Yesterday evening, we became aware of a phishing attempt for customers’ CircleCI and GitHub credentials. We have no reason to believe your organization has been specifically targeted or that your account has been compromised, but want our customers to be aware that there is an ongoing phishing attempt and to exercise due caution.
This is an example of the email impersonating CircleCI in an attempt to gain access to your account:
CircleCI will not require users to login to review any updates to Our Terms of Service. Additionally, these phishing attempts include links that send users to circle-ci[.]com, which is not owned by CircleCI. Any emails from CircleCI should only include links to circleci.com or its sub-domains. If you believe you or someone on your team may have accidentally clicked a link in this email, please immediately rotate your credentials for both GitHub and CircleCI, and audit your systems for any unauthorized activity.
If you need help or have any questions, please do not hesitate to reach out to our team.
To better building,
We have been receiving thousands of these phishing emails to our organization, all spoofing @circleci.com email addresses. Could you please configure and enable DMARC polices for your domain to help get these blocked?
[Action Required] Your CircleCI services have been updated
[Action Required] - Your CircleCI services have been updated
Important changes made to your CircleCI services
Your CircleCI account and services have been changed
Your CircleCI Services will be disabled
If possible, can you provide the original email in raw source with full headers? In support of my research to develop and bolster a mail client’s ability to flag a phishing message’s attributes, having the email header will greatly aid my efforts and help to prevent such attacks in the future. Thank-you in advance!