GitHub is the Latest Target of Social Engineering Phishing Attacks

iStock-1189504735Using simple alert-style email notices, scammers look to steal credentials to gain access to development code, intellectual property, and project details.

While the preponderance of impersonation attacks focus on brands like Office 365, Facebook, and others, it’s only a matter of time until cybercriminals decided going after developers was a good idea.

Last month, GitHub announced a series of attacks targeting its user base with social engineering, using claims of changes to repositories or settings in the victim-user’s account, or unauthorized activity has been detected.


Users were taken to a GitHub-spoofed logon page. The attackers even utilized a relay for two-factor authentication requests to facilitate initial access (for both the user and the attacker) even when 2FA was implemented.

When attacks like this occur, organizations should look to reset the passwords and two-factor tokens/codes for the impacted users.

Users need to be made aware through Security Awareness Training to perform simple checks on all emails, such as hovering above links to review target URLs and looking at the sender’s email address to see if they appear legitimate.

These kinds of attacks are relatively easy to avoid; the trick is for organizations to proactively make users aware and vigilant.

Request A Demo: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

Request a Demo!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews