[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fvuy4NwnmPhtJJaYokX36KhsZM-VX65CQmX9HtF9CEf8":3},{"article":4,"iocs":54},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":33,"category":34,"article_tags":38},"5c080423-6efa-4dff-b7fa-5aff9db8ad13","AI brands as bait: How threat actors are using the AI hype in social engineering","ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering-527637","As threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself as a social engineering lure. The post AI brands as bait: How threat actors are using the AI hype in social engineering appeared first on Microsoft Security Blog.","Threat actors are increasingly using the global interest in AI as a social engineering lure, impersonating popular AI brands such as ChatGPT, Microsoft Copilot, and Anthropic's Claude. These campaigns, observed by Microsoft Threat Intelligence, involve phishing, malvertising, and SEO-driven attacks aimed at credential theft, financial fraud, or malware infection. While the AI branding is new, the underlying tactics remain familiar, including urgency and redirection chains.","Threat actors exploit AI hype using brands like ChatGPT for social engineering attacks.","Share Link copied to clipboard! Tags Adversary-in-the-middle (AiTM)Credential theft Threats intelligence AI threatsCybercrimeSocial engineering and phishing Content types Research Products and services Microsoft DefenderMicrosoft Defender for Cloud AppsMicrosoft Defender for EndpointMicrosoft Defender for IdentityMicrosoft Defender for Office 365Microsoft Entra ID Protection Topics Actionable threat insightsThreat intelligence As threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself as a social engineering lure. In recent months, Microsoft Threat Intelligence has observed a growing number of campaigns that impersonate the branding of popular AI platforms such as ChatGPT, Microsoft Copilot, DeepSeek, and Anthropic’s Claude as lures. These campaigns, which don’t represent compromise of services, span phishing, malvertising, and search engine optimization (SEO)-driven attacks that ultimately lead to credential theft, financial fraud, or malware infection. AI as TRADECRAFT How threat actors operationalize AI › Threat actors are quick to capitalize on highly anticipated launches or emerging trends, leveraging trusted branding and exploiting user curiosity to improve the success rates of their campaigns. Despite the AI-themed lures, however, these campaigns combine longstanding tactics, such as urgency-driven messaging, abuse of trusted services, and multi-stage redirection chains that require user interaction to evade detection. While traditional lures like invoices, payment notifications, or delivery alerts remain effective and continue to be widely used, AI-themed lures reflect a shift in social engineering that is likely to persist as a long-term tactic used by threat actors, from cybercriminal groups to nation states. Notably, Microsoft Threat Intelligence has observed the initial access broker Storm-3075 employing AI-themed malvertising to deliver payloads, including malware signed by the malware-signing-as-a-service (MSaaS) offering attributed to the financially motivated threat actor Fox Tempest, on behalf of multiple downstream actors. FOX TEMPEST Exposing a malware-signing service operation › This blog details several of the campaigns observed by Microsoft Threat Intelligence in the past few months that used AI brands and references as lures, and provides guidance to help users and organizations detect, mitigate, and respond to these threats. Importantly, Microsoft believes that the activity noted in this blog is purely abuse of AI brand names as lures, not reflecting a compromise of any referenced vendor. As threat actors scale their operations with AI, organizations should leverage AI-powered security capabilities to enhance visibility, automate detection, and accelerate response across email, identity, and endpoint surfaces. ChatGPT-themed lure leads to phishing kit collecting credit card data On May 5, 2026, Microsoft detected a ChatGPT-themed phishing attack that delivered malicious URLs leading to phishing pages that collected credit card and personal information such as names and addresses. This phishing activity, which consisted of 4,500 emails sent to targets in South Africa (97%), was part of a broader campaign using similar themes and infrastructure. We also observed this campaign delivering as much as 100,000 emails on a single day to targets in Switzerland, Austria, and South Africa affecting a broad range of industries, including higher education and professional services. The emails used the sender display name ChatGPT and the subject “To ensure your ChatGPT Plus continues to work – please update your payment method”. The emails posed as an urgent request to update the ChatGPT Plus subscription payment method. They warned the recipient that if a new payment method was not provided within seven days, the account would be downgraded to a free plan. A ChatGPT logo was prominently displayed at the top of the email body. Figure 1. Attack chain of ChatGPT-themed lure leading to phishing kit The phishing