ChatGPT Confession #001
I Fell for a Scam Email

I don’t fall for Nigerian prince emails promising me a $10 million inheritance.

At least, that’s what I used to think.

But this one got me.

The email arrived exactly seven days after I had been to PRP Imaging for a scan. Almost to the hour. The timing was perfect.

It came from PRP Imaging, not some random Gmail address. I checked that. I looked at the sender properly. It wasn’t obviously fake. It looked legitimate, and because I had genuinely just been there, my brain filled in the gaps.

The message simply said:

“Sharing this with you.”

There was a link.

Because I was expecting imaging results, I didn’t think much more about it. I clicked.

The Situation

The link took me to a page that looked normal enough. Later, I found out it was actually a page on ActiveCampaign, but at the time it just looked like a secure login screen asking for my Microsoft password.

And because so many systems now let you sign in with Microsoft, Google or Facebook, it didn’t seem strange. I assumed they needed me to verify my identity to access the results.

So I entered my email password.

That was the moment they got in.

I use Outlook, and within that short window the scammers had access to my account. The part that still annoys me is that I did check the sender. I did look. I wasn’t being reckless. The email was just timed and framed so well that it fit perfectly into my reality.

That’s what social engineering does. It doesn’t insult your intelligence. It uses your context.

How I Realised Something Was Wrong

About an hour and a half later, I got a call from someone in New Zealand.

He said, “I think your email has been hacked.”

At first I assumed he had received a spoofed message and thought it was from me. So I asked him if he could send me a screenshot.

He did.

And that’s when my stomach dropped.

The email hadn’t just looked like it came from me. It had come from me.

I opened my Sent folder and saw dozens of messages going out from my account.

That was the moment it clicked. The PRP Imaging email. The password I had entered. The link I had trusted.

They were inside my account and actively using it.

What I Did First

I contacted the company that manages my email hosting straight away. We reset the password and forced my account to log out of every active session. That stopped the immediate sending.

But even after that, I still felt incredibly uneasy.

Email isn’t just email. It’s connected to everything. Client communication. Password resets. Two-factor authentication. Years of business history. If someone had access to that, what else had they touched?

That’s when I opened ChatGPT. And honestly, moments like this are exactly why I started documenting my experiences in these ChatGPT confessions.

What I Asked ChatGPT

I asked what I should do if my Outlook email account had been hacked, and whether there was anything else I should be checking beyond simply changing the password.

I expected general advice.

What I got was a calm, step-by-step list of what to do next.

• Reset the password
• Force sign-out of devices and active sessions
• Check recent sign-in activity
• Look for suspicious account changes
• Scan the computer for malware
• Check for malicious Outlook rules

What Happened Next

The step that surprised me most was the suggestion to check for Outlook rules.

I would never have thought of that.

But when I checked, there it was.

The scammers had created a rule that automatically moved incoming emails into my Deleted Items folder. So while they were sending messages from my account, I wasn’t seeing the warning signs. I wasn’t seeing replies. I wasn’t seeing bounce-backs. I wasn’t seeing confused responses coming in.

They had deliberately tried to hide the evidence from me.

It was clever. Infuriatingly clever.

Not long after that, my hosting company also suggested I check the rules, which confirmed just how common that tactic must be. But ChatGPT got me there first, and that mattered because every minute counted.

The Extra Layer I Hadn’t Considered

Even after locking down the account, I was worried they may have done more than just send emails.

ChatGPT prompted me to check sign-in activity, and we could see unsuccessful login attempts from different places, including California. A week later, when I checked again, there were attempts from other locations too, which suggests the password had likely been sold or shared more broadly.

That was a lovely little bonus no one asks for.

It also told me to run a full computer scan to make sure no malware or malicious code had been installed. That had not even occurred to me in the initial panic. My brain had focused on the obvious problem – the email account – but not the wider security risk.

ChatGPT also strongly suggested upgrading from Windows 10 to Windows 11 for security reasons, which made me nervous because every tech person knows updates are character-building. But it was still the right advice.

The Realisation

What struck me most was not that ChatGPT had some magical cybersecurity power.

It was that it gave me something I badly needed in that moment – calm.

I didn’t need vague reassurance. I needed a clear path. Do this. Then this. Then check this. Then secure that.

Without that step-by-step thinking, I probably would have spiralled, called the wrong people, missed key checks, and quite possibly paid a security expert hundreds or thousands of dollars just to make sure my computer and accounts were safe.

Instead, I had an immediate thinking partner helping me work through the mess logically.

Why This Matters

People often talk about ChatGPT as a writing tool or a productivity tool. And yes, it can do those things.

But in this case, it did something else.

It helped me stay calm and methodical in the middle of a situation that could easily have tipped into full panic.

That’s not nothing.

When you run a solo business, there isn’t always someone sitting next to you saying, “Okay, let’s slow down and work through this properly.” Sometimes you are the tech support, the decision-maker, the business owner, and the person trying not to lose the plot all at once.

Having a tool that can help you think clearly under pressure is incredibly useful.

Final Thought

I build websites for a living.

Apparently I still need supervision.

Good thing I’ve got ChatGPT on speed dial.