Fraudulent OpenAI Tenant Invitations Lure Cybersecurity Firms into Credential‑Harvesting Campaign
What Happened – Threat actors created counterfeit OpenAI ChatGPT workspaces that mimic legitimate company tenants. Invitations were sent from OpenAI’s genuine notification address, passed SPF/DKIM checks, and granted the recipient “Owner” privileges. Employees who accepted were added to a tenant controlled by the attacker, who could then harvest any data entered into the workspace.
Why It Matters for Compliance & Audit Readiness
- Demonstrates a gap in SOC 2 CC6.1 – Security Awareness Training: employees must be able to recognize sophisticated SaaS‑onboarding phishing attempts.
- Provides a concrete example of why continuous evidence of policy enforcement (e.g., SaaS‑vendor verification logs) is required for audit readiness.
- Highlights the need for documented incident response to unauthorized SaaS tenant creation, supporting the “Incident Management” control set.
Who Is Affected – Cybersecurity and broader technology service firms that use OpenAI’s enterprise ChatGPT offering.
Recommended Actions
- Amend SaaS onboarding policies to require multi‑factor verification of tenant ownership before accepting any invitation.
- Run targeted phishing‑simulation training that includes AI‑tool invitations and the subtle “email domain mismatch” warning.
- Enable logging of all OpenAI tenant creation events and monitor for mismatched billing information.
- Incorporate the invitation review process into your SOC 2 evidence collection (e.g., screenshots, ticket records).
Source: BleepingComputer – Cybersecurity firms targeted by fraudulent OpenAI organization invites
Technical Notes – The attack leverages legitimate OpenAI email infrastructure (noreply@tm.openai.com) and passes standard email authentication (SPF/DKIM). The malicious tenant is created with attacker‑controlled Gmail accounts, and the “Owner” role grants full admin rights, enabling potential data exfiltration from any ChatGPT project. No known CVEs are involved; the vector is social engineering.