Someone's been creating a massive amount of fake jira service management accounts that emulate a crypto trading system and adding people. Please fix Jira to avoid using it for spam/scams!
some examples:
dtutqwv.atlassian.net
3ghoof4.atlassian.net
60gorck.atlassian.net
Me too. I saw another post on this community forum that said "forward them to abuse@atlassian.com"
Fun fact, it looks like abuse@atlassian.com has some kind of "threat protection" which clicks the links in the email, and the link alone is sufficient for you to be joined to the spam project without being logged into your Atlassian account.
So having forwarded some of them to abuse@, I am now a member of three spam projects.
- n9dklec.atlassian.net
- 1ffdogs.atlassian.net
- 60gorck.atlassian.net
If anyone from Atlassian engineering reads this, can they please address the fact that it seems that having the link alone is all you need to be accepted to the project, so forwarding the links anywhere they may be "clicked" (even by an automated threat protection system) may get you joined to the malicious project even if that "click" happens on a completely different system where you aren't logged in.
I understand that these "magic links" are convenient for logins etc, but to me that should be their only use, so if I click an "accept invitation" link while logged out I should be bounced to a login page, where I may then choose to use a "magic link" to log in if I want to.
That's exactly the opposite of how it works.
Emails forwarded to abuse@atlassian.com do nothing of the sort. They create an issue in the abuse team's queue for a human to check the site to see if it is abusive and shut it down if it is.
If you got emails from those three domains, then you had already been added by the spammers, it's nothing to do with the forwarding.
But yes, you are right, please do forward the emails, without comment, to abuse@atlassian.com, one per domain is all that's needed.
That does not match my experience. I've clicked zero links, I've forwarded 3 emails, and I'm now a member of 3 spam instances on my Atlassian profile (https://id.atlassian.com/manage-profile/products). The behaviour is suspiciously consistent to me, and exactly matches behaviour I've seen before when something is automatically inspecting links received by email. But hey, if you say not, then not.
> If you got emails from those three domains, then you had already been added by the spammers, it's nothing to do with the forwarding.
I think maybe you're not understanding me. I know that in order to receive the invitation, I've been invited by spammers.
But surely the instances should not appear in my Atlassian profile _unless_ I actively click the link to accept the invitation - otherwise at that point it is not an invitation.
You're misunderstanding the process.
The emails you are getting are from systems to which spammers have already added you to.
The account you have on those systems is dormant until you accept the invite, but it already exists.
You can't be sent emails by a system that you do not exist in.
Forwarding the emails to Atlassian is an utter irrelevance, you got the spam because your account already exists and has been added to the abusive systems. It's nothing to do with the reporting.
Fair enough. Seems wrong to me, but if that's how it works, that's how it works.
Thanks for reporting these to us. I didn't see this thread until today. I found a total of 8 different active sites that appear to be sending spam. I have created a report to our abuse team to have these reviewed and taken down. There have also been other sites that appear to have sent spam to both users in the past that are already suspended.
Sorry that someone has abused our services to send you spam. In the future you can report these to us as mentioned above by forwarding the message to abuse@atlassian.com but please understand that we cannot reply to anything sent to that address. Alternatively, you can also post here to Community, or create a support ticket under https://support.atlassian.com/contact