I just spotted this one landing in inboxes, and it’s a perfect example of how scammers are pivoting to target AI users. They’re banking on the "fear of losing access" to GPT-5 or your custom workflows to make you act without thinking.
Red Flag | Why it’s suspicious |
|---|
The Sender Address | The email came from infos@bwb-bonn.de. This is a compromised German domain, not openai.com. |
The Link | Hovering over the "Update" button reveals a messy URL: [removed by admin] OpenAI will never host their billing on a random Bluehost subdomain. |
The Hook | It uses "Sense of Urgency" (Your sub will expire soon) and "Loss Aversion" (avoiding interruption mid-thought). |
The Footers | While they copied the OpenAI office address correctly, the "Unsubscribe" and "Privacy Policy" links likely lead to the same credential-stealing site. |
This is a credential and credit card harvester. If you click that link and "update" your info, you aren't paying OpenAI—you're handing your wallet to a scammer.
Stay sharp, everyone! 🙂
