IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

GitHub alerts users to active phishing campaign

The attack revolves around counterfeit CircleCI notifications urging users to accept updated terms of use and privacy policy

GitHub has notified its users of a phishing campaign active since 16 September.

The bait in the seemingly persuasive phishing campaign is an email that mimics notifications from continuous integration and delivery platform CircleCI.

Related Resource

Cyber resiliency and end-user performance

Reduce risk and deliver greater business success with cyber-resilience capabilities

Whitepaper cover with title and text, and image of pyramid cyber-resilience modelFree Download

Specifically, the fake email coerces recipients to accept updated “user terms and privacy policy” by signing into their GitHub accounts again through CircleCI.

“As part of our integration with GitHub, we are updating our Terms of Use and Privacy Policy to provide greater transparency about how CircleCI uses your information, as well as how cookies are used to make our services more convenient and effective,” the email reads.

By relaying credentials through reverse proxies, the threat actors attempted to steal GitHub account credentials, including two-factor authentication (2FA) codes.

However, GitHub assured accounts protected with hardware security keys for multi-factor authentication (MFA) are not susceptible to the attack.

“While GitHub itself was not affected, the campaign has impacted many victim organizations,” GitHub informed in an advisory on Wednesday.

Corroborating GitHub’s alert, CircleCI took to its forums to warn users that the platform would never ask users to enter credentials to view changes in its terms of service.

“Any emails from CircleCI should only include links to circleci.com or its sub-domains,” stated CircleCI in its notice.

“If you believe you or someone on your team may have accidentally clicked a link in this email, please immediately rotate your credentials for both GitHub and CircleCI, and audit your systems for any unauthorized activity,” added the company.

Featured Resources

Big data for finance

How to leverage big data analytics and AI in the finance sector

Free Download

Ten critical factors for cloud analytics success

Cloud-native, intelligent, and automated data management strategies to accelerate time to value and ROI

Free Download

Remove barriers and reconnect with your customers

The $260 billion dollar friction problem businesses don't know they have

Free Download

The future of work is already here. Now’s the time to secure it.

Robust security to protect and enable your business

Free Download

Recommended

Education and government most at risk from email threats
phishing

Education and government most at risk from email threats

26 Nov 2021
Attackers use CSS to fool anti-phishing systems
phishing

Attackers use CSS to fool anti-phishing systems

11 Nov 2021

Most Popular

How to secure your hybrid workforce
Advertisement Feature

How to secure your hybrid workforce

23 Sep 2022
What your hybrid workforce needs from their laptops
Advertisement Feature

What your hybrid workforce needs from their laptops

21 Sep 2022
Cloud and cyber security certifications remain highest paying for IT professionals
Careers & training

Cloud and cyber security certifications remain highest paying for IT professionals

29 Sep 2022