{"id":35114,"date":"2020-05-21T20:51:10","date_gmt":"2020-05-21T20:51:10","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\/"},"modified":"2020-05-21T20:51:10","modified_gmt":"2020-05-21T20:51:10","slug":"to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\/","title":{"rendered":"To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it"},"content":{"rendered":"<p>Code hosting biz GitLab recently concluded a security exercise to test the susceptibility of its all-remote workforce to phishing \u2013 and a fifth of the participants submitted their credentials to the fake login page.<\/p>\n<p>The mock attack simulated a targeted phishing campaign designed to get GitLab employees to give up their credentials.<\/p>\n<p>The GitLab Red Team \u2013 security personnel playing the role of an attacker \u2013 obtained the domain name gitlab.company and set it up using the open source <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/getgophish.com\/\">GoPhish<\/a> framework and Google&#8217;s GSuite to send phishing emails. The messages were designed to look like a laptop upgrade notification from GitLab&#8217;s IT department.<\/p>\n<p>&#8220;Targets were asked to click on a link in order to accept their upgrade and this link was instead a fake GitLab.com login page hosted on the domain &#8216;gitlab.company&#8217;,&#8221; explained security manager Steve Manzuik in a <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/gitlab.com\/gitlab-com\/gl-security\/gl-redteam\/red-team-tech-notes\/-\/tree\/master\/RT-011%20-%20Phishing%20Campaign\">GitLab post<\/a>.<\/p>\n<div class=\"promo_article\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2015\/07\/06\/hackers.jpg?x=174&amp;y=115&amp;crop=1\" width=\"174\" height=\"115\" alt=\"verizon\"><\/p>\n<h2 title=\"Malware-led intrusions falling out of fashion, too\">Insider threat? Pffft. Hackers on the outside are the ones mostly making off with your private biz data, says Verizon<\/h2>\n<p><a href=\"https:\/\/www.theregister.co.uk\/2020\/05\/19\/verizon_data_breach_report\/\"><span>READ MORE<\/span><\/a><\/div>\n<p>&#8220;While an attacker would be able to easily capture both the username and password entered into the fake site, the Red Team determined that only capturing email addresses or login names was necessary for this exercise.&#8221;<\/p>\n<p>Fifty emails went out and 17 (34 per cent) clicked on the link in the messages that led to the simulated phishing website. Of those, 10 (59 per cent of those who clicked through or 20 per cent of the total test group) went on to enter credentials. And just 6 of the 50 message recipients (12 per cent) reported the phishing attempt to GitLab security personnel.<\/p>\n<p>According to Verizon&#8217;s <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/enterprise.verizon.com\/resources\/reports\/dbir\/\">2020 Data Breach Investigations Report<\/a>, 22 per cent of data exposure incidents involved phishing or about 90 per cent of incidents involving social interaction. The DBIR, however, suggests the click rate for phishing messages should be far lower, 3.4 per cent, than the 20 per cent rate found at GitLab.<\/p>\n<p>Another security firm, Rapid7, has <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/www.rapid7.com\/globalassets\/_pdfs\/whitepaperguide\/rapid7-whitepaper-why-you-should-let-your-security-team-go-phishing.pdf\">said<\/a> that phishing message link click rates vary from 7 per cent to 45 per cent, depending on the survey. A <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/www.ciosummits.com\/KnowBe4-Phishing-By-Industry-Benchmarking-Report.pdf\">2018 report<\/a> from KnowBe4, a security training awareness biz, puts the average percentage of phishing-prone employees across industries at 27 per cent.<\/p>\n<p>In an email to <em>The Register<\/em>, Johnathan Hunt, VP of Security at GitLab, said it was encouraging to see that the company&#8217;s results were better than industry averages.<\/p>\n<blockquote class=\"pullquote\" readability=\"6\">\n<p>The team had the assumption that more people would fall for the phishing scam but that assumption turned out to be false<\/p>\n<\/blockquote>\n<p>&#8220;Initially, the team had the assumption that more people would fall for the phishing scam but that assumption turned out to be false,&#8221; said Hunt. &#8220;Some vendors claim that the average rate of successful phishes is somewhere around 30-40 per cent so it is nice to see us trending below that.&#8221;<\/p>\n<p>GitLab&#8217;s findings underscore security concerns about people working from home, a group that keeps growing thanks to the COVID-19 pandemic and growing corporate tolerance for, or even encouragement of, remote work. People working from home become their own IT administrators and many are not up to the task.<\/p>\n<p>Hunt, citing the continued prevalence of phishing, stressed the need for employee education, wherever workers are located.<\/p>\n<p>&#8220;This means that companies, whether remote or not, should be training their staff to have a healthy level of caution when it comes to email communications,&#8221; said Hunt. &#8220;As organizations move to being more remote and potentially leveraging cloud services, user identity management and multi-factor authentication become very important.&#8221;<\/p>\n<p>Hunt said GitLab has implemented multi-factor authentication and that would have protected employees had the attack not been a simulation. Future tests, he said, will attempt to subvert these extra security measures.<\/p>\n<p>Manzuik concluded that GitLab workers should be encouraged to review the company&#8217;s <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/about.gitlab.com\/handbook\/security\/#phishing-tests\">handbook<\/a>, which explains quarterly phishing drills, and that GitLab&#8217;s security team should communicate more frequently with employees about phishing. \u00ae<\/p>\n<p class=\"wptl btm\"><span>Sponsored:<\/span> <a href=\"https:\/\/go.theregister.co.uk\/tl\/1942\/-8722\/ransomware-has-gone-nuclear?td=wptl1942\">Webcast: Ransomware has gone nuclear<\/a><\/p>\n<p>READ MORE <a href=\"https:\/\/go.theregister.co.uk\/feed\/www.theregister.co.uk\/2020\/05\/21\/gitlab_phishing_pentest\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welp, at least that&#8217;s better than industry averages, says code-hosting biz Code hosting biz GitLab recently concluded a security exercise to test the susceptibility of its all-remote workforce to phishing \u2013 and a fifth of the participants submitted their credentials to the fake login page.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":35115,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-35114","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-05-21T20:51:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"174\" \/>\n\t<meta property=\"og:image:height\" content=\"115\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it\",\"datePublished\":\"2020-05-21T20:51:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\\\/\"},\"wordCount\":660,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/05\\\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it.jpg\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\\\/\",\"name\":\"To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/05\\\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it.jpg\",\"datePublished\":\"2020-05-21T20:51:10+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/05\\\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/05\\\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it.jpg\",\"width\":174,\"height\":115},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\/","og_locale":"en_US","og_type":"article","og_title":"To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-05-21T20:51:10+00:00","og_image":[{"width":174,"height":115,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it","datePublished":"2020-05-21T20:51:10+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\/"},"wordCount":660,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it.jpg","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\/","url":"https:\/\/www.threatshub.org\/blog\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\/","name":"To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it.jpg","datePublished":"2020-05-21T20:51:10+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it.jpg","width":174,"height":115},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/to-test-its-security-mid-pandemic-gitlab-tried-phishing-its-own-work-from-home-staff-1-in-5-fell-for-it\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/35114","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=35114"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/35114\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/35115"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=35114"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=35114"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=35114"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}