Organizations around the world have been subjected to a new massive OpenAI impersonation campaign that aimed to exfiltrate ChatGPT credentials, SecurityWeek reports.
Using the 'topmarinelogistics.com' domain, threat actors spoofing OpenAI Payments sent more than 1,000 phishing emails warning of unsuccessful ChatGPT subscription payments that lured targets into clicking a link for updating payment details, which redirected to a fraudulent OpenAI login page on the 'fnjrolpa.com' domain, which has since been taken offline, according to a report from Barracuda Networks. Further analysis showed the credential harvesting website to have been registered last December. "Interestingly, based on whois records, the website was registered with an address from Nepal but the sender domain shows registered in France (and is also inaccessible now). Sender IP belongs to Germany," said Barracuda Product Management Manager Prebh Singh, who noted the attackers' approach to be the "simplest" means of compromising accounts that may be used in future phishing operations.
