Cybersecurity firm Kaspersky has found an advanced scam that utilizes OpenAI platform capabilities and legitimate system functionalities to fool users into engaging with fake material. According to researchers, threat actors are misusing OpenAI’s organization formation and team invitation functionalities to distribute spam and phishing emails that appear to be from authentic OpenAI addresses. This inventive misuse of platform tools highlights how hackers are always evolving their strategies to exploit trustworthy systems, highlighting the necessity for users and businesses to exercise caution.
The scam, detected and analysed by Kaspersky’s security experts, centres around the teamwork features of the OpenAI platform. Specifically, attackers are registering new accounts and embedding deceptive links and contact information into the organisation name field during the setup process. Because this field accepts any combination of characters, it offers an unconventional avenue for embedding misleading text and fraudulent phone numbers within what appears to be a credible invitation or notification from OpenAI itself.
Once this fabricated organisation has been created on the OpenAI platform, the attackers use the invite team feature to dispatch emails to unsuspecting recipients. These emails are technically sent from OpenAI’s own systems, which makes them appear legitimate at first glance. This clever misuse of a trusted service enables scammers to bypass many traditional email filters and gain the trust of their targets, increasing the likelihood of recipients engaging with scam content.
Scam Uses Legitimate Features to Spread Fraudulent Offers:
According to Kaspersky’s investigation, these scam emails might take many different shapes. In certain cases, the content promotes bogus adult service offers, with links or contact numbers highlighted in bold type within the email. In other cases, users receive fraudulent messages claiming that a substantial subscription renewal has been charged to their accounts. These messages include a phone number and advise victims to call to “cancel” the unlawful payment, a strategy used to get personal or financial information.
One critical aspect of this scam is how the fraudulent text is embedded. Because attackers insert misleading content into fields intended for an internal organisation name, the visual structure of the email may still resemble a genuine invitation to collaborate on the OpenAI platform. Kaspersky’s researchers noted that the deceptive text is often structurally inconsistent with typical invitation templates, but many recipients may not notice these discrepancies when they assume the email genuinely came from a reputable source.
Kaspersky senior spam analyst Anna Lazaricheva commented on the broader implications of this discovery, emphasising that features designed to support collaboration can be weaponised for social engineering attacks. Lazaricheva urged users and organisations to critically examine invitations and notifications even when they appear to come from trusted platforms like OpenAI. This includes careful inspection of URLs and a general scepticism toward unsolicited communications.
Practical Safety Recommendations to Avoid Falling Victim:
To protect against this and similar scams, Kaspersky has issued a set of recommendations for both individual and corporate users. The core advice centres around treating unsolicited invitations with suspicion, regardless of whether they seem to originate from respected services. Users are urged not to click on embedded links without first verifying their legitimacy, and to avoid calling phone numbers listed in suspicious communications. Instead, they should find official support contact details through trusted channels or the service provider’s website.
Examining URLs carefully is another crucial safety measure. Scam URLs are sometimes concealed by reduced or deceptive site addresses that initially seem genuine. Instead of interacting with potentially harmful links, users should hover over them to see the complete destination or, if in doubt, go straight to the service’s official website.
For organisations, the use of multi-factor authentication (MFA) across all accounts is strongly recommended. MFA adds an extra layer of security that can prevent unauthorised access even if login credentials are compromised. Similarly, having a robust email security solution in place helps detect and mitigate spam, phishing, and other threat vectors before they reach end users.
Kaspersky Solutions Can Help Combat the Threat:
Kaspersky highlights that its own security products offer layers of protection designed to counter these evolving threats. For corporate environments, Kaspersky Security for Mail Server utilizes machine learning and multi-layered defence mechanisms to block a wide range of spam, phishing, and scam campaigns. These capabilities offer additional resilience for businesses facing increasingly complex cyber risks.
For individual users, Kaspersky Premium includes AI-powered anti-phishing features intended to detect suspicious online behaviour, alert users to potential threats, and improve overall cybersecurity. These protections aim to intercept malicious emails and deceptive links before they can be acted upon.
The emergence of this scam underscores how cybercriminals continually evolve their tactics in response to new technologies and platforms. By exploiting the very tools designed to facilitate teamwork and productivity, threat actors are finding creative ways to hide malicious content within seemingly legitimate interactions. Users must remain vigilant and adopt best practices to reduce the risk of falling victim to such ploys.
Ultimately, the alert from Kaspersky serves as a reminder that no platform is immune to abuse, and security is a shared responsibility between service providers and users. Careful scrutiny of unexpected communications, combined with advanced protective tools and awareness, remains essential in the fight against scams and phishing attacks that leverage trusted digital services.
