Warning for "ChatGPT" Users: Fake Invitations via "OpenAI"

SadaNews - Cybersecurity experts have warned users of "ChatGPT" and other "OpenAI" platforms about a new fraudulent method that exploits the invitation sending mechanism within the platform, making fraudulent messages appear as if they are officially issued by "OpenAI."

According to a recent monitoring report by "Kaspersky," its researchers discovered that attackers are misusing the features of creating "organizations" and inviting team members on the "OpenAI" platform to send fraudulent messages from legitimate email addresses belonging to the company itself. This gives the messages a high level of technical credibility and increases the chances of them bypassing spam filters and gaining the recipients' trust.

This method does not rely on hacking "OpenAI" systems, but rather on manipulating legitimate features originally designed to facilitate collaboration and teamwork, turning them into tools for social engineering.

How does the trick work?

The process begins with creating a regular account on the "OpenAI" platform. During registration, users are prompted to create an "organization" and specify a name for it. This field is typically designated for the name of a company or team but allows for the inclusion of various characters and texts.

Scammers exploit this flexibility to include misleading phrases directly in the organization name, such as warning messages or fake offers, and sometimes phone numbers or suspicious links. After creating the organization, the platform suggests the step of "Invite your team," where attackers enter the email addresses of their targeted victims.

When the invitations are sent, the messages come from official "OpenAI" addresses and appear to the recipient as genuine notifications to add them to a project or team. The email contains the usual template for collaboration invitations, but the fraudulent text inserted by the attacker is prominently displayed within the message. Scammers bet that many users will focus on the trusted address and the misleading message without paying attention to the illogical content or why they received an invitation to an unknown organization.

Types of fraudulent messages

Kaspersky has detected several types of messages that have been passed this way. Some promote fraudulent services or offers, while others take on a more serious tone. One common method involves sending false notifications indicating a renewal of a high-cost subscription. The message requests the victim to contact a provided phone number "to cancel the operation." This type of attack is known as "voice phishing" (Vishing), where scammers try to convince the victim during the call to disclose personal or financial information or perform steps that lead to further breaches. In all cases, the goal remains to prompt the recipient to act quickly, whether by clicking a link or making a call before verifying the message's validity.

Why do the messages seem convincing?

The danger of this method lies in the fact that the messages are not forged in the traditional way. They are sent through official channels and emanate from a real email structure belonging to the platform. Therefore, many of the usual warning signs, such as suspicious sender addresses, vanish. And although the content of the message is often inconsistent with the "collaboration invitation" template, this inconsistency may not be clear to everyone, especially to those who don’t expect a trusted platform to be exploited in this manner. Security experts believe that this situation highlights a broader issue. Even well-reputed services can become tools in the hands of scammers if their features are misused.

What should be done?

For users of "ChatGPT" and "OpenAI" platforms in general, this campaign serves as a reminder of the importance of caution, even when receiving messages that appear official. Experts advise treating any unexpected invitation with suspicion, especially if it includes urgent language, financial demands, or phone numbers. It’s also advisable to avoid clicking on embedded links or calling the numbers mentioned in suspicious messages. If there’s a genuine need to contact support, it’s best to visit the official service website and look for contact information there.

Additionally, reporting suspicious messages to the platform helps reduce their spread, while enabling two-factor authentication remains an important step to enhance security, even if this type of fraud does not directly rely on account hacking. Although this campaign targets individuals, it also raises broader questions for companies managing collaborative platforms. Tools designed to facilitate joining and teamwork can become vulnerabilities if not sufficiently restricted or monitored.