Almost perfect Y Combinator Phishing Mail
2 comments
It had valid DKIM and SPF because it was using GitHub issues to mass mention people.
screenshot of an issue from before the account was terminated https://s3.amazonaws.com/jasonrm/2025/ycombinatoor-spam-issu...
screenshot of an issue from before the account was terminated https://s3.amazonaws.com/jasonrm/2025/ycombinatoor-spam-issu...
This has been reported a dozen times or so already.
https://news.ycombinator.com/item?id=45352610
https://news.ycombinator.com/item?id=45352610
and the email was sent
with valid DKIM and SPF:
so the angle of Y-Combinator collaborating with GitHub appears legit. But - of course - that ycombinator.com/apply link actually uses unicode trickery to send you to a website where the "i" has been replaced with an "l". And there, it says:
which I guess is the phishing part where they steal your crypto.