OpenAI team invitation system exploited in sophisticated phishing scam

A sophisticated scam is exploiting OpenAI’s team invitation system to target unsuspecting users. Fraudsters are registering accounts and embedding deceptive links or phone numbers directly into the organization name field, then using the "invite your team" feature to send emails from legitimate OpenAI addresses, making the messages appear authentic, according to a recent report by Tech Radar.

These deceptive emails, originating from seemingly legitimate OpenAI accounts, aim to trick recipients into clicking malicious links or calling fraudulent numbers. The scam emails vary in content, with some falsely claiming a subscription renewal for a large sum or promoting fraudulent offers. Businesses are particularly vulnerable as these attacks can target multiple employees simultaneously, increasing the potential for widespread data capture or financial loss. The attackers rely on recipients overlooking subtle inconsistencies in the email text.

This incident highlights how collaboration features on trusted platforms can be weaponized for social engineering attacks. It underscores the need for enhanced vigilance, with users urged to scrutinize all unsolicited invitations, verify URLs before clicking, and avoid calling numbers from suspicious messages. 

Source: Tech Radar