Heads up: Active phishing campaign targeting the OWASP Global Board
4 views
Skip to first unread message
Steve Springett
Mar 27, 2026, 4:10:06 PMMar 27
to OWASP Project Leaders, OWASP Chapter Leaders, OWASP Global Board
Leaders,
We've identified a spear phishing campaign targeting OWASP Global Board members. Some of these emails are spoofed to look like they're coming from me. They are not.
If you receive anything suspicious that appears to be from a Board member, do not engage with it. Verify through a separate channel and report it to Foundation staff.
Image samples attached.
We've identified a spear phishing campaign targeting OWASP Global Board members. Some of these emails are spoofed to look like they're coming from me. They are not.
If you receive anything suspicious that appears to be from a Board member, do not engage with it. Verify through a separate channel and report it to Foundation staff.
Image samples attached.
—
| Steve Springett Leader, OWASP CycloneDX and Dependency-Track Leader and Co-author, OWASP SCVS Chair, OWASP CycloneDX and Ecma TC54 Chair, OWASP Global Board of Directors |
 |
Andrew van der Stock
Mar 30, 2026, 11:19:27 PMMar 30
to Global-board, Steve Springett, OWASP Global Board, OWASP Project Leaders, OWASP Chapter Leaders
Hi all,
This is one of the reasons we ask everyone to stick to our accounting procedures, including submitting expense claims through the appropriate channels.
We use various methods to prevent these sorts of attacks, including co-approval and some methods that are not public deliberately to try to thwart these attacks.
If you are being pressured to pay or approve something quickly through a method we don't usually support and outside of normal payment channels, please report them to us. We can report these senders to Google and get them blocked on our systems, although obviously, this can be a game of whack a mole as there seems to be an infinite number of scammers out there.
thanks,
Andrew
Reply all
Reply to author
Forward
0 new messages