GitHub accounts have been a recent target in phishing attacks. An announcement from them stated that the hackers are impersonating CircleCI, designed to steal GitHub users account credentials and authentication codes. This newsworthy announcement has been made public because of its highly popular internet hosting service for software development and version control. Although phishing attempts are everywhere, GitHub has been the most recent prime target that needs the utmost protection and user awareness.
This phishing campaign targets GitHub in attempt to steal accounts credentials and authentication codes. With the surge in phishing attacks with GitHub, users have been advised to reset their passwords and two-factor authentication recovery codes and review your Personal Access Tokens. For an account to be harmed, the user would have to interact with the fake GitHub login page by entering their credentials and MFA code. If the phishing attack is successful, the hacker gains control of the persons entire account, and passes the information onto reverse proxies. These are servers that sit behind a firewall in a private network that redirect traffic to the initially requested server providing security. Additionally keep a lookout for false email domains from Circle CI specifically, since that is who they tend to impersonate. Therefore, it is recommended that users implement email protection, reset account passwords, start using a hardware MFA key, and report any false email domains.
GitHub users need to beware of the recent phishing attacks across the platform. The popular business has been targeted and continue to undergo more risk and exposure. GitHub warns users and advises the best practices to follow to ensure they remain safe among any potential phishing attacks. Be wary of any emails your receive from what seems to be CircleCI, as attackers have been scamming users through impersonating them. Bringing awareness to this recent phishing trend is crucial, so that we can decrease the amount of users effected.