Newsmerido
Technology

Beware, hackers have hijacked OpenAI’s 'invite your team' feature to break into your business

· 5 min read
Beware, hackers have hijacked OpenAI’s 'invite your team' feature to break into your business
  1. Pro
  2. Security
Beware, hackers have hijacked OpenAI’s 'invite your team' feature to break into your business News By Efosa Udinmwen published 25 January 2026

Vishing calls follow emails to pressure victims into revealing account details

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

OpenAI logo on a smartphone screen Image Credit: TechRadar (Image credit: Shutterstock / Mehaniq) Share Share by:
  • Copy link
  • Facebook
  • X
  • Whatsapp
  • Reddit
  • Pinterest
  • Flipboard
  • Threads
  • Email
Share this article 0 Join the conversation Follow us Add us as a preferred source on Google
  • Fraudsters send emails from legitimate OpenAI addresses to trick users
  • Deceptive organization names hide malicious links designed to capture sensitive information
  • Businesses are targeted because multiple employees can receive malicious invitations simultaneously

Kaspersky has uncovered a sophisticated scam which exploits OpenAI’s team invitation system to attack unsuspecting users.

Fraudsters register accounts and embed deceptive links or phone numbers directly into the organization name field.

They then use the “invite your team” feature to send emails from legitimate OpenAI addresses, making the messages appear fully authentic.

You may like
  • Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards. Watch out - this fake Microsoft Teams app is actually dangerous malware, here's how to stay protected
  • Abstract image of cyber security in action. AI scams surge: how consumers and businesses can stay safe
  • Phone scammer Hackers impersonate TechCrunch reporters to steal sensitive information - but you can always trust us

Email contents are deceptive

Kaspersky warns these emails can easily trick recipients into clicking malicious links or calling fraudulent numbers, potentially causing serious data or financial losses.

The content of these scam emails varies, but the goals remain consistent. Some messages claim that a subscription has been renewed for an unusually large sum, while others promote fraudulent offers, including adult services.

Kaspersky notes attackers often combine email and voice tactics, using vishing to pressure recipients into acting immediately.

The text in these emails frequently shows structural inconsistencies, yet attackers rely on recipients overlooking these irregularities.

Are you a pro? Subscribe to our newsletterContact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

Businesses face higher risk because attackers can target multiple employees at the same time.

Kaspersky recommends treating all unsolicited invitations with suspicion, even when they appear to come from trusted platforms.

Users should carefully inspect all URLs before clicking, avoid calling numbers included in suspicious messages, and report unusual activity to the service provider.

You may like
  • Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards. Watch out - this fake Microsoft Teams app is actually dangerous malware, here's how to stay protected
  • Abstract image of cyber security in action. AI scams surge: how consumers and businesses can stay safe
  • Phone scammer Hackers impersonate TechCrunch reporters to steal sensitive information - but you can always trust us

Users should enable multi-factor authentication across all accounts to reduce risk, but stronger protection also requires technical defenses.

Endpoint protection and strong firewall setups remain essential, and immediate malware removal is necessary if any interaction with a scam link occurs.

The attack shows how criminals can turn even trusted collaboration features into tools for fraud.

To avoid these threats effectively, organizations and individuals must remain vigilant.

“This case highlights a vulnerability in how platform features can be weaponized for social engineering email attacks. By embedding deceptive elements in seemingly innocuous fields like organization names, scammers attempt to bypass traditional email filters and exploit user trust in reputable services,” said Anna Lazaricheva, senior spam analyst at Kaspersky.

“We urge all users to verify invitations carefully and avoid clicking embedded links without scrutiny. We also recommend that brands consider whether attackers could abuse their online services or platforms.”

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Efosa UdinmwenEfosa UdinmwenFreelance Journalist

Efosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master's and a PhD in sciences, which provided him with a solid foundation in analytical thinking.

Show More Comments

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Logout Read more Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards. Watch out - this fake Microsoft Teams app is actually dangerous malware, here's how to stay protected    Abstract image of cyber security in action. AI scams surge: how consumers and businesses can stay safe    Phone scammer Hackers impersonate TechCrunch reporters to steal sensitive information - but you can always trust us    A hacker typing on a MacBook laptop with code on the screen. 'Weaponized AI' could be the biggest security threat facing your business this year - here's what experts say you should be on the lookout for    A person holding a phone looking at a scam text with warning signs around Watch out - these scam Mac Store apps are impersonating Google Gemini & OpenAI ChatGPT    An AI face in profile against a digital background. How AI is supercharging social engineering - and what businesses can do about it    Latest in Security Back View of Young Black Man Walking and Looking at Big Digital Screens Glitching While Displaying Code Lines. Professional Hacker Breaking Through Cybersecurity Protection System, Changing Code Huge data leak of 149 million credentials exposed without any protection – 98GB of unique usernames and passwords from financial services, social media accounts and dating apps    Phishing, E-Mail, Network Security, Computer Hacker, Cloud Computing Cyber Security 3d Illustration Crowdstrike and Nord Security partnership nests Falcon Go and Falcon Enterprise directly through NordLayer – combined enterprise-grade protection with VPN and ZTNA for SMBs    A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system Microsoft SharePoint exploited to hack multiple energy firms    Malware attack virus alert , malicious software infection , cyber security awareness training to protect business Curl will stop bug bounties program due to avalanche of AI slop    A man making a phone call and looking confused Custom-made 'vishing' kits are attacking SSO accounts across the world - Google, Microsoft and Okta under threat, here's what we know    Best free Linux firewalls Fortinet FortiGate devices hit in automated attacks which create rogue accounts and steal firewall data    Latest in News The Insta360 X5 and X4 Air action cameras in an outdoor setting under natural light The Insta360 CEO just leaked two upcoming cameras in one teaser image    Row of Samsung Galaxy S25 phones The Galaxy S26 Series looks like getting one of the best Pixel features    ICYMI header image with Sony Buds, Spotify Playlists, and Polar Loop band. ICYMI: the week's 7 biggest tech stories from ChatGPT to OLED TVs    A still of Disneyland Construction from 'Disneyland Handcrafted' Disneyland Handcrafted is a fascinating look at how Disneyland was built    Disney’s “The Muppet Show” stars Sabrina Carpenter and the original Muppet cast We just watched the official The Muppet Show on Disney+ trailer and now we're going gonzo    Lego Smart Bricks on Wireless Charger Lego on why Smart Bricks needed custom wireless charging    LATEST ARTICLES
  1. 1Beware, hackers have hijacked OpenAI’s 'invite your team' feature to break into your business
  2. 2Samsung's new brighter OLED TV tech is great, but it won't dominate LG yet
  3. 3This hidden feature I found makes it much easier sculpt your Wi-Fi speaker’s sound
  4. 4Are robot window cleaners any good? I tested one – here's what you need to know before you buy
  5. 5Klipsch Flexus Core 100 review: a commendable, compact Dolby Atmos soundbar

Related Reading