Receiving phishing emails to my attached contact email

[17sdheeraj]

Hello! I have seen that since a few days I have been receiving phishing emails to the email I added to my file (contact-sdheeraj-isadev@domain.com). I have made this to ask if anyone else has been receiving these type of emails. Some screenshots of the emails: And more were there which got rejected and were not delivered to me

My subdomain

https://sdheeraj.is-a.dev

[wdhdev]

This looks cool but can we have an option to edit the email address as many people do not like giving their main email address and instead give their alt email address.

If you have other email addresses on your GitHub account they will show up there.

[17sdheeraj]

This looks cool but can we have an option to edit the email address as many people do not like giving their main email address and instead give their alt email address.

If you have other email addresses on your GitHub account they will show up there.

👍

[wdhdev]

@phenax @andrewstech We need a solution for this ASAP. I'm personally receiving multiple phishing/scam emails per day.

[orxngc]

I'm personally receiving multiple phishing/scam emails per day.

Same

[Arch881010]

I think the owner object should get phased out for the ID as a string. Or maybe

"owner": {
  "ID":"<owl ID>"
}

and have the old fields still applicable.

[wdhdev]

Would be better as a string instead of a key, however for backwards compatibility it might be better as a key and just added as a new field.

[MaskDuck]

I have removed all my domains which have my email on it on Jun 11 and never received a spam email~

[MaskDuck]

https://en.wikipedia.org/wiki/Memorial_University_of_Newfoundland mun.ca belongs to this org, mostly this is stolen emails or so

[MaskDuck]

I investigated the domains that this emails come from. most likely those are universities stolen emails or students from those institutes?

[wdhdev]

I have removed all my domains which have my email on it on Jun 11 and never received a spam email~

They are most likely fetching the most recent commit on the repo.

I investigated the domains that this emails come from. most likely those are universities stolen emails or students from those institutes?

I would believe it's weak email security from the university with a combination of weak passwords from the students causing emails to get hacked.

[MaskDuck]

I would believe it's weak email security from the university with a combination of weak passwords from the students causing emails to get hacked.

should we email those institutes and see what they can do with it?

[17sdheeraj]

I would believe it's weak email security from the university with a combination of weak passwords from the students causing emails to get hacked.

should we email those institutes and see what they can do with it?

Yeah

[wdhdev]

I believe I've found the cause of the issue, I think the scammers have been using the Raw API to fetch the emails. I have redacted all emails from the Raw API.

Let's see if this makes any difference in the amount of scam emails. If it seems to be solved I'll most likely close this issue.

[andrewstech]

the

The owl project is deployed Im just waiting on you again :(

[17sdheeraj]

I believe I've found the cause of the issue, I think the scammers have been using the Raw API to fetch the emails. I have redacted all emails from the Raw API.

Let's see if this makes any difference in the amount of scam emails. If it seems to be solved I'll most likely close this issue.

👍

[github-actions[bot]]

This issue has been marked as stale due to inactivity and will be closed. Comment anything on this issue to prevent it

[andrewstech]

OWL is now fully deployed and integrated into the discord bot or is available at https://owl.is-a.dev/. There is 24 records currently using owl docs will be posted soon