CircleCI, GitHub Users Targeted in Phishing Campaign

CircleCI has sent out a notification to its customers that a phishing email scam is targeting their users, along with GitHub’s, in an attempt to harvest credentials.

The CircleCI security alert included a copy of the malicious email that told recipients the companies were working together to launch new terms of service on CircleCI and GitHub accounts.

“As a result of this update, all users will be required to review and agree to the new Terms of Use and Privacy Policy to continue using CircleCI services,” the fake email read.

Beneath the message was a malicious link ordering users to log into their GitHub account through CircleCI to accept the new terms.

CircleCI assured its users that the company would not require customers to log in to review its terms of service and pointed out that the malicious link sends victims to circle-ci[.]coma domain not owned by the company.

“We have no reason to believe that your organization has been specifically targeted or that your account has been compromised, but we want our customers to be aware that there is an ongoing phishing attempt and to exercise caution,” CircleCI explained in the notification of the active phishing attack to its customers.

Stay up to date with the latest cyber security threats, newly discovered vulnerabilities, data breach information and emerging trends. Delivered daily or weekly straight to your email inbox.



Leave a Reply

Your email address will not be published.