JAKARTA - Recently, Kaspersky revealed a fraud campaign that took advantage of OpenAI's team invitation feature, allowing attackers to send fake email invitations from official addresses to mass-scam victims globally.
In this scheme, attackers register an account on the OpenAI platform and fill in the organization name field with misleading text, a malicious link, or a fake phone number.
After that, the perpetrator used the "invite team" feature to send an email directly to the target's address. The invitation was sent from an official OpenAI address so that it looked legitimate.
However, the invitation contains a threat or a false promotion, as well as instructions to contact a certain number to cancel the bill, which leads to further fraud or vishing.
In response to the findings, Kaspersky urged users to increase their vigilance against various forms of digital social engineering.
Here are the steps to protect yourself from scams that take advantage of OpenAI's team invitation feature:
Be wary of unsolicited invitations from any platform, even if they seem to come from a trusted source. Check the URL carefully before clicking. Do not call the phone number listed in suspicious emails - if you need to contact the support of a particular service, it is best to find a phone number on the official website of the service. Report suspicious emails to the platform provider and use multi-factor authentication for all accounts. Use security solutions with layered defense mechanisms that provide strong protection against a wide range of ever-changing threats.The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
