There are many things that make you vulnerable to trouble while you are using the internet. The most simple thing among them is falling for phishing attacks that make you a victim to attacker. People are not always the hackers that can cause you trouble but some people can easily do phishing attack. With just an email or a link in some message, a phishing attack can be commenced. Recently a phishing campaign was reported that was targetting GitHub users as the users were getting emails. These emails lead them to log in to their Github account on fake websites.
Github is a huge platform and it has a huge community with a large number of users. These users are getting targeted by a phishing campaign that is called Sawfish. It is simple to understand how phishing works and this campaign is going on to target a community alone. Many users probably have fallen victim to this trap as the attackers are making domains similar to Github’s domain. This domain is similar to the real thing but has a distorted name that can blow away the fake page. Using fake Github login page attackers are promoting users to fall for this phishing.
The emails received by Github users consist of notification that the account has some problem. To fix this problem stated in this email user is sent to the fake Github page to login. A user that overlooks the details might fall for this. Once the user has logged in on the fake page the attack obtains the account details and further can access the account at will. Github is not just some community with people but a lot of people are coming together to work on things. Everything that a user can access on GitHub becomes accessible to the attacker.