Threat actors have been creating fraudulent OpenAI ChatGPT organizations impersonating legitimate companies, such as Push Security, to send legitimate-looking invitations to targeted employees with the goal of tricking them into sharing sensitive company information. These attacker-controlled tenants assign invitees administrative privileges and include payment methods to appear credible, enabling them to collect confidential data submitted within the workspace. Security experts warn this reflects a growing tactic of abusing legitimate SaaS invitation systems to bypass email security measures and recommend staff training and monitoring of SaaS memberships to mitigate risks.
Cybersecurity Firms Targeted by Fraudulent OpenAI Organization Invites
