Kaspersky has identified a new scam tactic that leverages the OpenAI platform. Attackers exploit the organization creation and team invitation features to send emails from legitimate OpenAI addresses. These messages may trick users into clicking malicious links or calling fraudulent phone numbers.
How the Scam Works
The campaign begins with attackers registering a new account on OpenAI. During registration, the platform requests an organization name, which can include any combination of symbols. Scammers take advantage of this by embedding deceptive text, fraudulent links, or fake phone numbers directly into the organization name field.
Once the fake organization is created, attackers use the “invite your team” feature to enter victims’ email addresses. The invitations are sent from OpenAI’s official email addresses, making them appear legitimate and bypassing technical filters. Kaspersky detected several types of scam messages, including:
-
Emails promoting fake offers such as adult services
-
Vishing campaigns with false subscription renewals, instructing recipients to call fake numbers to “cancel” charges, leading to further compromise
Although the highlighted text in the emails is inconsistent with the original template designed for project invitations, attackers rely on victims overlooking these discrepancies.
Expert Commentary
Anna Lazaricheva, senior spam analyst at Kaspersky, comments:
“This case highlights a vulnerability in how platform features can be weaponized for social engineering email attacks. By embedding deceptive elements in seemingly innocuous fields like organization names, scammers attempt to bypass traditional email filters and exploit user trust in reputable services. We urge all users to verify invitations carefully and avoid clicking embedded links without scrutiny. We also recommend brands to consider whether their online services or platforms could be abused by attackers.”
Kaspersky Recommendations
To protect against this and similar attacks, Kaspersky advises:
-
Treat unsolicited invitations with suspicion, even if they appear from trusted sources
-
Carefully inspect URLs before clicking
-
Avoid calling phone numbers included in suspicious emails; use official contact information from the service’s website instead
-
Report suspicious emails to the platform provider and enable multi-factor authentication for all accounts
-
Corporate users should deploy Kaspersky Security for Mail Server, which offers multi-layered, machine-learning-based protection against evolving threats
-
Individual users should consider Kaspersky Premium, providing AI-powered anti-phishing protection to enhance overall cybersecurity
This scam underscores the risk of attackers exploiting trusted platforms to conduct social engineering attacks. Vigilance, careful verification of email content, and robust security solutions remain essential defenses against phishing and vishing campaigns.
