Campaign also tried to exfiltrate ChatGPT credentials.
Organizations around the world have been subjected to a new massive OpenAI impersonation campaign that aimed to exfiltrate ChatGPT credentials.
According to SecurityWeek threat actors spoofing OpenAI Payments sent more than 1,000 phishing emails warning of unsuccessful ChatGPT subscription payments that lured targets into clicking a link for updating payment details.
Using the 'topmarinelogistics.com' domain, the URL redirected to a fraudulent OpenAI login page on the 'fnjrolpa.com' domain, which has since been taken offline.
According to a report from Barracuda Networks, further analysis showed the credential harvesting website to have been registered last December.
"Interestingly, based on whois records, the website was registered with an address from Nepal but the sender domain shows registered in France (and is also inaccessible now). Sender IP belongs to Germany," said Barracuda Product Management Manager Prebh Singh, who noted the attackers' approach to be the "simplest" means of compromising accounts that may be used in future phishing operations.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
