We’ve received reports of a sophisticated phishing campaign targeting Atlassian customers.
These malicious emails use forged email headers to appear legitimate and seek to obtain user credentials by linking victims to phishing sites that closely resemble Atlassian domains.
These can be hard to spot, so we ask that customers exercise caution when engaging with links and/or requests for user credentials in emails that appear to be from noreply@am.atlassian[.]com received before 2023-06-19.
Below is an example of a phishing email and a list of phishing domains reported by Atlassian customers, though threat actors may be using additional assets.
app-atlassian[.]com
verify-atlassian[.]com
cableos-atlassian[.]com
apac-atlassian[.]com
confirm-atlassian[.]com
support-atlassian[.]com
Please change your passwords immediately if you believe you may have entered your Atlassian credentials into a phishing site.
Atlassian’s security team has contacted the phishing domain registrars to request deactivation and taken additional steps to improve the security posture of our domains to prevent these types of attacks from occurring in the future.
Your security is our priority, and we appreciate your partnership in remaining diligent. Please contact Atlassian Support with any questions and report any similar phishing attempts to security@atlassian.com.
e.atlassian[.]com is unaffected by this issue.
It would be helpful if you specified not only Atlassian legit domains but also how to spot malicious domains that are trying to mimic Atlassian.
I can see from this alert that domains with a hyphen (-) are suspicious but does Atlassian ever use a hyphenated domain?
Hi @Dan Hranj ,
any way to subscribe to this kind of notifications?
I am a site admin and I did not receive this alert via email or the in-app pop-up or anything.
Thank you.
I received one titled "Your payment has been processed for the invoice IN-000-587-620" today, the "Contact Us" URL being contact us. Is this legit?
Got the similar email with a PDF attachment of my apparent invoice. The mail came from
no_reply@am.atlassian.com