from Hacker News

It's been reported that FogBugz started sending large amount of fraudulent invoices on or about Friday 16th September 2022.

See twitter and HN threads about the issue https://twitter.com/josephruscio/status/1570957688405917698

If you have received fraudulent emails and invoices from FogBugz, there's a very simple first step you can do to help prevent harm to other victims.

* In Firefox, you can open the website https://fogbugz.com/sign-in/ , then open "Help" menu, "Report Deceptive website".

* In any browser, you can open the page to report deceptive websites here https://safebrowsing.google.com/safebrowsing/report_phish/ then fill in the URL https://fogbugz.com/sign-in/

Google and Firefox maintain a list of websites performing active attacks of phishing/fraud/malware/etc. The lists are updated in the background hourly or so for all users of the browsers. A site should be blocked in no time once it's been reported enough time.

It's been very effective at stopping large scale attacks in the wild. That's one of the reasons you see elaborate attacks these days having to circle through many domains, otherwise they get blocked in no time.

There may be more you can do (some comments mentioned writing to your Attorney General and starting class actions lawsuits) however these take a while to initiate and do not stop active harm in the meantime.

Regards.