Researchers found a campaign dubbed Poisoned Tenant where attackers create fake OpenAI organizations impersonating real companies, then inviteā¦
This is not a clumsy phishing email with a typo-ridden link.
Push Security calls it the Poisoned Tenant campaign, and the mechanics are simple enough to be repeatable.
This is where it gets murky, and honestly, more interesting.
For years the security mantra has been simple: check the sender, look for the real domain, do not trust suspicious emails.
Read the complete breakdown, fixes and what happens next.