It's phishy because it's breaks the rules people are generally told for avoiding phishing links, mainly that they should pay attention to the domain rather than subdomains. Browser even highlight that part specifically so that you pay attention to it, because you can't fake the real domain. The problem with what GitHub does here is that while `github.github.io` might be the real GitHub, `foobar-github.github.io` is not because anybody can get a github.io via their username, that was part of why they made github.io separate. Additionally they could easily host this via GitHub Pages but still use a custom domain back to github.com, they just don't.
replyI would say that GitHub is particularly bad about this as they also use `github.blog` for announcements. I'm not sure if they have any others, but then that's the problem, you can't expect people to magically know which of your different domains are and aren't real if you use more than one. They even announced the github.com SSH key change on github.blog.
>It's phishy because it's breaks the rules people are generally told for avoiding phishing links
replyBank: Avoid phishing links, this is what they look like.
Also bank: Here is an link from our actual marketing department that looks exactly like phishing.
Hey, sorry, yes the better link is
https://github.github.com/gh-aw/
replybut we had a redirect set to https://github.github.io/gh-aw/
Both work and we've fixed the redirect now, thanks