Published on: December 10, 2025

3 min read

New wave of fake job scams impersonating recruiters

Here's what to know about these scams targeting job seekers, what GitLab is doing, and how to protect yourself.

Hasan ChawichHasan Chawich

security

Job seekers are being targeted by scammers impersonating recruiters at tech companies, including GitLab, through email, LinkedIn, and video conferencing platforms. These scams misuse GitLab’s name, logo, and team member identities to create the illusion of legitimate hiring activity.

Victims have reported receiving fake interview invitations, employment offers, and onboarding documents, often followed by requests for payment or personal information. These campaigns are not affiliated with GitLab in any way.

What’s new with this wave

Recent incidents differ from earlier scams by introducing new domains and tactics, including:

  • Use of unauthorized domains such as gitlab[.]careers and careers-gitlab[.]com

  • References to fake certifications like “CPD USA Certification”

  • Fake recruiter profiles on LinkedIn and Teams impersonating GitLab HR staff

  • Requests for sensitive information or upfront “equipment” payments after fake interviews

These impersonators are becoming more sophisticated, using corporate-style emails, authentic-looking offer letters, and realistic video interview invitations to gain trust.

Common warning signs

Candidates should be cautious if they encounter any of the following:

  • The email domain is not @gitlab.com (e.g., Gmail, Outlook, or lookalike domains).

  • The recruiter requests you to pay for equipment, certification, or background checks.

  • The communication happens only through chat, without verified GitLab calendar invites.

  • The job listing does not appear on the official GitLab careers page.

  • The recruiter refuses to verify their identity via a GitLab.com address or directs you to external URLs unrelated to GitLab.

GitLab’s official recruiting process

GitLab’s hiring process is fully remote but transparent and verifiable.

  • All communications come from official @gitlab.com email addresses.

  • Interviews are conducted via Zoom, not Microsoft Teams or WhatsApp.

  • GitLab never requests payment, purchases, or certification fees during recruitment.

  • Legitimate offers and onboarding steps are handled securely through GitLab systems.

For details on how we hire, please refer to our Candidate Handbook.

What GitLab is doing

GitLab’s Security and People teams are actively investigating and reporting fake recruiting domains and profiles to hosting providers and social networks. We continue to collaborate with legal, communications, and platform partners to remove fraudulent content and notify affected individuals.

If you see something suspicious, let us know at [email protected]. Anyone can report suspicious recruiting activity for review by our Security Incident Response Team.

How to protect yourself

If you receive suspicious communication that claims to be from GitLab:

  1. Verify the sender’s email domain — it should always end in @gitlab.com.

  2. Confirm job postings directly on about.gitlab.com/jobs.

  3. Avoid sending personal or financial information to unverified recruiters.

  4. Report any suspicious domains or messages to [email protected].

For additional information on avoiding job scams, see these trusted resources:

If you believe you’ve been targeted by a fake GitLab recruiter, please **report it immediately to [email protected] so our team can investigate.

We want to hear from you

Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum.

Share your feedback

50%+ of the Fortune 100 trust GitLab

Start shipping better software faster

See what your team can do with the intelligent

DevSecOps platform.

Get free trial Talk to sales