Kaspersky Warns of Sophisticated Phishing Campaign Exploiting OpenAI Team Invitations

Kaspersky has uncovered a new and highly deceptive phishing campaign that abuses collaboration features within the OpenAI platform to distribute fraudulent emails that appear legitimate. The campaign leverages official-looking team invitations to lure victims into clicking malicious links or engaging with untrusted contact channels, according to a statement received by the company.

How the Scam Operates

According to Kaspersky’s cybersecurity researchers, attackers begin by creating new accounts on the OpenAI platform. During the registration process, OpenAI allows users to enter an “Organization Name” — a field that does not restrict the type of text entered. Cybercriminals exploit this flexibility by inserting misleading content, fake support messages, malicious links, or even fraudulent phone numbers into the organization name field.

Once the fake organization profile is created, attackers use the “Invite Team Members” feature to send invitations to targeted email addresses. Because these invitations are sent from official OpenAI email infrastructure, they often bypass traditional spam filters and appear trustworthy to recipients, significantly lowering suspicion.

Why the Emails Look Legitimate

One of the most dangerous aspects of this campaign is its technical authenticity. The emails are delivered from genuine OpenAI-related domains, which makes them difficult for both users and automated email security systems to flag. This tactic allows attackers to exploit users’ trust in well-known platforms and brands.

Kaspersky notes that while the visual structure of the message may differ slightly from standard OpenAI invitations, many users fail to notice these subtle inconsistencies — especially when the message appears urgent or financially related.

Types of Fraudulent Messages Identified

Kaspersky reports that the campaign includes multiple phishing scenarios, such as:

Fake service offers, including inappropriate or adult-oriented content
Messages claiming subscription renewals with unusually high charges
Voice phishing (vishing) attempts urging users to call fake support numbers
Requests to “verify” accounts or cancel alleged payments

In many cases, victims are pressured to act quickly, increasing the likelihood of mistakes that could lead to credential theft, financial loss, or broader system compromise.

A Broader Cybersecurity Concern

Security experts warn that this campaign reflects a growing trend in cybercrime: the exploitation of legitimate collaboration and productivity platforms for social engineering attacks. Similar techniques have previously targeted platforms such as Microsoft Teams, Google Workspace, and Slack.

Anna Larkina, Senior Web Content Analyst at Kaspersky, emphasized the severity of the issue:

“These scams highlight a critical security gap related to how platform features can be misused in social engineering attacks. Cybercriminals are increasingly leveraging trusted services to bypass traditional security mechanisms and exploit user confidence.”

She added that organizations must actively monitor how their platforms can be abused and continuously improve safeguards against such misuse.

How Users Can Protect Themselves

Kaspersky recommends several steps to reduce the risk of falling victim to these attacks:

Treat unsolicited invitations with caution, even if they appear to come from trusted platforms
Avoid clicking links embedded in unexpected emails
Never call phone numbers provided in suspicious messages
Verify communications by visiting the official website directly
Enable multi-factor authentication (MFA) on all accounts
Report suspicious emails to the platform’s security team

Security Solutions Highlighted by Kaspersky

For enterprise users, Kaspersky highlighted Kaspersky Security for Mail Server, a multi-layered email protection solution powered by machine learning technologies designed to detect and block advanced phishing threats.

For individual users, Kaspersky Premium offers AI-assisted anti-phishing features, real-time threat detection, and enhanced privacy protection to help safeguard personal accounts and data.

About Kaspersky

Founded in 1997, Kaspersky is a global cybersecurity and digital privacy company providing protection for individuals, enterprises, and critical infrastructure worldwide. The company reports that its technologies protect over one billion devices and serve millions of individual users and more than 200,000 corporate clients globally.

This content is part of continuous monitoring of Arabic websites and specialized blogs, alongside insights drawn from Egypt-based online stores, Kuwait stores, and vitamin e-commerce platforms. It also relies on a well-known social media services platform as a primary source for information, trends, and ongoing updates

One thought on “Kaspersky Warns of Sophisticated Phishing Campaign Exploiting OpenAI Team Invitations”

Pingback: How to Stay Productive While Working From Home: A Practical Guide for Remote Workers | Ezznology UK
Pingback: UK Leads Major Economies Most Affected by AI as Job Opportunities Decline | Ezznology UK
Pingback: LAiPIC Launches Doratoon AI Platform to Generate Full Anime Episodes from a Single Text Prompt | Ezznology UK