ChatGPT Plus and Claude Pro both cost around $20 a month. But videos doing the rounds promise to unlock them — even the pricier Pro and Max tiers — completely free. Tempting? It’s also one of the slicker scams we’ve seen this year, and it ends with a stranger sitting inside your computer.
How the “free ChatGPT/Claude” scam works
The pitch goes roughly like this:
- Head over to the YouTube tutorial it points you to.
- Open Command Prompt (Windows) or Terminal (Mac).
- Paste in the one line the presenter gives you.
- Ignore the slightly odd, AI-generated mannerisms.
- And… you’re in. ChatGPT or Claude, free forever.
Except that line doesn’t unlock anything. It quietly downloads and runs malware, or opens a remote connection straight to the attacker. The instant you press Enter, you’ve handed over your computer — files, saved passwords, email, banking, the lot. Security folks call this trick “ClickFix”, and it’s spreading fast precisely because it doesn’t exploit any software flaw. It just needs you to copy and paste.
The views and reviews are fake too
“But it’s got 34,000 views, 2,000 likes, and comments saying it worked!” That’s the clever part. The channel, the presenter, the glowing comments — increasingly all AI-generated or bot-driven. Scammers now spin up convincing fake “YouTubers” at scale, complete with manufactured social proof, so the whole thing looks legitimate at a glance.
Those stilted AI mannerisms aren’t a quirk to look past — they’re the warning sign.
The one rule that keeps you safe
If you take one thing from this, make it this:
Never paste anything into Command Prompt or Terminal unless you genuinely understand what it does.
No legitimate free trial, discount or “unlock” has ever required you to run a command on your own machine. If a “deal” asks you to open a terminal, it isn’t a deal — it’s an attack.
Why this matters for your business
It only takes one person chasing a freebie on a work laptop to hand an attacker a foothold — and from there, your network, email and data are within reach. The defences are the boring-but-effective ones:
- Don’t run commands you don’t understand — and make sure your team knows the same.
- Lock down who can run scripts on managed devices — exactly the kind of control that comes with the Business Premium security stack (Defender, Intune, Conditional Access).
- When in doubt, ask IT before you paste, install or click.
The safety net: Huntress, our EDR
Awareness and device controls stop most of these — but people are human, and sooner or later someone clicks. That’s why we never rely on prevention alone. Every device we manage runs Huntress, our managed EDR (Endpoint Detection & Response), backed by a 24/7 Security Operations Centre.
So even if someone does paste that command, Huntress is watching for exactly what happens next — the malware trying to run, the quiet persistence it tries to leave behind, the connection back to the attacker. The moment it spots something off, the SOC investigates and isolates the device, cutting the attacker off before they can do real harm. It’s the same layered, defence-in-depth approach that recently let our SOC shut down a live account takeover for a client before any damage was done.
Spotting a dodgy “deal” is a skill — and it’s one we cover in our team lunch & learns.
Do us a favour: share this with the person in your life who’s always chasing a bargain. It might save them a very bad day.