Using simple alert-style email notices, scammers look to steal credentials to gain access to development code, intellectual property, and project details.
While the preponderance of impersonation attacks focus on brands like Office 365, Facebook, and others, it’s only a matter of time until cybercriminals decided going after developers was a good idea.
Last month, GitHub announced a series of attacks targeting its user base with social engineering, using claims of changes to repositories or settings in the victim-user’s account, or unauthorized activity has been detected.
Users were taken to a GitHub-spoofed logon page. The attackers even utilized a relay for two-factor authentication requests to facilitate initial access (for both the user and the attacker) even when 2FA was implemented.
When attacks like this occur, organizations should look to reset the passwords and two-factor tokens/codes for the impacted users.
Users need to be made aware through Security Awareness Training to perform simple checks on all emails, such as hovering above links to review target URLs and looking at the sender’s email address to see if they appear legitimate.
These kinds of attacks are relatively easy to avoid; the trick is for organizations to proactively make users aware and vigilant.