will generally not be held liable for such transactions if merchants have not implemented two-factor authentication, such as a one-time password. However, the responsibility lies with the merchants to activate 3D Secure (3DS) authentication, an additional step that requires customers to enter a password or code sent to their phone before completing a payment.

Customer Precautions and Monitoring

To safeguard against fraudulent charges, customers should take proactive measures. Use identity theft protection services to monitor accounts and provide reimbursement options in the event of identity theft. Set up transaction alerts for even the smallest amounts, such as $0.01, through their banking apps. Last but not least, regularly monitor card statements for any discrepancies and promptly report unauthorized transactions to the bank.

Share link:

Aamir Sheikh

Amir is a media, marketing and content professional working in the digital industry. A veteran in content production Amir is now an enthusiastic cryptocurrency proponent, analyst and writer.

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Related News

Subscribe to CryptoPolitan