Latest Threat: OpenAI "Payment Method Update" Phishing Scam

A new phishing campaign is targeting OpenAI and ChatGPT users with fake "Payment Notification" alerts. The email claims that a recent subscription payment could not be processed and warns that the account will be suspended if payment information is not updated within 2 days.

This scam uses a clean, minimalist design that closely mimics OpenAI’s official branding to trick users into clicking a malicious link and entering their credit card details.

How to spot this phishing attack:

1. Fraudulent Sender Address: While the display name says "Chatgpt Support," the actual email address is [email protected]. Official OpenAI communications will always originate from an official @openai.com domain.

2. Malicious Tracking Link: The "Update Payment Method" button uses a tracking URL that redirects to authgpt.info. This is a fraudulent domain designed to capture login credentials and financial information. Authentic OpenAI billing is handled through https://pay.openai.com.

3. Sense of Urgency: The email provides a strict 2-day deadline to avoid "service interruption." This is a classic social engineering tactic used to rush victims into making a mistake without verifying the source.

4. Generic Greeting: The message addresses the recipient with a generic "Hello," rather than the name associated with the account. Legitimate subscription services typically personalize billing notifications.

If you receive this email, do not click the link. Delete it immediately. To check your subscription status safely, always log in directly via the official chatgpt.com website and navigate to your billing settings.