from glibg10b@lemmy.zip to opensource@lemmy.ml on 08 Mar 07:13
https://lemmy.zip/post/60367512
These scammers copy the text from new issues verbatim, and paste them in a new issue in a “support” repo. They tag the original author so they get notified.
They then use GitHub Actions to reply with a phishing link and email.
<img alt="" src="https://lemmy.ml/api/v3/image_proxy?url=https%3A%2F%2Flemmy.zip%2Fpictrs%2Fimage%2F06a49756-e909-42f7-944d-8d7d23774878.avif">
<img alt="" src="https://lemmy.ml/api/v3/image_proxy?url=https%3A%2F%2Flemmy.zip%2Fpictrs%2Fimage%2F3dc217e9-cf8b-4ceb-9f6a-d3b1ed5cac27.avif">
This particular repo has been up for a week and has done this to 113 people.
<img alt="" src="https://lemmy.ml/api/v3/image_proxy?url=https%3A%2F%2Flemmy.zip%2Fpictrs%2Fimage%2F617ec155-7935-4f12-b9db-cbc325b49094.avif">
The link leads to a page that impersonates GitHub support. Every link on that page leads to a crypto scam.
<img alt="" src="https://lemmy.ml/api/v3/image_proxy?url=https%3A%2F%2Flemmy.zip%2Fpictrs%2Fimage%2F91bb92de-3d49-438a-a49d-7b0d2880a8e9.avif">
<img alt="" src="https://lemmy.ml/api/v3/image_proxy?url=https%3A%2F%2Flemmy.zip%2Fpictrs%2Fimage%2F742e19c8-9482-4545-8123-47bcf7e47a9a.avif">
If you stumble across such a repository, please report it. You can report this one here.
<img alt="" src="https://lemmy.ml/api/v3/image_proxy?url=https%3A%2F%2Flemmy.zip%2Fpictrs%2Fimage%2F068271a4-d299-4377-aa44-473babe702c6.avif">
threaded - newest