How can I identify a fake OpenAI invitation?

Verify the sender's domain, watch for unusual phrasing in the message, and check for missing official logos. Legitimate invitations always come from OpenAI's corporate or partner addresses.

What data are scammers trying to steal?

Attackers target corporate data such as system access, customer information, internal processes, and technical project details. Attacks often begin with harmless chat inquiries.

How can companies protect themselves from these attacks?

Implement multi-factor authentication, train employees to recognize phishing, restrict access to external platforms, and regularly update security policies.

← All news

Security

Scammers Impersonate OpenAI to Target IT Firms

June 26, 2026

Photo: BleepingComputer

Quick answer

Cybercriminals are impersonating OpenAI by creating fake accounts to trick IT employees into revealing sensitive corporate data through phishing invitations in chats and projects.

Cybercriminals have developed a new attack scheme targeting IT firms by impersonating official OpenAI structures. Attackers create fake tenants in cloud infrastructure, posing as legitimate organizations, and send employees invitations to join 'projects' or 'discussions.'

The goal of these attacks is to extract confidential information through chats and collaborative workspaces. Victims often remain unaware of the threat, as scammers use real OpenAI logos and corporate styling. In some cases, attacks begin with harmless questions about workflows, gradually escalating to requests for system or data access.

Cybersecurity experts note that such schemes are becoming more common, especially amid the growing popularity of collaborative platforms. It is recommended to verify sender domains, use multi-factor authentication, and restrict employee access to external resources without prior verification.

Companies are also advised to conduct regular security training so employees can recognize suspicious activities. Special attention should be paid to verifying invitations from unknown organizations, even if they appear official.

Common questions

How can I identify a fake OpenAI invitation?: Verify the sender's domain, watch for unusual phrasing in the message, and check for missing official logos. Legitimate invitations always come from OpenAI's corporate or partner addresses.
What data are scammers trying to steal?: Attackers target corporate data such as system access, customer information, internal processes, and technical project details. Attacks often begin with harmless chat inquiries.
How can companies protect themselves from these attacks?: Implement multi-factor authentication, train employees to recognize phishing, restrict access to external platforms, and regularly update security policies.

Dzen feed: /feed/dzen.xml · RSS: /feed.xml