Mass phishing emails pretending to be Y Combinator right now
Just received quite a smart phishing email/notification coming from "GitHub" by a user created less than a week ago (1) which is currently creating multiple issues a minute tagging many random usernames in a repository (2) with a "ycombinatornotify" app (3). The usual - asking to verify wallets, deposit for authorization as I've been selected for funding, etc. All issues contains the content of the email received, so I'll not paste them here (they're gone, but still, a bad idea to paste it).
- (3m in) They seem to have been rate limited or reached a target of 500 issues
- (5m in) Repository was just taken down, hope they automate back a warning
- They have typo-squatted the "y-comb[l]nator [dot] com" domain (with hyphen and L)
Quite urgent actions are needed to stop it, or warn the affected. Will update the submission with more information as time goes.
- [1]: https://github.com/ycombinato/
23 comments
[ 3.0 ms ] story [ 44.3 ms ] threadAlso report it to github [1] and the Feds [2] in the off chance someone takes it seriously. Be sure to include all the email headers here too.
[1] - https://docs.github.com/en/communities/maintaining-your-safe...
[2] - https://www.ic3.gov/
The best email address for anything like this is security@ycombinator.com, as they handle security issues for all of YC, including applications.
Thanks everyone for letting us know about this.
Have reported it to Github
Also, on the report abuse page that I got to from the user profile page, the green submit button is nearly hidden by the grey footer, even when I scroll the page around and complete the captcha.
These spam repositories have been deleted, but I still had lingering notifications stuck on GitHub, and I couldn't see them in the UI to remove them (but the small blue notification dot was constantly on). The API hack resolved this problem.