Scammers are using AI to make phishing scams appear legitimate. From crafting more human-like messages to appearing as official emails from big tech companies, it's getting harder to tell what's real and what's a trap. However, you can use the same AI platforms to catch phishing scams in no time with the help of antivirus companies that can now work with ChatGPT.
I recently received a text message that looked like a genuine traffic violation notice, complete with my vehicle number and a link to pay the fine. It almost got me. But instead of clicking through, I pasted the message into ChatGPT with the Malwarebytes add-on enabled and asked if it was a scam. Turns out, it was, and the breakdown it gave me was more detailed than anything I could have figured out on my own.
How the Malwarebytes add-on works in ChatGPT
A third-party security layer inside your AI chatbot
ChatGPT recently introduced an app store that lets you connect third-party services directly into your chats. Similar to browser extensions, but for your AI chatbot. One of the more useful additions is the Malwarebytes add-on, which you can enable by going to Settings, then Apps, searching for Malwarebytes, and then clicking Connect.
Once connected, you can invoke it in any conversation by typing something like "@Malwarebytes, is this a scam?" followed by the suspicious content. You can paste text from emails, SMS messages, or DMs, drop in a URL or phone number, or even upload a screenshot of a suspicious message.
This is, of course, a lot different from just asking ChatGPT directly because it doesn't rely on guesswork. When you submit something through the Malwarebytes add-on, it runs the content against Malwarebytes' own threat-intelligence databases, which check the URLs for domain age, WHOIS data, and known phishing indicators. Similarly, phone numbers are compared against scam and spam databases, and Email addresses are verified for domain legitimacy and registration history. The results are then fed back into ChatGPT and explained in plain language.
The add-on works with ChatGPT Free, Plus, Team, and Enterprise accounts, so you don't need a paid Malwarebytes subscription to use it.
I tested it against real phishing emails and texts
The results were surprisingly detailed
Back to where it all started. A week ago, I got an SMS claiming to be from a government transport authority about an unpaid traffic challan. It mentioned my vehicle number, quoted a fine, and included a link to pay. At first glance, it felt genuine. The link was a shortened URL, which should have been a giveaway, but I was too caught up in the tension of possibly having an unpaid violation to notice.
Instead of clicking the link, I copied the entire message and pasted it into ChatGPT with the Malwarebytes app selected. I simply asked, "Is this a scam?" After a few seconds, it confirmed my suspicion and broke down exactly why. It flagged that government agencies don't use URL shorteners like t.ly, that official traffic notices come from sender IDs like VM-PARIVH rather than random numeric codes like 56161230, and that the UID format in the message didn't match real challan references. It even pointed me to the official website to verify the fine myself.
Out of curiosity, I opened the shortened link in a virtual machine. It redirected to a download site that automatically pushed an APK file disguised as the official Ministry of Road Transport app for paying violations. Had I installed it on my actual phone, it could have stolen my payment credentials or worse.
The add-on also maintained context across the conversation. When I followed up by pasting the sender's phone number, it cross-referenced the number against spam databases and flagged it as a known bulk SMS gateway commonly used in phishing campaigns across the region.
It's not perfect, but it's a solid first line of defense
A few quirks worth knowing about
Like any security tool, the Malwarebytes add-on has its limitations. It relies on threat-intelligence databases and heuristic analysis, so if something is brand new or extremely targeted, it may not have specific data on it. In those cases, it returns an unsure verdict with a general risk context rather than a definitive yes or no.
There's also a privacy angle to consider. To analyze suspicious content, you're pasting messages, phone numbers, and URLs into ChatGPT, which then passes them to Malwarebytes' backend. That means both OpenAI and Malwarebytes process that data. Reports you submit also feed into Malwarebytes' threat intelligence, which implies some level of retention on their end. If that concerns you, it's worth reviewing how ChatGPT handles your data and how to manage what it remembers.
A useful tool, not a silver bullet
The Malwarebytes add-on for ChatGPT isn't going to replace dedicated antivirus software or make you immune to phishing. But as a quick triage tool for those moments when you get a suspicious text, email, or link and need a fast, informed opinion, it's surprisingly capable. The fact that it checks real-time threat data rather than just pattern-matching text makes it far more reliable than asking vanilla ChatGPT.
That said, not every suspicious message will make it to ChatGPT for a check, so building better habits matters more. If you're on Android, turning on Android 16's Advanced Protection feature is a practical step that works passively in the background, blocking unsafe apps, filtering scam messages, and protecting against malicious links without requiring you to manually vet every notification that comes in.