Cybersecurity firm Kaspersky has identified a sophisticated scam exploiting OpenAI's 'invite your team' feature to distribute fraudulent emails from legitimate OpenAI addresses. (bizcommunity.com)
How the Scam Operates
Attackers begin by registering accounts on OpenAI's platform, embedding deceptive text, links, or phone numbers into the organization name field during registration. They then use the 'invite your team' function to send emails to targeted recipients, making the messages appear authentic. (bizcommunity.com)
Types of Deceptive Content
The scam emails vary in content, including:
- Claims of unusually large subscription renewals.
- Promotions for fraudulent services, such as adult content.
- Vishing attempts, where recipients are instructed to call a phone number to 'cancel' a charge, leading to further social engineering. (bizcommunity.com)
Risks to Businesses
Organizations are particularly vulnerable as multiple employees can receive these malicious invitations simultaneously, increasing the potential impact. (bizcommunity.com)
Recommendations
Kaspersky advises users to:
- Treat unsolicited invitations with suspicion, even if they appear to come from trusted platforms.
- Carefully inspect all URLs before clicking.
- Avoid calling numbers included in suspicious messages.
- Report unusual activity to the service provider.
- Enable multi-factor authentication across all accounts.
Additionally, implementing endpoint protection, strong firewall setups, and immediate malware removal are essential to mitigate risks. (bizcommunity.com)
This incident underscores how cybercriminals can exploit trusted collaboration features for fraudulent activities. Both organizations and individuals must remain vigilant to effectively counter such threats.
For more details, refer to Kaspersky's official report. (bizcommunity.com)