OpenAI Scam Exploit | Kaspersky Warning

Kaspersky has detected a sophisticated OpenAI scam exploit that leverages the platform’s legitimate teamwork features to distribute fraudulent emails. Attackers are abusing OpenAI’s organization creation and team invitation capabilities to send spam messages that appear to originate from trusted OpenAI addresses, potentially deceiving users into clicking malicious links or contacting fraudulent phone numbers.

How the OpenAI Scam Exploit Works

The OpenAI scam exploit begins when attackers register accounts on the OpenAI platform. During the registration process, users are prompted to enter an organization name that can contain any combination of symbols. Scammers exploit this vulnerability by embedding deceptive text, fraudulent links, and phone numbers directly into the organization name field itself. Once the fake “organization” is created, OpenAI provides an “invite your team” feature that allows attackers to input victim email addresses. When these invitations are sent, they originate from OpenAI’s legitimate servers, making them appear completely authentic from a technical perspective.

Types of Attacks Using the OpenAI Scam Exploit

Kaspersky researchers have identified multiple attack vectors utilizing this OpenAI scam exploit. The first involves fraudulent emails promoting illegal services, including adult content offerings. A second attack angle employs vishing tactics, where attackers send false notifications claiming that a subscription has been automatically renewed for a substantial amount. Recipients are instructed to call a provided phone number to “cancel” the charge, leading to further compromise of their accounts and personal information. The deceptive text that attackers want victims to read is structurally inconsistent with the legitimate email template, which was originally designed for project collaboration invitations. However, attackers rely on users not paying close attention to these inconsistencies.

Security Recommendations Against OpenAI Scam Exploit

Anna Lazaricheva, senior spam analyst at Kaspersky, commented on the vulnerability: “This case highlights a vulnerability in how platform features can be weaponized for social engineering email attacks. By embedding deceptive elements in seemingly innocuous fields like organization names, scammers attempt to bypass traditional email filters and exploit user trust in reputable services.”

“We urge all users to verify invitations carefully and avoid clicking embedded links without scrutiny. We also recommend brands to consider whether their online services or platforms could be abused by attackers.”
Anna Lazaricheva, Senior Spam Analyst, Kaspersky

Protective Measures and Best Practices

Treat unsolicited invitations from any platform with suspicion, even if they appear to come from trusted sources
Carefully inspect URLs before clicking on any links in emails
Do not call phone numbers indicated in suspicious emails; instead, find official contact information on the service’s official webpage
Report suspicious emails to the platform provider immediately
Enable multi-factor authentication for all accounts to add an extra layer of security

For corporate users, Kaspersky Security for Mail Server provides multi-layered defense mechanisms powered by machine learning algorithms to protect against evolving threats. Individual users can benefit from Kaspersky Premium, which offers AI-powered anti-phishing features designed to prevent phishing attacks and enhance overall cybersecurity posture.