- PyPI warns phishing attacks they will persist using false domains and urgent email tactics
- Victims are cheated to verify accounts through typographic sites such as pypi-miror.org
- Users and maintainers urged to adopt 2FA password administrators and domain resistant to Phishing
Phishing attacks against Users and maintainers of PyPI will continue, the Foundation warns, since it urged members to tighten in security and remain attentive.
A new blog post, published by the Foundation’s Security Residence developer, Seth Larson, said the most recent attacks are a continuation of a months of months that use convincing emails and typographic domains to steal the people’s login credentials.
“Unfortunately, Phishing’s chain of attacks using domain confusion and legitimate -looking emails continue,” Larson wrote. “This is the same attack that Pypi saw a few months ago and pointing to many other open source repositories, but with a different domain name. Judging for this, we believe that this type of campaign will continue with new domains in the future.”
How to stay safe
In the emails, the victims are asked to “verify” their addresses for “maintenance and safety procedures”, and threatened with the closure of the account if they do not comply.
This sense of urgency and threat is typical for a Phishing email, which redirects the victims to pypi-miror.org, a domain that is not owned by PyPI or Python Software Foundation.
“If you have already clicks on the link and has provided its credentials, we recommend changing your password in Pypi immediately,” Larson warned. “Inspect your account security for anything unexpected. Report suspicious activities, as possible phishing campaigns against Pypi, to [email protected].”
Phishing is extremely difficult and extremely easy to defend. In theory, just use common sense and thought before clicking most cases. However, only in case of a drop in the approach, users who use 2FA resistant to phishing are advised as hardware tokens.
Maintainers, on the other hand, must use a password administrator that automatically fill up depending on the domain name. If the automatic filling does not work when it usually does, that is a large red flag. It is also recommended 2fa resistant to phishing.
Through The registration
