Phishing Sites on GitHub
GitHub is a popular hosting and collaborative project development service. In recent months, the number of phishing attacks using GitHub Pages has increased.
1. The user receives a fake email.
2. Follows a link in an email that looks like “ TITLE.github.io“
3. A fake website page opens with an input form.
4. The user enters the required information. For example, login, password or bank card details.
5. The request is sent to a separate site of the attacker, where the specified data is stored.
After these actions, the user may be redirected to the original site and he will not even understand what happened.
GitHub regularly removes such pages, but we recommend that you remember that links like “ TITLE.github.io” may be fraudulent.