email contained a clickable Update payment method button, which did not directly send users to the attacker-controlled site. Instead, users were redirected through a series of legitimate and abused redirector hops. This is a common technique used by threat actors to exploit the reputation of trusted domains and bypass email filters, evade detection, and track victim engagement. Figure 2. Snippet of the top portion of the email impersonating ChatGPT and enticing users to click on the link Targets were first directed to grupoconstat[.]bitrix24[.]com[.]br (a legitimate customer relationship management (CRM) service), which redirected to awstrack[.]me (an Amazon domain used for tracking email opens and clicks), which in turn redirected to a Rebrandly URL (a legitimate but often abused URL shortener service). Targets were finally sent to a likely legitimate but compromised domain legendarytrendsbay[.]shop where the threat actor had placed the phishing page in the \u002FChatGPT\u002F folder. The landing page did not immediately display the phishing content. It first required visitors to pass a custom CAPTCHA, which was a simple Update payment button. If they clicked this button, users were sent to the next page where personal information, including first name, last name, and address was collected. The final page then collected the name, credit card number, expiration date, and card verification code. Figure 3. Phishing landing page collecting name and address Figure 4. Phishing landing page collecting credit card information Claude-themed phishing campaign collected credentials and access tokens From April 20 to 22, 2026, Microsoft observed a phishing campaign impersonating Anthropic-branded services to target users with account-related lures tied to the Claude AI platform. The campaign sent phishing emails to targets across more than 2,000 organizations, primarily in the United States (62%), the United Kingdom (18%), and India (9%). While this campaign impacted a broad range of industries, it was most notably focused on information technology (56%), other business entities (21%), and financial services (8%). The campaign used enforcement-themed messaging claiming that the recipient’s account was in violation of acceptable use policies and required immediate action. The emails impersonated Anthropic’s popular AI service Claude using the display names Anthropic Teams and Anthropic PBC, masquerading as legitimate account-related communications. Subject lines followed a consistent structure of “Claude Appeal Request” combined with date elements. Figure 5. Attack chain of Claude-themed phishing campaign leading to AiTM The email body was delivered as HTML and included Anthropic and Claude branding. The message informed recipients that their account was violating “AUP (Account Usage Policy)” and that Anthropic had “initiated an appeal procedure”. The message instructed recipients to review the attached material to access their appeal and indicated that Claude features would be limited pending review. Figure 6. Email impersonating Anthropic’s Claude, prompting users to open the attachment The email attachment was a PDF named Fill and Sign Claude Appeal Form.pdf, which was designed to resemble an official process tied to Claude account enforcement. The document presented an appeal workflow, prompting users to copy an appeal ID and click the “Claude Appeal” link, which initiated the credential harvesting process. Figure 7. PDF attachment providing instructions on how recipients can appeal the supposed Account Usage Policy (AUP) violation When clicked, the link embedded in the PDF directed users to an attacker-controlled domain, dash.awaydouble[.]org. The initial landing page displayed a Cloudflare verification prompt, presented as confirming the user was arriving from a “legitimate session”. This step likely served as a gating mechanism to impede automated analysis and sandbox detonation. Fig","https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fblog\u002F2026\u002F06\u002F08\u002Fai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering\u002F","https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fblog\u002Fwp-content\u002Fuploads\u002F2026\u002F06\u002FAI-as-bait-featured.png","2026-06-08T16:00:00+00:00","2026-06-08T18:00:12.687754+00:00",7,[18,21,23,25,27,30],{"name":19,"type":20},"ChatGPT","product",{"name":22,"type":20},"Microsoft Copilot",{"name":24,"type":20},"DeepSeek",{"name":26,"type":20},"Claude",{"name":28,"type":29},"Microsoft","vendor",{"name":31,"type":32},"Storm-3075","threat_actor","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":33,"icon":35,"name":36,"slug":37},null,"Vulnerabilities","vulnerabilities",[39,44,49],{"category":40},{"id":41,"icon":35,"name":42,"slug":43},"839da5c1-3c34-47e2-9499-f7201640e3ac","AI Security","ai-security",{"category":45},{"id":46,"icon":35,"name":47,"slug":48},"89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5","Malware","malware",{"category":50},{"id":51,"icon":35,"name":52,"slug":53},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[55],{"type":48,"value":56,"context":57},"MSaaS","Malware-signing-as-a-service offering attributed to Fox Tempest"]