Recently
GitLab tested their employees with a phishing campaign. The goal of this test
was to check security level of the remote working.
By
using a domain name “gitlab.company” GitLab Red team created a phishing campaign
with an open-source GoPhish and GSuite. The employees were asked to click on
the link in the email and type their credentials on the fake login page.
More
than 30% of company’s employees clicked on the link, 20% have submitted their
credentials and only 12% reported observed attack to security team.
While
this marks are less than average response, but still more that GitLab expected
to see.
No comments:
Post a Comment