What is this email: [Confluence] HAOBAO shared “Product requirements” with you

In this instance, "HAOBAO" is the display name for a user on that site. This could be someone's first or last name, or a nickname they go by.

Hopefully that's what it is, though the 'mistyping my address' theory seems like a stretch.

The recent Google Forms exploit - Forms was exploited to send e-mails from a legitimate google.com address - leaves me in doubt, as an attacker who could generate an e-mail that legit comes from confluence@ecosystem.atlassian.net could use it to fool a lot of users.

Had the same email just sent to me. I would absolutely treat this as a phishing attempt.

Same here.

Hi Robert, 

Thanks for your response I came to it while researching because I got the same email! I appreciate your engagement in the community. However as an IT engineer, I’d like to raise an important point regarding the assumption that ecosystem.atlassian.net is legitimate simply because it looks familiar.

Here’s why we need to be careful:

1. Phishing Sites Can Mimic Legitimate URLs: Cybercriminals can create fake pages that look identical to real ones, even using URLs that seem authentic at first glance. For example, they could exploit a legitimate domain or use similar-looking URLs, like ecosystem.atIassian.net (with a capital “I” replacing an “l”) to trick users.

2. Subdomain Exploitation: Even if the main domain is legitimate (e.g., atlassian.net), attackers can create malicious subdomains (e.g., ecosystem.fake.atlassian.net) or leverage vulnerabilities in the ecosystem to host phishing pages.

3. Spoofed Emails: Phishing emails often spoof the sender to make them appear as if they originate from trusted sources like Atlassian. Without verifying the email headers, it’s impossible to confirm its authenticity.

To stay safe, I’d recommend:

• Checking the email headers to confirm it was genuinely sent by Atlassian.
• Avoiding links in the email—manually typing the official Atlassian URL into a browser is safer.
• Reporting the email to Atlassian’s security team if there’s any doubt about its legitimacy.

It’s great to help the community stay informed, and by emphasizing these precautions, we can better protect everyone against potential risks.

Cheers,
Gerardo

Thanks @gmanzanog for the reminders on internet safety.

In this case, as part of an Atlassian Partner organization (Adaptavist), I am able to review internal Partner docs that indicate ecosystem.atlassian.net is in fact owned by Atlassian. If I recall correctly, the site is mostly related to Marketplace Application developer queries and submissions.

If you click "Questions about Marketplace" on the Developer.atlassian.com site, this will bring you directly to ecosystem.atlassian.net.

https://developer.atlassian.com/support

All that said, I agree with you on keeping vigilant on staying safe online.

@Robert DaSilva- Thank you for sticking with this issue.

Have you opened the link? Please let us know what the content is.

@Dave I did visit the page, and it appears to be an auto-generated page that gets created during space creation. There was nearly no content on the page.

I am pretty convinced that this is an erroneously shared page, and the email can safely be ignored.

I do think Atlassian needs to take a look though, because the number of people this page has been shared with seems to be pretty massive. I as well have received an email.

@Robert DaSilvaThank you for confirming the page is benign - I agree this sort of thing should be disallowed in the future, but at least it wasn't malicious.