Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

I've been added to multiple spam Jira Service Management projects, please help

Ran Rubinstein
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
September 12, 2023

Someone's been creating a massive amount of fake jira service management accounts that emulate a crypto trading system and adding people. Please fix Jira to avoid using it for spam/scams!

some examples:

dtutqwv.atlassian.net

3ghoof4.atlassian.net

60gorck.atlassian.net

3 comments

Dirk Ronsmans
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
September 12, 2023

Hi @Ran Rubinstein ,

Unfortunately there is not much that can be done against this. 

I did escalate this question so we'll see if someone from Atlassian responds soon 

gac September 12, 2023

Me too. I saw another post on this community forum that said "forward them to abuse@atlassian.com"

Fun fact, it looks like abuse@atlassian.com has some kind of "threat protection" which clicks the links in the email, and the link alone is sufficient for you to be joined to the spam project without being logged into your Atlassian account.

So having forwarded some of them to abuse@, I am now a member of three spam projects.

- n9dklec.atlassian.net

- 1ffdogs.atlassian.net

- 60gorck.atlassian.net

If anyone from Atlassian engineering reads this, can they please address the fact that it seems that having the link alone is all you need to be accepted to the project, so forwarding the links anywhere they may be "clicked" (even by an automated threat protection system) may get you joined to the malicious project even if that "click" happens on a completely different system where you aren't logged in.

I understand that these "magic links" are convenient for logins etc, but to me that should be their only use, so if I click an "accept invitation" link while logged out I should be bounced to a login page, where I may then choose to use a "magic link" to log in if I want to.

Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 12, 2023

That's exactly the opposite of how it works.

Emails forwarded to abuse@atlassian.com do nothing of the sort.  They create an issue in the abuse team's queue for a human to check the site to see if it is abusive and shut it down if it is.

If you got emails from those three domains, then you had already been added by the spammers, it's nothing to do with the forwarding.

But yes, you are right, please do forward the emails, without comment, to abuse@atlassian.com, one per domain is all that's needed.

gac September 12, 2023

That does not match my experience. I've clicked zero links, I've forwarded 3 emails, and I'm now a member of 3 spam instances on my Atlassian profile (https://id.atlassian.com/manage-profile/products). The behaviour is suspiciously consistent to me, and exactly matches behaviour I've seen before when something is automatically inspecting links received by email. But hey, if you say not, then not.

> If you got emails from those three domains, then you had already been added by the spammers, it's nothing to do with the forwarding.

I think maybe you're not understanding me. I know that in order to receive the invitation, I've been invited by spammers.

But surely the instances should not appear in my Atlassian profile _unless_ I actively click the link to accept the invitation - otherwise at that point it is not an invitation.

Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 12, 2023

You're misunderstanding the process.

The emails you are getting are from systems to which spammers have already added you to.

The account you have on those systems is dormant until you accept the invite, but it already exists.

You can't be sent emails by a system that you do not exist in.

Forwarding the emails to Atlassian is an utter irrelevance, you got the spam because your account already exists and has been added to the abusive systems.  It's nothing to do with the reporting.

gac September 12, 2023

Fair enough. Seems wrong to me, but if that's how it works, that's how it works.

Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 26, 2023

Thanks for reporting these to us.  I didn't see this thread until today.  I found a total of 8 different active sites that appear to be sending spam.  I have created a report to our abuse team to have these reviewed and taken down.  There have also been other sites that appear to have sent spam to both users in the past that are already suspended.

Sorry that someone has abused our services to send you spam.  In the future you can report these to us as mentioned above by forwarding the message to abuse@atlassian.com but please understand that we cannot reply to anything sent to that address.  Alternatively, you can also post here to Community, or create a support ticket under https://support.atlassian.com/contact

Like Dirk Ronsmans likes this

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events