How average folks don't stand a chance against phishing, example #78,821,042: Github

• Email from GitHub <[email protected]> with officialegal subject demanding personal information with urgency else undesirable consequences.
• Multiple text links in HTML email including literal "click here to" do not go to known domain, but MSP redirects.
• Visiting https://github.com and looking around shows no sign of this important and urgent change before or after login.
• A web version of the notice can be found on github.blog, but who registered that and when?* whois/Internic doesn't know.

While you and I know how to dig deep enough to validate this kind of thing [or do we just think so?], this is just another in a never-ending stream of emails from companies we trust with our personal information, money, services, etc. training us to fall for phishing far more effectively than any anti-phishing effort can.
As sad as it is to expect this from the usual suspects such as the finance industry (especially mortgage companies), it's sadder to see @github fail this hard.

See also @troyhunt's "Scam" blog posts: https://www.troyhunt.com/tag/scam/

*[Created 2018-05-17, registered to Organization "GitHub, Inc" by the same registrar with which github.com was registered for Organization who-knows-because-privacy (but actually GitHub, Inc. if you ask the registrar), hosted by Knock Knock WHOIS There, LLC, which is the only reason I mention this.]

#Phishing #GitHub #MarkMonitor #whois

@joepie91 @kelbot @freakazoid #Consolidation and #enshittification has been happening all over the #WebHosting and #domain market. For example, all of the following are just brands of #NewfoldDigital:

#Bluehost
Web.com
#NetworkSolutions (original pre-#ICANN gTLD monopoly)
#HostGator (where I worked)
Register.com
Domain.com
#CrazyDomains
#Markmonitor
#ResellerClub
#iPage
#BigRock
#SiteBuilder
#Vodien
#Yoast
#Yith
#BuyDomains
#SnapNames
#NameJet
#Freeparking…