ChatGPT Payment Scam Alert – Don’t Fall for the Fake Billing Email
- SystemsCloud
- Jul 9
- 3 min read
Recently, a phishing email surfaced claiming to be from OpenAI. It warned of a failed subscription payment and urged the recipient to update their billing details. At first glance, it looked somewhat convincing until you examined the sender’s address:
Despite the use of OpenAI’s name and a message that mimicked its tone and layout, this email wasn’t from OpenAI at all. Here's a breakdown of why it's suspicious, and why you should always look beyond the surface when it comes to email addresses even if the domain seems legitimate.
Understanding the @intnet.mu Domain
The domain @intnet.mu belongs to Mauritius Telecom, the national telecom provider in Mauritius. It's a public email domain similar to @gmail.com or @yahoo.co.uk. That means anyone in Mauritius can create an account using this domain.
Because it’s not restricted to one organisation, email addresses under @intnet.mu can be used by both:
Legitimate individuals or public bodies, like pohqs@intnet.mu (used by the Parcel Office Headquarters, according to public discussion), and
Fraudsters, who can create email addresses that mimic official services.
The key point: a legitimate domain doesn’t guarantee a legitimate sender.What Makes the Email Suspicious?
Here’s what stood out about the fake OpenAI email:
1. The Sender Address
The email came from:
This is not a domain OpenAI uses. Official emails from OpenAI come from:
Occasionally @notices.openai.com
A randomised-looking local email from Mauritius has no connection to OpenAI’s billing system.
2. Display Name Trickery
The email showed the sender as “OpenAI”, which is easy to spoof in email headers. Many people trust the name without checking the full address — which is exactly what scammers rely on.
3. Generic Language and Urgency
The message warned that a subscription might be deactivated unless payment information was updated. This sort of urgent, vague language is common in phishing emails:
No mention of the recipient’s actual name or plan.
No specific information that only OpenAI would know.
Just a button prompting you to “Update Payment Method”.
4. No Contact or Verification Details
Legitimate companies usually include a proper footer with company registration info, a support link, or at the very least, a working contact email. This one did not.
Why Some @intnet.mu Addresses Are Fine
In contrast, the email address pohqs@intnet.mu is known to be used by a real government office in Mauritius. The key difference here is context:
Recognised contact information: Listed or verifiable through official channels.
Proper naming conventions: Short, descriptive address, not a randomly generated string.
Consistent communication: Often received after specific actions (like requesting a parcel).
In other words, the address makes sense for the service it’s used for unlike a Mauritius Telecom address claiming to represent OpenAI.
How to Protect Yourself
When you receive a message asking for payment details, follow these checks before acting:
Look closely at the sender’s email address, not just the name.
Ask if it makes sense: Would a global tech firm use a regional telecom email to contact users?
Don’t click links in suspicious emails. Instead, log into your account directly via the official website.
Search for the email address online. Scammers often reuse domains and addresses — public forums like Reddit or email tracing tools can help.
Report it: Most email providers have a “Report phishing” option that helps others avoid the same trap.
An email that appears to come from a familiar name like OpenAI can still be fake if the underlying sender is off. Domains like @intnet.mu are perfectly valid but open to abuse. Always check the full email address, and if it seems odd or unexpected, don’t trust it at face value.
Scammers rely on urgency and blind trust. Slow down, verify, and you’ll stay safer online.
Comments