What happened
Cybercriminals are exploiting anticipation for the upcoming release of Grand Theft Auto VI (GTA 6) by creating convincing scam websites that promise early access to the game. According to researchers at Malwarebytes, these fraudulent sites use AI-generated images, official-looking branding, and fake download processes to persuade users to make cryptocurrency payments.
The scam typically begins when a user encounters an advertisement, social media post, or comment containing a link to an alleged GTA 6 early-access offer. Once on the site, visitors are presented with professional-looking graphics, including GTA 6 logos, Vice City-themed artwork, luxury vehicles, and promotional content designed to resemble legitimate gaming marketing materials.
Victims are asked to pay for “VIP Early Access” or similar exclusive offers using cryptocurrencies such as Bitcoin, Ethereum, or USDT. After payment, users are directed to enter transaction details and click a download button. However, no game is delivered.
Researchers noted that the websites use psychological pressure tactics, including claims of exclusivity and limited-time access, to encourage quick decisions before users have time to verify the offer.
Who is affected
The primary targets are gamers eagerly awaiting the release of GTA 6, particularly those looking for early access opportunities before the game’s official launch.
The scam affects individuals globally and may be especially effective against users who are familiar with cryptocurrency transactions. Because payments are made through digital currencies, victims have little to no chance of recovering lost funds once a transaction is completed.
The campaign also highlights how threat actors are increasingly using AI-generated content to create more convincing social engineering attacks.
Why CISOs should care
Although the campaign is aimed at consumers, it reflects broader trends that concern security leaders. Attackers are leveraging AI-generated content to build highly persuasive scam environments that can be adapted for corporate phishing, credential theft, and business fraud campaigns.
The use of trusted brands such as Rockstar Games and GTA 6 demonstrates how cybercriminals capitalize on public interest and emotional urgency to drive engagement. Similar tactics can easily be repurposed to impersonate vendors, software providers, or internal business communications.
For CISOs, this serves as another reminder that AI-powered social engineering continues to lower the barrier for creating convincing fraudulent content at scale.
3 practical actions
- Educate employees about AI-generated scams and modern social engineering tactics that use trusted brands and trending events.
- Reinforce policies that require verification of unsolicited offers, downloads, and payment requests before any action is taken.
- Monitor security awareness programs to include examples of AI-assisted phishing, fake websites, and cryptocurrency-related fraud schemes.
