Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

SECURITY ALERT: Phishing Emails Targeting Atlassian Customers

Dan Hranj
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 21, 2023

We’ve received reports of a sophisticated phishing campaign targeting Atlassian customers.

These malicious emails use forged email headers to appear legitimate and seek to obtain user credentials by linking victims to phishing sites that closely resemble Atlassian domains. 

These can be hard to spot, so we ask that customers exercise caution when engaging with links and/or requests for user credentials in emails that appear to be from noreply@am.atlassian[.]com received before 2023-06-19.

Below is an example of a phishing email and a list of phishing domains reported by Atlassian customers, though threat actors may be using additional assets.

  • app-atlassian[.]com

  • verify-atlassian[.]com

  • cableos-atlassian[.]com

  • apac-atlassian[.]com

  • confirm-atlassian[.]com

  • support-atlassian[.]com

 Screenshot 2023-06-20 at 13.41.12.png 

Please change your passwords immediately if you believe you may have entered your Atlassian credentials into a phishing site.

Atlassian’s security team has contacted the phishing domain registrars to request deactivation and taken additional steps to improve the security posture of our domains to prevent these types of attacks from occurring in the future.

Your security is our priority, and we appreciate your partnership in remaining diligent. Please contact Atlassian Support with any questions and report any similar phishing attempts to security@atlassian.com.

4 comments

Comment

Log in or Sign up to comment
Mayur Jadhav
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
June 22, 2023

Hi @Dan Hranj ,

Thanks for the information. Can you please confirm if this email id is from Atlassian ?

e.atlassian.com

Like Thomas Gaffney likes this
Dan Hranj
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 23, 2023

e.atlassian[.]com is unaffected by this issue.

Like Monique vdB likes this
Pippin Wallace
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
July 24, 2023

It would be helpful if you specified not only Atlassian legit domains but also how to spot malicious domains that are trying to mimic Atlassian.
I can see from this alert that domains with a hyphen (-) are suspicious but does Atlassian ever use a hyphenated domain?

Like Jennifer Marshall likes this
Inna S September 28, 2023

Hi @Dan Hranj ,

any way to subscribe to this kind of notifications?

I am a site admin and I did not receive this alert via email or the in-app pop-up or anything. 

Thank you.

Fook Lee
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
October 24, 2023

I received one titled "Your payment has been processed for the invoice IN-000-587-620" today, the "Contact Us" URL being contact us.  Is this legit?  

DarwinV
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
February 15, 2024

Got the similar email with a PDF attachment of my apparent invoice. The mail came from

no_reply@am.atlassian.com

TAGS
AUG Leaders

Atlassian Community Events