Risk actors are creating OpenAI tenants that impersonate legit firms and welcoming staff to hitch them. This seems to be a ruse to trick the goal into sending confidential firm data in chats and initiatives.
Push Safety found a marketing campaign dubbed the “Poisoned Tenant” marketing campaign after a number of staff acquired invites to hitch an OpenAI group named “Push Safety Inc.” Though the invitation was legit and got here immediately from OpenAI, the ChatGPT tenant was not created by the corporate however by the attacker utilizing a Gmail deal with.
The invitation e mail was despatched from OpenAI’s canonical notification deal with Noreply@tm.openai.com, handed e mail authentication checks, and was the identical as an everyday invitation to hitch your group’s ChatGPT workspace.

Supply: Push Safety
Push Safety instructed BleepingComputer that different clients have acquired comparable invites, all of them within the cybersecurity or know-how subject.
Attacker-controlled OpenAI group
In line with a brand new report from Push Safety, the invites focused particular staff utilizing work e mail addresses, suggesting that the attackers had been researching who labored for the corporate earlier than launching the marketing campaign.
OpenAI features a warning that the inviter’s e mail area doesn’t match the recipient’s company area, however this notification seems as a single line throughout the legit invitation e mail.
To raised perceive the aim of the assault, Luke Jennings, VP of Analysis and Growth at Push Safety, accepted one of many invites.
As soon as agreed, the researcher was instantly added to the fraud group. The group included a single account managed by the attackers that impersonated Push Safety and had a Gmail deal with claiming to be the corporate’s CEO, Adam Bateman.
All invited staff had been assigned proprietor rights throughout the group and got administrative rights to the tenant.
As a result of that they had administrative entry, they had been in a position to view different pending invites and make sure that the focused staff weren’t becoming a member of the pretend ChatGPT group. It was additionally found {that a} Visa bank card was already related to the group’s billing account, additional including legitimacy.

Supply: Push Safety
Push Safety instructed BleepingComputer that the aim of the assault is unclear as a result of the mission is empty and accommodates no current chats or initiatives.
Push Safety believes the attacker’s purpose is to trick staff into utilizing the ChatGPT workspace as if it had been a legit company platform, permitting the attacker to gather delicate data submitted.
“An attacker who merely desires to disseminate fraudulent content material by trusted e mail channels won’t title the group after their targets, analysis particular person staff, or connect bank cards,” Pusch wrote.
“That funding solely pays off when staff really be part of the group and begin utilizing it. And with AI platforms, the info individuals enter into prompts could be extremely delicate, together with supply code, inside paperwork, buyer knowledge, safety analysis, and strategic plans.”
The corporate additionally believes that including a fee methodology removes one other potential purple flag, permitting invited customers to make use of premium options with out questioning whether or not a company is legit.
Push Safety says this marketing campaign displays a broader development of attackers abusing legit invitation and notification options constructed into SaaS platforms.
Not like common phishing campaigns, these invites originate from the platform’s personal infrastructure and are legit, making them extra more likely to bypass e mail safety controls.
To scale back the chance of this sort of assault, Push recommends coaching staff to test for sudden group invites and monitor SaaS group membership.
BleepingComputer reached out to OpenAI to ask if they’ve acquired any further reviews of comparable campaigns, what protections organizations can use in opposition to these assaults, and whether or not they plan to introduce further protections to stop attackers from creating organizations that impersonate legit firms. We are going to replace this text if we obtain a response.
Safety groups doc 54% of profitable assaults and problem a warning on solely 14%. The remainder strikes invisibly by the setting.
Picus’ whitepaper exhibits easy methods to check your SIEM and EDR guidelines in breach and assault simulations to make sure threats go undetected.
Get the white paper
