Security News > 2020 > May > To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it

To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it
2020-05-21 20:51

Code hosting biz GitLab recently concluded a security exercise to test the susceptibility of its all-remote workforce to phishing - and a fifth of the participants submitted their credentials to the fake login page.

The GitLab Red Team - security personnel playing the role of an attacker - obtained the domain name gitlab.company and set it up using the open source GoPhish framework and Google's GSuite to send phishing emails.

Just 6 of the 50 message recipients reported the phishing attempt to GitLab security personnel.

GitLab's findings underscore security concerns about people working from home, a group that keeps growing thanks to the COVID-19 pandemic and growing corporate tolerance for, or even encouragement of, remote work.

Manzuik concluded that GitLab workers should be encouraged to review the company's handbook, which explains quarterly phishing drills, and that GitLab's security team should communicate more frequently with employees about phishing.


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/05/21/gitlab_phishing_pentest/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Gitlab 10 47 706 231 57 1041