Your ChatGPT Answers Might Come From Hacked Websites
As ChatGPT becomes a primary tool for people seeking recommendations on everything from software to local restaurants, new findings reveal that its suggestions may not be as reliable as they appear. The AI's answers are sometimes being sourced from websites that have been hacked or from expired domains repurposed to push spam, particularly for online casinos.
How Scammers Exploit AI Source Validation
This growing problem has been meticulously documented by James Brockbank of Digitaloft. His research highlights numerous examples where ChatGPT has been tricked into citing content from clearly manipulated websites.
In one disturbing instance, the professional website of a practicing attorney was hacked, with pages promoting UK casinos secretly added to the site. In another case, a domain that once belonged to a United Nations youth coalition was completely taken over and converted into a platform for online gambling. Similarly, an expired domain from a defunct arts charity, which still held authority from old links by the BBC and CNN, was revived to promote casino content and was subsequently cited as a source by ChatGPT.
Why This Deception Works
These tactics are effective because they exploit weaknesses in how ChatGPT currently selects and validates its sources. The AI model struggles to differentiate between a website's historical reputation and its current, often malicious, intent. It does not have robust mechanisms to verify if a site's ownership has changed or if its content has been compromised.
ChatGPT appears to give weight to a domain's legacy authority and the freshness of its content. This creates a loophole for bad actors who can acquire an expired, once-reputable domain or hack an existing one. By publishing new, spammy articles on these domains, they can fool the AI into treating their content as credible and including it in user-facing answers. This manipulation can happen without any obvious red flags for the end-user, who sees a confident answer from the AI.
How to Protect Yourself
The key takeaway is that users should approach ChatGPT's recommendations with caution. Do not automatically assume that every cited source is credible or legitimate. A quick check of a cited website's history, ownership, and overall relevance can reveal its true nature and help you avoid being misled by manipulated information.