Kaspersky Uncovers OpenAI Teamwork Scam Targeting Users

Kaspersky has detected a scam tactic leveraging the OpenAI platform. Attackers are abusing OpenAI’s organization creation and team invitation features to send spam emails from legitimate OpenAI addresses, potentially tricking users into clicking scam links or calling fraudulent phone numbers. The spam campaign begins with attackers registering an account on the OpenAI platform. During registration, users are prompted to enter an organization name, which can consist of any combination of symbols. Scammers exploit this by embedding deceptive text and fraudulent links or phone numbers directly into the field for the organization name itself. Once the “organization” is created, OpenAI provides an option to “invite your team,” allowing the input of target email addresses of victims. When invitations are sent, they originate from OpenAI’s address, making them appear fully legitimate from a technical standpoint. Kaspersky detected several types of messages containing email threats sent in such a way. These are scam emails that promote fraudulent offers, such as adult services. Another attack angle is phishing—false notifications claiming a subscription has been renewed for a large sum: attackers instruct recipients to call a provided phone number to “cancel” the charge or take other actions that lead to further compromise. There may also be other email threats spreading via the OpenAI platform. The text that the attackers want the victims to read (highlighted in bold in the email template) is structurally inconsistent with the rest of the email template, which was originally designed to invite project collaborators. But the attackers bet on the fact that the victims would not pay attention. “This case highlights a vulnerability in how platform features can be weaponized for social engineering email attacks. By embedding deceptive elements in seemingly innocuous fields like organization names, scammers attempt to bypass traditional email filters and exploit user trust in reputable services. We urge all users to verify invitations carefully and avoid clicking embedded links without scrutiny. We also recommend brands to consider whether their online services or platforms could be abused by attackers,” comments Anna Lazaricheva, senior spam analyst at Kaspersky.