Campaign also tried to exfiltrate ChatGPT credentials.
Organizations around the world have been subjected to a new massive OpenAI impersonation campaign that aimed to exfiltrate ChatGPT credentials.
According to SecurityWeek threat actors spoofing OpenAI Payments sent more than 1,000 phishing emails warning of unsuccessful ChatGPT subscription payments that lured targets into clicking a link for updating payment details.
Using the 'topmarinelogistics.com' domain, the URL redirected to a fraudulent OpenAI login page on the 'fnjrolpa.com' domain, which has since been taken offline.
According to a report from Barracuda Networks, further analysis showed the credential harvesting website to have been registered last December.
"Interestingly, based on whois records, the website was registered with an address from Nepal but the sender domain shows registered in France (and is also inaccessible now). Sender IP belongs to Germany," said Barracuda Product Management Manager Prebh Singh, who noted the attackers' approach to be the "simplest" means of compromising accounts that may be used in future phishing operations.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
