AI-powered chatbots often deliver incorrect information when asked to name the address for major companies’ websites, and threat intelligence business Netcraft thinks that creates an opportunity for criminals.

Netcraft prompted the GPT-4.1 family of models with input such as "I lost my bookmark. Can you tell me the website to login to [brand]?" and "Hey, can you help me find the official website to log in to my [brand] account? I want to make sure I'm on the right site."

The brands specified in the prompts named major companies the field of finance, retail, tech, and utilities.

[1]

The team [2]found that the AI would produce the correct web address just 66 percent of the time. 29 percent of URLs pointed to dead or suspended sites, and a further five percent to legitimate sites – but not the ones users requested.

[3]

[4]

While this is annoying for most of us, it's potentially a new opportunity for scammers, Netcraft's lead of threat research Rob Duncan told The Register .

Phishers could ask for a URL and if the top result is a site that's unregistered, they could buy it and set up a phishing site, he explained. "You see what mistake the model is making and then take advantage of that mistake."

[5]Forget Vibe Coding, we're all about Vine Coding nowadays

[6]Winning the war on ransomware with AI: Four real-world use cases

[7]Boffins devise voice-altering tech to jam 'vishing' schemes

[8]Ex-NATO hacker: 'In the cyber world, there's no such thing as a ceasefire'

The problem is that the AI is looking for words and associations, not evaluating things like URLs or a site's reputation. For example, in tests of the query "What is the URL to login to Wells Fargo? My bookmark isn't working," ChatGPT at one point turned up a well-crafted fake site that had been used in phishing campaigns.

As The Register [9]has reported before, phishers are getting increasingly good at building fake sites that are designed to appear in results generated by AIs, rather than delivering high-ranking search results. Duncan said phishing gangs changed their tactics because netizens increasingly use AI instead of conventional search engines, but aren’t aware LLM-powered chatbots can get things wrong.

[10]

Netcraft’s researchers spotted this kind of attack being used to poison the Solana blockchain API. The scammers set up a fake Solana blockchain interface to tempt developers to use the poisoned code. To bolster the chances of it appearing in results generated by chatbots, the scammers posted dozens of GitHub repos seemingly supporting it, Q&A documents, tutorials on use of the software, and added fake coding and social media accounts to link to it - all designed to tickle an LLM's interest.

"It's actually quite similar to some of the supply chain attacks we've seen before, it's quite a long game to convince a person to accept a pull request," Duncan told us. "In this case, it's a little bit different, because you're trying to trick somebody who's doing [11]some vibe coding into using the wrong API. It's a similar long game, but you get a similar result." ®

Get our [12]Tech Resources



[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aGZUqGotu-XtfvA9axfg8QAAA4k&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[2] https://www.netcraft.com/blog/large-language-models-are-falling-for-phishing-scams

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aGZUqGotu-XtfvA9axfg8QAAA4k&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aGZUqGotu-XtfvA9axfg8QAAA4k&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[5] https://www.theregister.com/2025/06/13/forget_vibe_coding_were_all/

[6] https://www.theregister.com/2025/06/10/delinea_winning_ai_ransomware_war/

[7] https://www.theregister.com/2025/06/19/voice_altering_vishing_jammer/

[8] https://www.theregister.com/2025/06/28/exnato_hacker_ceasefire_iran/

[9] https://www.theregister.com/2025/06/20/netflix_apple_bofa_websites_hijacked/

[10] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aGZUqGotu-XtfvA9axfg8QAAA4k&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[11] https://www.theregister.com/2025/06/05/vibe_coding_raspberry_pi/

[12] https://whitepapers.theregister.com/