Scammers Exploit OpenAI Organization Invitations For Phishing

Kaspersky has detected a scam tactic in which attackers abuse OpenAI’s organization-creation and team-invitation features to send spam and phishing emails that appear to originate from legitimate OpenAI addresses. Attackers embed deceptive text, links, or phone numbers into the organization-name field during registration and invite victim emails, a method that can bypass filters and trick recipients into clicking malicious links or calling fraudulent numbers.
Key Points
- 1Exploit OpenAI org-name field to embed links and phone numbers in invitation emails
- 2Send invitations from OpenAI addresses, enabling messages to bypass filters and appear legitimate
- 3Verify invites carefully, avoid clicking embedded links, and reassess platform input field policies
Scoring Rationale
Credible Kaspersky detection raises urgency, but tactic is a minor variation with limited scope and actionable depth.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems