Potential phishing attempt(s) on this mailing list

132 views
Skip to first unread message

Franz Winter

unread,
Nov 23, 2023, 8:02:33 AM11/23/23
to FIDO Dev (fido-dev)
I posted a question here like an hour ago. 2 minutes later i received an email
  • from "HR service project" (ji...@9gphrt.atlassian.net)
  • subject contained my question
  • The reply-to email address was "thepositive...@gmail.com"
  • Text said "Just confirming that we got your request. We're on it."
  • Further down it said "Powered by Jira Service Management".
  • It also had a link "view request", which i followed.
The website that opened was:
  • 9gphrt.atlassian.net/servicedesk/...
  • It said: "Help center", "Sign up with Password"
  • and it had a textbox pre-filled with my email address, which couldn't be changed. That seemed somewhat legit to me because they had my correct email address. So i clicked "Sign up with Password" just to see. I had no intentions of actually entering my password in the next step. But...
...they just send me another email from "Help Center" saying "Finish signing up to Help Center, Follow the link below...". This time the sender and the reply-to email address were identical (ji...@9gphrt.atlassian.net). I didn't proceed.

It's a phishing attempt, right? Or what was that? How did they get my email address? Hope it helps other users!

Isaiah Inuwa

unread,
Dec 15, 2023, 8:49:26 PM12/15/23
to FIDO Dev (fido-dev), Franz Winter
I got it too. Maybe phishing, but could also be that thepositive...@gmail.com has some sort of forwarding rules set up to create tickets for a Jira instance, which in turn is creating customer service accounts to users of the fido-dev. Maybe an admin can verify with that user.

My1

unread,
Dec 17, 2023, 9:32:55 AM12/17/23
to Isaiah Inuwa, FIDO Dev (fido-dev), Franz Winter
phishing or not, it's frankly a bit annoying getting these on every mail and reply.
would be very nice to have the person who's made that to maybe make it so at least it doesnt auto reply fido mails.

I doubt it is a phishing attempt tho.
1) it says SIGN UP with password, aka register a new account.
2) the mail claims to be from jira, which is a support software by atlassian
3) the 9g... domain points to an IP address that is owned by atlassian themselves so likely an atlassian-hosted instance of jira.
4) they got your email by nature of sending an email "to" them via the mailing list, in fact I can see your mail addresses too, and then adding the mail address as part of the link in the autoreply.

so TLDR this seems like just a support system saying they got your mail and offering you to make an account to track your ticket.

Regards
My1

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/ce80b84d-e0b9-4ed3-9445-7b28c09acdcfn%40fidoalliance.org.
Reply all
Reply to author
Forward
0 new messages