CircleCI, GitHub Users Targeted in Phishing CampaignCircleCI, GitHub Users Targeted in Phishing Campaign
Emails purporting to be an update to terms of service for GitHub and CircleCI instead attempt to harvest user credentials.
September 22, 2022
CircleCI has sent out a notice to its customers that a phishing email scam is targeting their users, along with GitHub's, in an attempt to harvest credentials.
The CircleCI security alert included a copy of the malicious email that told recipients that the companies were working together to launch a new terms of service on CircleCI and GitHub accounts.
Below the notice was a malicious link directing users to log into their GitHub account through CircleCI to accept the new terms.
CircleCI assured its users the company would not require customers to log in to review their terms of service, and pointed out that the malicious link sends victims to circle-ci[.]com, a domain not owned by the company.
"We have no reason to believe your organization has been specifically targeted or that your account has been compromised, but want our customers to be aware that there is an ongoing phishing attempt and to exercise due caution," CircleCI explained in the notice of the active phishing attack to its customers.
About the Author(s)
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
The Evolving Ransomware Threat: What Business Leaders Should Know About Data Leakage
Protecting Critical Infrastructure: The 2021 Energy, Utilities, and Industrials Cyber Threat Landscape Report
2021 Banking and Financial Services Industry Cyber Threat Landscape Report