These scammers copy the text from new issues verbatim, and paste them in a new issue in a “support” repo. They tag the original author so they get notified.
They then use GitHub Actions to reply with a phishing link and email.
This particular repo has been up for a week and has done this to 113 people.
The link leads to a page that impersonates GitHub support. Every link on that page leads to a crypto scam.
If you stumble across such a repository, please report it. You can report this one here.
Yes. It always pains me when I see how tons of open source projects will not leave Github because of the network effect. Yes, it might be inconvenient… even punishing… but it needs to happen, especially after Microsoft bought Github. The ONLY way to counter the network effect (and contribute to meaningful change over time) is by NOT being part of the network effect. By remaining part of it, you’re only helping Microsoft.
What alternatives are there? I am seriously unaware. Recommendations please
GitLab, Gitea and Codeberg
Also try to run it yourself at home.
And SourceHut