Hi,
a couple of days ago I received an email message (attached below) that looks like sent from GitLab. They offer me to win a prize if I click on the link. The message itself does look convincing but the only thing that matters and can be used to distinguish a scam from a legit message is the target link. Which is:
https://ows.io/tj/170d7w5o
Can you please confirm or deny if this is a legit message from GitLab?
I got an email like that a while back. It’s legit. At least the one I got was. When you click “Click to participate” you get a survey. In the survey, they ask you to complete various tasks. I don’t remember exactly what tasks I was asked to complete, but they weren’t hard. I think they’re testing out UI ideas. The survey took maybe 10-15 minutes. If you complete the entire survey, you get entered into the drawing.
Did you really click on an unknown link?
If the message is actually legit then I strongly suggest GitLab to use some more trustworthy links if they have security in mind.
Look at the details in the email. Phishing emails tend to have a minute detail that isn’t correct. It might be as subtle as writing GïtLab instead of GitLab…or a tiny detail in the address, tagline, or other text that isn’t quite right. If you look at the email header, it’s likely funky chicken. So, to answer your question. No, I didn’t click on an unknown link. I clicked on a link in an email, that based on my review actually came from GitLab. To this day, I have yet to click on a bad link.
I can take this particular legit email message, change only the target link and use it as a perfectly convincing scam. It is true that most of todays scam is actually crappy looking but relying on this fact is one of the reasons why a well-crafted spear phishing is so effective.
Anyway, thank you for helping me identify the message.
