In order to test how dangerous the situation is for its own company, the software provider Gitlab sent 50 e-mails to its employees, who are certainly IT-savvy, in a phishing self-experiment.
In this mail, the employees were asked to log in for an update on an authentic-looking login page created for this purpose. In advance, the security experts responsible had only registered the domain gitlab.company. Nothing that takes a lot of time and effort and is completely in line with the approach of cyber criminals.
And although the IT company had clearly pointed out these dangers in training courses as well as in an internal manual, 17 of 50 employees registered for the update with their data.
A result that once again shows how easily employees can be deceived by a familiar layout and how necessary it is to have a clearly defined and continuously developed security strategy, which includes the elimination of security gaps in the assignment of rights and roles as well as regular training of employees. Why not conduct the next training course yourself in the form of such a self-experiment? The result will probably be sobering, but it will also raise awareness more lastingly than PowerPoint charts.