- Fraudsters send emails from legitimate OpenAI addresses to trick users
- Deceptive organization names hide malicious links designed to capture sensitive information
- Businesses are targeted because multiple employees can receive malicious invitations simultaneously
Kaspersky has uncovered a sophisticated scam which exploits OpenAI’s team invitation system to attack unsuspecting users.
Fraudsters register accounts and embed deceptive links or phone numbers directly into the organization name field.
They then use the “invite your team” feature to send emails from legitimate OpenAI addresses, making the messages appear fully authentic.
Email contents are deceptive
Kaspersky warns these emails can easily trick recipients into clicking malicious links or calling fraudulent numbers, potentially causing serious data or financial losses.
The content of these scam emails varies, but the goals remain consistent. Some messages claim that a subscription has been renewed for an unusually large sum, while others promote fraudulent offers, including adult services.
Kaspersky notes attackers often combine email and voice tactics, using vishing to pressure recipients into acting immediately.
The text in these emails frequently shows structural inconsistencies, yet attackers rely on recipients overlooking these irregularities.
Businesses face higher risk because attackers can target multiple employees at the same time.
Kaspersky recommends treating all unsolicited invitations with suspicion, even when they appear to come from trusted platforms.
Users should carefully inspect all URLs before clicking, avoid calling numbers included in suspicious messages, and report unusual activity to the service provider.
Users should enable multi-factor authentication across all accounts to reduce risk, but stronger protection also requires technical defenses.
Endpoint protection and strong firewall setups remain essential, and immediate malware removal is necessary if any interaction with a scam link occurs.
The attack shows how criminals can turn even trusted collaboration features into tools for fraud.
To avoid these threats effectively, organizations and individuals must remain vigilant.
“This case highlights a vulnerability in how platform features can be weaponized for social engineering email attacks. By embedding deceptive elements in seemingly innocuous fields like organization names, scammers attempt to bypass traditional email filters and exploit user trust in reputable services,” said Anna Lazaricheva, senior spam analyst at Kaspersky.
“We urge all users to verify invitations carefully and avoid clicking embedded links without scrutiny. We also recommend that brands consider whether attackers could abuse their online services or platforms.”
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
