Phishing Email Attempt Masquerading as GitHub "new device just logged in"

[marco-m]

🏷️ Discussion Type

Question

Topic area

Other

Body

Just received a phishing email:

Although once one notices the sender (see arrow in screenshot) everything becomes obvious, I admit that it caught my attention due to the Location field.

The "Verify" button and the "It wasn't me" link point to a sendgrid.net URL.

I can provide the raw email or email headers to the GitHub staff on request.

[CyberTailor]

I also received the same phishing email.

Details

[andreas-agouridis]

Hi @marco-m,

Thanks for reporting this — it definitely sounds like a phishing attempt. A few notes:

Never click any links or buttons in emails you don’t fully trust. The fact that the “Verify” button points to sendgrid.net instead of a GitHub domain is a strong red flag.
GitHub will never ask you to log in via a third-party URL for device verification.
You can safely forward the raw email or full headers to GitHub at phish@github.com
. This is the official channel for reporting phishing attempts.

If you want, you can also enable two-factor authentication or review your account security log on GitHub to make sure nothing unauthorized happened.

Better safe than sorry — it’s good you spotted this quickly!