目前有大量伪装成 Y Combinator 的钓鱼邮件。
刚收到一封相当聪明的网络钓鱼邮件/通知,发件人是一个创建不到一周的用户(1),该用户目前每分钟在一个代码库中创建多个问题,并标记许多随机用户名(2),使用的是“ycombinatornotify”应用(3),内容与以往相似,要求验证钱包,进行授权存款。所有问题都包含收到的邮件内容,因此我不在这里粘贴。
- (3分钟内)他们似乎已经被限制频率,或达到了500个问题的目标。
- (5分钟内)该代码库刚刚被下架。
需要采取相当紧急的措施来阻止这一行为,或警告受影响的用户。随着时间的推移,我会更新提交的信息。
- [1]: https://github.com/ycombinato/
- [2]: https://github.com/ycombinato/rorg/
- [3]: https://github.com/apps/ycombinatornotify
查看原文
Just received quite a smart phishing email/notification coming from "GitHub" by a user created less than a week ago (1) which is currently creating multiple issues a minute tagging many random usernames in a repository (2) with a "ycombinatornotify" app (3), the usual, asking to verify wallets, deposit for authorization. All issues contains the content of the email received, so I'll not paste them here.<p>- (3m in) They seem to have been rate limited or reached a target of 500 issues.<p>- (5m in) Repository was just taken down.<p>Quite urgent actions are needed to stop it, or warn the affected. Will update the submission with more information as time goes.<p>- [1]: https://github.com/ycombinato/<p>- [2]: https://github.com/ycombinato/rorg/<p>- [3]: https://github.com/apps/ycombinatornotify