In new research featured by Redmond Magazine, the Fortra Intelligence and Research Experts (FIRE) team uncovered a GitHub-driven vishing campaign abusing legitimate notification emails to impersonate trusted brands. Attackers inserted fake billing messages inside commit comments, prompting GitHub to generate authentic-looking [email protected] alerts that urged victims to call fraudulent support numbers. The team also found that attackers routed these notifications through multiple email providers to improve deliverability and mask recipient details.
Originally published in Redmond Magazine.
Excerpt: "While abuse of GitHub's legitimate email notification system has been observed before, this is the first time Fortra has seen it used for vishing attacks by including the malicious content in the commit messages of otherwise empty GitHub profiles and repositories."
Redmond Magazine: GitHub Abuse Emerges in Twin Social Engineering Campaigns Spotted by Fortra, Trend Micro
Posted on March 24, 2026
