I have noticed a recent uptick in changes being made to the Nim GitHub wiki. It started with changes that appear to be simple SEO spam, but now somebody has actually gone further and appears to be readying for a phishing attack.
Right now nim-iang.org redirects to nim-lang.org, but I expect this will change fairly soon. Since somebody has decided to register a domain that looks very similar to Nim's official domain I expect the risk of phishing is high, so beware.
Wow, it's an homographic attack, isn't it? They've copied your avatar too. For certain stuff (I think about e-mail and http clients, e.g. browsers) it seems to me we still have naive implementations in place. If you look to URL on the address bar on Chrome, it's almost impossible to notice the difference with the regular one. It's enough to copy & paste the URL on a text editor, maybe with a better font (Consolas in my case), and it's easy to spot on fake account that the third letter is a capital i (like "Impostor"). Did you face similar attacks in the past? Is Github fast enough to fix it? Does it help if I ask too Github (and other volunteers) to block account for deceiving content (or whatever)? Are more requests going to speed up the verification process? This is really nasty stuff! :(
Thank you! I'm still waiting for the GitHub's response.
That's creepy, so I reported them too
The fake xflywind account is gone now. I reported the account a few days ago and they acknowledged the report earlier today, although it could have been any of our reports that did it. Strike one up for the good guys!
Just got an email about the nim-iang account as well. Props to GitHub for acting on the report(s).