Attackers create deceptive OpenAI tenants to steal company data

Threat actors are creating OpenAI tenants that impersonate legitimate companies and inviting employees to join them, in what appears to be a ploy to trick targets into submitting sensitive company information in chats and projects, based on information published by Bleeping Computer.

The campaign, dubbed "Poisoned Tenant" and discovered by Push Security, involves attackers creating fake OpenAI organizations using Gmail addresses but sending invitations from OpenAI's legitimate notification system. These invitations are designed to bypass email security and appear identical to genuine requests to join a company's ChatGPT workspace. Attackers research specific employees within target companies, sending invitations to their work emails. While OpenAI displays a warning if the inviter's domain doesn't match the recipient's, it's easily overlooked.

Once an employee accepts, they are granted owner privileges in the fraudulent organization, which may have a credit card attached to its billing account to appear more legitimate. The ultimate goal is to entice employees to use the fake workspace as a legitimate platform, thereby exposing sensitive company data like source code, internal documents, or customer information through chat prompts. This tactic exploits the trust users place in SaaS platforms and their notification systems, making it a sophisticated phishing variant.

Source: Bleeping Computer