Fraudulent OpenAI Tenants Target Cybersecurity Firms for Data Theft

Threat actors are impersonating legitimate companies by creating fraudulent OpenAI tenants to trick employees into divulging sensitive information. This campaign, termed 'Poisoned Tenant,' was identified by Push Security, which found that attackers used Gmail addresses to create fake organizations while sending invitations from OpenAI's legitimate notification system. The invitations, which bypass email security measures, target specific employees within the cybersecurity and technology sectors. Once accepted, employees are granted owner privileges, allowing attackers to potentially collect sensitive data shared in the fake ChatGPT workspace. A credit card is often attached to enhance the legitimacy of the fraudulent organization. The ultimate goal is to exploit user trust in SaaS platforms to extract confidential company data. Push Security's investigation revealed that the project created by attackers contained no existing chats, leaving the exact objectives unclear.

Key Points: • Attackers create fake OpenAI tenants to impersonate legitimate companies. • Invitations are sent from OpenAI's legitimate notification system, bypassing security. • Targeted employees are granted owner privileges, risking sensitive data exposure.