Scammers are exploiting public excitement around artificial intelligence tools by dangling free access to ChatGPT, Gemini, and similar platforms, then harvesting payment details and login credentials from people who click. The schemes are spreading at a time when reported losses to fraud in the United States hit $12.5 billion in 2024, the largest annual total the Federal Trade Commission has ever recorded. That record figure reflects a broader environment in which con artists rapidly adapt their pitches to match whatever technology consumers are most eager to try.
Record fraud losses and the AI-access lure
The FTC disclosed that reported fraud losses reached $12.5 billion in 2024, a sharp jump from prior years. That aggregate number captures everything from investment scams to impersonation schemes, but it also sets the stage for a specific pattern: fraudsters packaging their attacks as invitations to use popular AI services at no cost. Victims typically encounter ads, emails, or social media posts promising premium ChatGPT or Gemini features for free. The hook works because both platforms genuinely offer limited free tiers, making the fake upgrade pitch plausible.
Once a user clicks, the landing page usually requests an email address, a password, and sometimes a credit card number to “verify identity” or “unlock” a supposed trial. Those credentials then feed into broader fraud chains. Stolen email and password pairs get tested across banking, shopping, and cloud-storage sites in search of accounts that reuse the same login. Payment card numbers fund unauthorized purchases or get resold on dark‑web marketplaces. The entire cycle, from ad click to drained account, can unfold in hours, often before the victim realizes anything is wrong.
How the $12.5 billion total obscures AI-specific complaints
The FTC collects consumer reports through several channels, including its online fraud reporting portal and a dedicated identity‑theft site. Complaints about unwanted calls also flow through the agency’s Do Not Call registry. Each of these intake points captures different slices of the fraud picture, but none currently tags AI‑service credential requests as a standalone category. That gap means the true scale of fake ChatGPT and Gemini offers is buried inside the $12.5 billion headline.
A reasonable hypothesis is that a measurable share of the 2024 spike involves complaints that began with an AI‑themed pitch, even though the FTC has not broken them out separately. The logic is straightforward: consumer interest in generative AI surged throughout the year, and scammers follow attention. Phishing campaigns themed around new technology have historically tracked product‑launch cycles, from cryptocurrency wallet scams to fake streaming‑service trials. AI chatbots are the latest vehicle, not a fundamentally different tactic.
Without a dedicated complaint tag, researchers and regulators are left estimating the AI‑lure share by keyword searches through narrative complaint text rather than structured data fields. That limitation slows enforcement, complicates trend analysis, and makes it harder to issue targeted consumer warnings that mention specific tools by name.
Anatomy of the fake offer pipeline
The schemes typically follow a three‑stage pipeline. First, paid ads or viral social posts advertise “free premium” access to a well‑known AI tool. The branding closely mimics official logos and color schemes from OpenAI or Google, making the offer look legitimate at a glance. Some ads claim to unlock faster responses, higher usage caps, or access to “secret” models that do not actually exist.
Second, the landing page collects credentials. The site often copies the layout of a genuine login screen, complete with familiar fonts and privacy notices. Some versions add a fake chatbot window that simulates a conversation, reinforcing the illusion that the user has already gained access. The page may insist that a credit card is needed only for “age verification” or a “refundable $1 test charge,” language borrowed from legitimate subscription flows to lower suspicion.
Third, the collected data gets monetized. In some cases, attackers immediately attempt to log in to the victim’s email, cloud storage, or financial accounts using the same password. In others, they bundle stolen credentials into databases that are sold or traded among fraud groups. A single successful phishing page can capture thousands of logins before it is reported and taken down.
A related variant uses deepfake images or video of public figures endorsing the supposed free service. These clips may appear in short‑form video feeds or as embedded ads, with fabricated quotes praising a “limited‑time AI giveaway.” The FTC maintains a resource called Take It Down that helps people request removal of intimate or manipulated images, but the tool’s scope does not cover every type of AI‑generated promotional fraud. Victims who discover their likeness has been used in a scam face a patchwork of takedown options, platform‑specific reporting tools, and, in some cases, the need for legal counsel.
Follow‑on spam calls are another byproduct. Once a phone number enters a scam database, robocall operators use it for additional pitches, from fake tech‑support alerts to bogus subscription renewals. The FTC’s Do Not Call registry lets consumers report these calls and register numbers to reduce telemarketing, but blocking them after the fact does not recover stolen credentials or money already spent. For many victims, the nuisance continues long after the initial AI‑themed scam has run its course.
Gaps regulators have not yet closed
Several questions remain open. The FTC has not published any subcategory data isolating AI‑themed or chatbot‑access scams within the $12.5 billion total. No case files from the agency’s fraud or identity‑theft portals have specifically named ChatGPT or Gemini lures in public enforcement actions. And no published metrics from any of the agency’s reporting tools link their complaint volumes directly to AI‑access phishing campaigns.
That absence of granular data creates a blind spot. Consumer advocates cannot quantify how fast these scams are growing relative to other fraud types, or whether particular demographics are being hit hardest. Lawmakers weighing AI‑specific consumer protection rules lack hard numbers to cite when considering new disclosure or advertising requirements. And individual users searching for warnings may not find clear guidance because the scams have not yet been classified as a distinct threat category in official statistics.
The blind spot also affects the platforms whose names are being misused. Without consistent reporting labels, it is difficult to determine whether waves of fake “free premium” offers are cresting on particular social networks, messaging apps, or search‑ad ecosystems. That, in turn, makes it harder to pressure intermediaries to tighten ad‑screening rules or to prioritize takedowns of deceptive AI‑access promotions.
What consumers can do now
While regulators work through these gaps, individuals can take several practical steps to reduce their risk. The safest way to access an AI chatbot is to navigate directly to the provider’s official website or app, rather than following links in ads or unsolicited messages. If an offer promises benefits that do not appear on the official pricing page, it should be treated as suspect.
Users should also avoid entering payment details or passwords on pages reached through shortened links, QR codes, or pop‑up windows, especially if those pages lack clear contact information or privacy disclosures. Enabling multi‑factor authentication on email and financial accounts can limit the damage if a password is exposed. And if someone does fall for a fake AI offer, they should immediately change reused passwords, contact their bank or card issuer, and file a report through the FTC’s complaint channels.
The surge in AI‑themed phishing underscores a familiar pattern: whenever a new technology captures the public imagination, scammers rush to exploit the curiosity. The $12.5 billion in reported 2024 losses reflects that opportunism, even if the precise share tied to bogus ChatGPT and Gemini access remains hidden in the aggregate. Until reporting systems catch up, the most reliable defenses will be skepticism toward “too good to be true” AI deals and a habit of going straight to the source instead of trusting the link in front of you.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
