GitLab runs phishing test against employees – and 20% handed over credentials – SiliconANGLE

When it comes to cybersecurity, people are the weakest link. GitLab reiterated this point beautifully in a recent exercise involving its own employees.

GitLab decided to emulate a phishing campaign against its employees to obtain credentials. The fake phishing attack was designed to mimic a basic attack concentrating on primary authentication credentials via a fake login page. The link took them to the fake website where they were asked to enter their login details. Fifty GitLab employees were targeted, and 17 clicked on the link. Six reported the link as suspicious behaviour to the GitLab security operations team.

The Verizon 2030 Data Breach Investigations Report says roughly one-quarter of all breaches involved phishing. It just goes to show that when some effort is put into an attack, anyone from any organization can get duped.

Alex Coop
Alex Coop
Former Editorial Director for IT World Canada and its sister publications.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web