Security News > 2020 > April > GitHub Warns Users of Sophisticated Phishing Campaign
GitHub has warned users that they may be targeted in a fairly sophisticated phishing campaign that the company has dubbed "Sawfish."
GitHub has pointed out that this phishing campaign has several noteworthy aspects.
GitHub also noted that the phishing emails often come from legitimate domains that have been compromised, and the attacks are often aimed at active users working for tech companies in various countries.
The attackers have also been observed using URL shortening services to hide the final destination of the links included in the phishing emails, and in some cases victims are first directed to a compromised legitimate website before being redirected to the phishing page.
GitHub has asked users targeted in the Sawfish campaign to provide the company with information about the sender email and the domain hosting the phishing page.