Dear HN, I've just received what I would consider to be an almost perfectly crafted phishing mail. It says:
Dear community,
The Y Combinator W2026 Program is now open for applications. This world-renowned accelerator supports ambitious builders and early-stage teams, helping them transform projects into scalable companies.
As a GitHub contributor, your open-source activity positions you to benefit from this opportunity. Whether you are shipping code, maintaining repositories, or prototyping new ideas, your work drives innovation and could qualify for YC’s support.
Program Benefits
Funding: $15,000,000 USD investment on standard YC terms
Growth Allocation: Helping founders accelerate traction and align community growth with long-term success.
Mentorship: Access to experienced founders and YC partners
Community: A global network of alumni, investors, and experts
Important:
A refundable deposit is required for authorization. The full amount will be returned once verification is complete.
Apply here: ycombinator.com/apply
Applications are reviewed on a rolling basis. To maximize your chances, apply early via the official YC platform. Connect your GitHub profile and share your project details to get started.
Best regards,
Y-Combinator Team
In collaboration with GitHub
You are receiving this message as a registered GitHub member.
©2025 GitHub, Inc. All rights reserved.
Address: 88 Colin P Kelly Jr St, San Francisco, CA 94107, USA.
and the email was sent
From: "mail-automatic[bot]" <notifications@github.com>
with valid DKIM and SPF:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com;
s=pf2023; t=1758673517;
bh=US4CJqqkBhma8Fvuq02w6IzAQPikeND5kn798+L2Xbc=;
h=Date:From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post:
List-Unsubscribe:List-Unsubscribe-Post:From;
b=b6VQSnYetXklM0vroPZGy7uIAKxMtyJrP0f7iEFnxm+765issKWTt4iO4rEwGALot
o8e1qRiKsz/PbbtwdbUHCXEZd/iQ1ALR1Tdq0nLQSkMzxkfPb+tPZStIyE+VMArF1P
3zTfZjDwhHQRUURvcrP6r4MVXcW1DMoAh+mOKJrQ=
Received-SPF: Pass (protection.outlook.com: domain of github.com designates
192.30.252.207 as permitted sender) receiver=protection.outlook.com;
client-ip=192.30.252.207; helo=out-24.smtp.github.com; pr=C
so the angle of Y-Combinator collaborating with GitHub appears legit. But - of course - that ycombinator.com/apply link actually uses unicode trickery to send you to a website where the "i" has been replaced with an "l". And there, it says:
We use EIP-712 and Ethereum Attestation Service (EAS) to verify your wallet. During the process, you may see a standard withdrawal notification — this confirms your signature to record verification stamps on-chain.
We guarantee that your assets remain completely secure.
which I guess is the phishing part where they steal your crypto.
jasonrm•49m ago
screenshot of an issue from before the account was terminated https://s3.amazonaws.com/jasonrm/2025/ycombinatoor-spam-issu...