Updating phishing guidance
Why is this change being made?
Updating the "What to do if you suspect an email is a phishing attack" section of this handbook page.
Made the following changes to clarify guidance for GitLab staff:
- Removed the suggestion to report phishing emails to Gmail (option 3) - this is the least favorable option for the incident response team, as it does not send potentially malicious emails directly to our team for analysis
- Clarified and consolidated the other two phishing reporting options, and emphasized that submission of phishing reports via PhishAlarm is preferred as it does not require manual forwarding of the malicious email to the incident response team.
Author Checklist
-
Provided a concise title for this Merge Request (MR) -
Added a description to this MR explaining the reasons for the proposed change, per say why, not just what - Copy/paste the Slack conversation to document it for later, or upload screenshots. Verify that no confidential data is added.
-
Assign reviewers for this MR to the correct Directly Responsible Individual/s (DRI) - If the DRI for the page/s being updated isn’t immediately clear, then assign it to one of the people listed in the
Maintained bysection on the page being edited - If your manager does not have merge rights, please ask someone to merge it AFTER it has been approved by your manager in #mr-buddies
- If the DRI for the page/s being updated isn’t immediately clear, then assign it to one of the people listed in the
-
If the changes affect team members, or warrant an announcement in another way, please consider posting an update in #whats-happening-at-gitlab linking to this MR - If this is a change that directly impacts the majority of global team members, it should be a candidate for #company-fyi. Please work with internal communications and check the handbook for examples.
Edited by Matt Coons