-
I’ve got to compliment the recent GitHub-impersonating scam. I think it gets an A- overall. Very good choice of domain, decent email template, and a near perfect replica of the GitHub UI except for one or two small things.Permalink On twitter.com
Mood +6 🙂
-
They could’ve moved it into the A range with a better email and OTP entry page, and they could’ve gotten an A+ by choosing a better domain name and hiding their credential exfiltration script in the GitHub JS bundle. Also, don’t use jQuery.On twitter.com