Scams & Phishing News GitHub and Jira Alerts Hijacked for Trusted-SaaS Phishing

Brownie2019

Brownie2019

Level 23
Thread author
Verified
Well-known
Forum Veteran
Mar 9, 2019
982
4,976
2,168
Germany
Content source
https://gbhackers.com/github-and-jira-alerts/
Hackers are abusing GitHub and Jira’s built‑in notification systems to send phishing emails that appear completely legitimate.

Because these emails are sent from the platforms’ own mail servers, they pass standard checks like SPF, DKIM, and DMARC, making them very hard for traditional email gateways to block.

The messages are routed via the official mail infrastructure of these services, so security products see them as trusted traffic from known-good domains.

Most campaigns focus on phishing and credential harvesting, often used as a first step before further attacks once accounts are compromised.
Click to expand...
Read more here:
gbhackers.com

GitHub and Jira Alerts Hijacked for Trusted-SaaS Phishing

Hackers are abusing GitHub and Jira’s built‑in notification systems to send phishing emails that appear completely legitimate.
gbhackers.com gbhackers.com
 
  • Like
  • Thanks
Reactions: rashmi, Zartarra, Sampei.Nihira and 5 others
Dave Russo said:
Any examples of obvious warning signs in the emails?
Click to expand...
These phishing attacks are only available to developers of Jira and GitHub projects, so if you do not have an account on either platform, you are safe from these types of threads. However, if you do, you should carefully review the information in the email, especially the projects mentioned (to see if you are actually working on the projects mentioned in the emails you received) before following any instructions.
 
  • Like
  • Applause
  • Hundred Points
Reactions: Brownie2019, Sampei.Nihira, Sorrento and 1 other person
That’s a good point, @lokamoka820, but even if you are a user on those platforms, the trickiest part is that the email comes from a legitimate sender (like jira@atlassian.net), so it bypasses all filters.

The key is checking who is actually signing the comment: if a random user tags you in a repo you’ve never seen before, that’s an immediate red flag. Pay attention to the destination too. Even if the alert looks official, the link usually takes you off-platform to shorteners like bit.ly or t.co, or domains that have nothing to do with GitHub or Jira.

Another dead giveaway is if they ask you to download files, like a .zip or .iso, supposedly to 'patch' something. And the usual: if they pressure you saying your account will be suspended in 2 hours, ignore the button. Your best bet is to go directly to the official website and check your notifications from the dashboard. ⚠️ 🔍
 
  • +Reputation
  • Applause
  • Like
Reactions: Brownie2019, Gandalf_The_Grey, Sampei.Nihira and 2 others

You may also like...