GitLab.com recently performed a spear phishing campaign where they targeted 50 of their employees in an attempt to see how vulnerable their team members were to phishing attacks. Using the domain "gitlab.company" and GSuite to deliver emails, those targeted were asked to click on a link to accept an upgraded Laptop from their IT department.
Of the 50 employees that were tested, 17 of them, or 34%, clicked on the phishing link within the fake email, and 10 of those 17, or 59%, inputted their username and password into the fake landing page. Out of all 50 employees who were sent the email, only 6 of them, or 12%, reported the email as suspicious.
The link below, which you can paste into your browser instead of clicking through, goes into more detail as to how they performed the test.
https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/RT-011%20-%20Phishing%20Campaign
Phishing Attack Simulation and Security Awareness Training for your employees is more important than ever due to the significant increase in attacks. Even highly tech focused companies such as GitLab have a severe failure rate that can have a significant impact when employees succumb to phishing emails.
