Listen to the episode
TLDR
The "Poisoned Tenant" campaign creates fake OpenAI organizations that impersonate legitimate companies and invite targeted employees to join a ChatGPT workspace. Attackers research staff, use Gmail addresses, attach a credit card for added...
How it works
The "Poisoned Tenant" campaign creates fake OpenAI organizations that impersonate legitimate companies and invite targeted employees to join a ChatGPT workspace. Attackers research staff, use Gmail addresses, attach a credit card for added...
Red flags
- : You receive an OpenAI organization invite you never requested from a company you already work at The inviter's email domain (e.g., Gmail) does not match the impersonated company's real domain The organization is brand new, has no chats or projects, and already has a payment method attached
What to do
- 1: Verify any unexpected SaaS organization invite through a trusted internal channel before accepting Train employees to always compare the inviter's email domain with the company being impersonated Monitor OpenAI and other SaaS tenant memberships and immediately revoke access for unknown or
Source
bleepingcomputer
Source reviewed by Mythos Forensic Team
https://www.bleepingcomputer.com/news/security/cybersecurity-firms-targeted-by-fraudulent-openai-organization-invites/FAQ
Is Poisoned Tenant attacks use fake OpenAI organizations to steal corporate data from employees a real scam pattern?
Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.
What are the first warning signs?
: You receive an OpenAI organization invite you never requested from a company you already work at The inviter's email domain (e.g., Gmail) does not match the impersonated company's real domain The organization is brand new, has no chats or projects, and already has a payment method attached
What should I do first?
: Verify any unexpected SaaS organization invite through a trusted internal channel before accepting Train employees to always compare the inviter's email domain with the company being impersonated Monitor OpenAI and other SaaS tenant memberships and immediately revoke access for unknown or
Can LegalAudit check my case?
Yes. Start a free chat and paste the message, link, sender, or payment details for triage.