Hi,
a couple of days ago I received an email message (attached below) that looks like sent from GitLab. They offer me to win a prize if I click on the link. The message itself does look convincing but the only thing that matters and can be used to distinguish a scam from a legit message is the target link. Which is:
https://ows.io/tj/170d7w5o
Can you please confirm or deny if this is a legit message from GitLab?
I got an email like that a while back. It’s legit. At least the one I got was. When you click “Click to participate” you get a survey. In the survey, they ask you to complete various tasks. I don’t remember exactly what tasks I was asked to complete, but they weren’t hard. I think they’re testing out UI ideas. The survey took maybe 10-15 minutes. If you complete the entire survey, you get entered into the drawing.
Did you really click on an unknown link?
If the message is actually legit then I strongly suggest GitLab to use some more trustworthy links if they have security in mind.
Look at the details in the email. Phishing emails tend to have a minute detail that isn’t correct. It might be as subtle as writing GïtLab instead of GitLab…or a tiny detail in the address, tagline, or other text that isn’t quite right. If you look at the email header, it’s likely funky chicken. So, to answer your question. No, I didn’t click on an unknown link. I clicked on a link in an email, that based on my review actually came from GitLab. To this day, I have yet to click on a bad link.
I can take this particular legit email message, change only the target link and use it as a perfectly convincing scam. It is true that most of todays scam is actually crappy looking but relying on this fact is one of the reasons why a well-crafted spear phishing is so effective.
Anyway, thank you for helping me identify the message.
This post was flagged by the community and is temporarily hidden.
This post was flagged by the community and is temporarily hidden.
