Kaspersky has uncovered a sophisticated scam where fraudsters exploit OpenAI’s team invitation system to dupe users. Attackers create accounts using legitimate OpenAI emails and embed malicious links in the organization name field, making their invitations appear credible. Unsuspecting businesses are prime targets, as multiple employees may receive these deceptive emails simultaneously.
The emails often contain concerning claims, such as unexpected subscription renewals or misleading promotions, pressuring recipients to act quickly, leveraging social engineering tactics like vishing. Kaspersky advises users to approach unsolicited invitations with caution, inspect URLs meticulously, and report any unusual activity.
To mitigate risks, enabling multi-factor authentication is recommended alongside robust endpoint protection and firewalls. Organizations and individuals must remain vigilant, recognizing that even trusted collaboration features can be manipulated for fraudulent purposes. This scam underscores the importance of verifying communications, enhancing user awareness, and considering potential abuses of online services.
Source link
