Beware of a New GitHub Phishing Scam Exploiting Issue Notifications

A new phishing scam is making rounds, targeting GitHub users through fake issue notifications. The attacker creates a GitHub issue, includes a malicious link, and then deletes the issue. This results in a legitimate-looking email notification from GitHub, making it appear as if an unusual sign-in attempt has been detected on the user’s account.

Users who are in a hurry or unaware of this tactic may click the malicious link, potentially compromising their credentials or downloading malware.

How the Scam Works

1. Attackers create an issue on a public GitHub repository with a subject like “Unusual Sign-in Activity Detected on Your GitHub Account”.
2. The issue contains a link to a phishing website disguised as a GitHub security page.
3. GitHub sends a notification email to the repository subscribers.
4. The attacker quickly deletes the issue, so when users visit the repository, they do not find any record of the issue.
5. Victims, seeing the legitimate GitHub email, panic and click the malicious link, leading to credential theft or malware installation.

How to Identify the Scam

• Check the email links: Hover over the links in the email and verify if they truly point to github.com and not an unfamiliar domain.
• Manually visit GitHub: Instead of clicking links in the email, log in directly to GitHub’s official website and check your security notifications.
• Verify the existence of the issue: If the email references an issue that no longer exists in the repository, it’s likely a scam.
• Check the sender’s email address: Official GitHub notifications come from [email protected], but some scams might use lookalike addresses.

Steps to Protect Yourself

1. Do not click suspicious links: Always verify the legitimacy of security-related emails.
2. Enable Two-Factor Authentication (2FA): This adds an extra layer of security to your GitHub account.
3. Review your security log: Check GitHub’s Security Log to ensure no unauthorized sign-ins have occurred.
4. Report the phishing attempt: If you receive such a scam email, report it to GitHub’s security team.
5. Warn your team and community: Share this information with other developers and organizations to prevent further attacks.

Final Thoughts

This attack exploits users’ trust in GitHub’s email notifications and their concern for account security. By staying vigilant and verifying security alerts independently, you can protect yourself and others from falling victim to this scam.

Stay safe and always double-check before clicking on links!