Security Alert: Phishing Attempt on My GitHub Repository

[yours7himanshu]

Select Topic Area

Show & Tell

Body

Hello GitHub Community,

I wanted to share a recent incident that occurred on one of my repositories to raise awareness and help others avoid falling victim to similar scams.

What Happened:

An individual created an issue on my GitHub repository. The issue contained a message that implied someone had signed in to my GitHub account from an unusual device and location. The message further urged me to click on a link to verify the activity and change my password if it wasn't me.

The Deceptive Tactic:

The link provided in the issue appeared legitimate at first glance. However, upon closer inspection, the link was designed to request full access to my GitHub account. This included permissions to:

• Delete repositories
• Manage access tokens
• Modify repository settings
• Access private repositories
• Initiate new commits

In essence, the link aimed to compromise my entire GitHub account by gaining unauthorized access to all my repositories and settings.

Recommendations for the Community:

• Verify the legitimacy of any unusual issues or messages.
• Avoid clicking on suspicious links, especially those requesting full access to your GitHub account.
• Enable two-factor authentication (2FA) for enhanced security.
• Report any suspicious activity to GitHub Support.
• Regularly review your account's security settings and access tokens.

By sharing this experience, I hope to prevent others from falling victim to similar phishing attempts. Stay vigilant and keep your code safe!

Thank you,
Himanshu Dinkar

[hh-sec]

Thanks for sharing, @yours7himanshu - seeing similar activity in my organization. The GitHub user was different but the text of the issue is identical. The links in the issue point to the onrender.com domain.

[davevad93]

Hi @yours7himanshu,

Thanks for sharing this, this user has also received the same scam attempt #154066.

I recommend reporting the user(s) via GitHub's abuse reporting tools.

[mohdnavedalam]

i have faced the same issue a few hours ago today.
a lot of my repositories had been modified.

I have restored my repositories and changes my password but i am still worried, if this is going to be a serious issue.

[milosz08]

Did you click any link in this phishing message?

[mohdnavedalam]

yes.
i thought it was necessary.
now i am regretting it.

[yours7himanshu]

i have faced the same issue a few hours ago today. a lot of my repositories had been modified.

I have restored my repositories and changes my password but i am still worried, if this is going to be a serious issue.

These types of scams are happening so frequently.. Please turn on your 2factor authentication security.

[mohdnavedalam]

yes.
i have just re-configured all the security settings.