Scammers Are Using Deepseek to Steal User Data

Whenever there is a new fad or trend, scammers are not slow to capitalize on it. Bad guys are creating thousands of DeepSeek -like sites in the hope that unsuspecting users will give them their personal information.

Fake DeepSeek Sites Are on the Rise

As several security researchers have discovered, we are seeing a huge wave of phishing domains and websites targeting people who want to try out the new DeepSeek AI tool. If you didn’t know, this new tool has shaken up the AI ​​landscape since its official launch in late January.

Dominix Alvieri on X pointed out several examples of domains run by scammers trying to trick people interested in DeepSeek, including one that claims to be an “AI platform.”

The user “Who said what?” on X also posted an example of a page that resembles a text-stuffed URL. After analyzing how it works, it appears that the scammer designed the site to distribute the Lumma Stealer malware. The last time we saw this malware was just a few weeks ago, when fake Reddit pages were selling Lumma Stealer downloads.

DeepSeek hit by cyberattack, new registrations restricted

DeepSeek said Monday it would temporarily restrict new user registrations “due to large-scale malicious attacks” on its service, although existing users will still be able to log in as usual.

The Chinese artificial intelligence startup has attracted significant attention in the past few weeks, as it emerges as a rapidly emerging competitor to OpenAI's ChatGPT , Google's Gemini, and other leading AI tools.

Also on Monday, DeepSeek overtook OpenAI as the most downloaded free app in the US on Apple's App Store, replacing ChatGPT with DeepSeek's own AI assistant. This contributed to a major sell-off in global tech stocks.

The attention on the company, which was founded in 2023 and released its R1 model last week, has been widespread among tech analysts, investors and developers. They say the appeal, along with the fear of falling behind in the ever-changing AI race, may be well-founded, especially in the era of the generative AI boom, where tech giants and startups are racing to stay ahead in a market that is expected to reach more than $1 trillion in revenue within the next decade.

DeepSeek was reportedly spun out of a Chinese venture capital fund's AI research unit in April 2023, with a focus on large language models and artificial general intelligence (AGI) — a branch of AI designed to achieve or surpass human intelligence on a wide range of tasks, a goal that OpenAI and its rivals are aggressively pursuing.

The hype around DeepSeek began to explode last week when the company launched R1, a reasoning model that could compete with OpenAI’s o1. R1 is open source, allowing any AI developer to use it. The model quickly climbed to the top of application rankings and industry benchmarks, with many praising its performance and superior reasoning capabilities.

Notably, DeepSeek’s models were developed despite the fact that the US has tightened its restrictions on chip exports to China three times in the past three years. Estimates of the cost of training R1 vary, but according to Jefferies analysts, a recent version of R1 cost just $5.6 million to train (based on $2/hour GPU rental on the H800). That’s less than 10% of what it cost to train Meta’s Llama model.

While there are no exact figures, reports agree that DeepSeek's model was developed at a much lower cost than competitors like OpenAI, Anthropic, Google, and others.

DeepSeek's success is raising big questions for the AI ​​industry, including whether the industry's massive funding rounds and billion-dollar valuations are really necessary, and whether the industry is facing the risk of a bubble bursting.

Scammers may attempt to take advantage of DeepSeek downtime

So why do scammers create these domains in bulk? Bad guys need a way to spread the URL across the Internet to get people to click on it. Without a distribution vector, no one will see it.

It’s possible that scammers are taking advantage of DeepSeek’s downtime right now. The company reports that cybercriminals have launched DDoS attacks on the site, preventing people from using DeepSeek. This gives scammers an opportunity to take advantage of people who are genuinely interested in seeing the new AI model.

Scammers may try to send fake URLs around, claiming that DeepSeek is back online after the outage or that they have found an alternative URL that was not affected by the outage. Users may also see scammers sending emails encouraging people to click on a link that claims to offer exclusive beta access to a new feature or advertises a new payment plan for advanced tools.

Either way, now is a good time to keep an eye out for fake DeepFake clones and remember all the common ways to spot a phishing site .