Looking further, if you click on one of the links below, like the security link, it will bring to you to the official github security page.
Then, if you fill in anything for a name and password, like shown below, it will just forward you to githubs own homepage (were you can notice that your still not logged in)
@blacklight447 damn good catch 👀
@blacklight447 Isolate yourself in some VM and click it? See what it does?
@nikolal im gonna do that later today
@blacklight447 Firefox block that for me, but I opened link on computer
@nikolal good to know thay default firefox block it.
@blacklight447 One way to prevent this kind of phishing site is by using a hardware security key. Authenticator-based OTP would fail, but not security key
@ewon_c ofcourse a hardware key would be better, on issue with those though is that they are easy to use, and hard to make backups from, so you have to consider what would be a more likely scenario: someone losing access by losong their key, or someone being tricked into filling in both their totp and password codes?
@blacklight447 indeed, real life scenarios are much nastier. One thing I found is that most sites offer OTP as an backup even if security key is enabled. My understanding is that you should use a security key if you can (to prevent phishing), if you cannot or lose it, you can still use OTP
So the link in the mail is: http://mailer.vator.tv/ls/click?upn=uH2TJXivA5SSark4tx8Mttb2T03W8-2FNWxcmocSQhlxVrAMrsONCuqyXyeoXkHps-2F0VSY2zOagHCh1j5u23-2By2vVUCtxa7tA8dg9SYP08TEEaEbLmloBdDQbmpy42G2WY1KWm_b6Dvuswk6HmD5khd-2Bi0J24b4SugwriuFIahpC6cY-2FJhQIpPGdhLtEF7mX-2BJUf1vCkczy51ry6b7qn3-2FhGuAlqKXwBD52t-2B8HYG5Y7DUAIZQ7ZotirH8iviZ9S6hvcwMvjgs1psIdb3eS1o-2FcWZMJhLW2dRxD464wDN-2FhqloJyPkpRmm77jco1rYr6HOZuMajQpgTtlRWrl8-2FRzQVvNew-2FXREMYHTIlUqhRHk20VSIbE-3D
Which leads to:https://glthub.co/?utm_medium=Email&utm_campaign=website&utm_source=VatorEmail
Notice how the i is replaced by a l.