Reply to post: Interesting attack

PyPI warns of first-ever phishing campaign against its users

Charlie Clark Silver badge

Interesting attack

This is the first time I've seen such a targetted attack and the e-mail was reasonably convincing, not least because the security keys do have to be requested from Google and the communication about them wasn't brilliant. And here, again, there was no direct communication from the PSF about the attack. It's also yet another example of a phishing site being hosted by Google. Really, one might expect them to be on top of this abuse of their hosting.

As a result of the phishing campaign, PyPI announced it is giving away free hardware security keys to the maintainers of critical projects

That's not true. The phishing campaign is a reponse to the giveaway. I informed El Reg about the giveaway a couple of months ago but it was presumably deemed not newsworthy at the time. Why does the media have to wait for things to go wrong before reporting?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon