CONFERENCE Cyber AI & Automation Summit - NOW LIVE
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Email Security

Businesses Worldwide Targeted in Large-Scale ChatGPT Phishing Campaign

Barracuda has observed a large-scale OpenAI impersonation campaign whose goal is to phish for ChatGPT credentials.

Barracuda Networks has observed a large-scale OpenAI impersonation campaign targeting the credentials of ChatGPT users.

Threat actors have been sending out phishing emails that purport to come from artificial intelligence company OpenAI, informing recipients that their “latest subscription payment for ChatGPT was unsuccessful” and instructing them to click on a link to update payment information. 

Barracuda has seen these emails targeting businesses worldwide. The company is aware of over 1,000 emails being sent from a single domain.

The phishing emails appear to come from OpenAI Payments, but they actually originate from a domain called topmarinelogistics.com. The emails passed DKIM and SPF checks

Prebh Singh of Barracuda’s Product Management team told SecurityWeek that the OpenAI phishing emails pointed to the domain fnjrolpa.com.

This website is currently offline, but an analysis showed that it hosted a fake login page resembling that of OpenAI, indicating that the goal of the campaign is credential harvesting. 

“This is the simplest way for attackers to get access to new accounts that they can compromise to launch new phishing campaigns,” Singh explained.

The domain hosting the ChatGPT phishing page was registered in December 2023.

“Interestingly, based on whois records, the website was registered with an address from Nepal but the sender domain shows registered in France (and is also inaccessible now). Sender IP belongs to Germany,” Singh noted.

Advertisement. Scroll to continue reading.

Related: Microsoft Warns of Russian Spear-Phishing Attacks Targeting Over 100 Organizations 

Related: Be Aware of These Eight Underrated Phishing Techniques

Related: DoJ: Chinese Man Used Spear-Phishing to Obtain Software From NASA, Military

Related: Quishing Campaign Abuses Microsoft Sway to Host Phishing Pages

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Video platform Vimeo has appointed Ryan Weeks as Chief Information Security Officer.

LPL Financial has welcomed Renana Friedlich as Chief Information Security Officer.

SSH Communications Security has appointed Pauli Haikonen as the company’s Chief Information Security Officer (CISO).

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.