Job seekers are being targeted by scammers impersonating recruiters at tech companies, including GitLab, through email, LinkedIn, and video conferencing platforms. These scams misuse GitLab’s name, logo, and team member identities to create the illusion of legitimate hiring activity.
Victims have reported receiving fake interview invitations, employment offers, and onboarding documents, often followed by requests for payment or personal information. These campaigns are not affiliated with GitLab in any way.
What’s new with this wave
Recent incidents differ from earlier scams by introducing new domains and tactics, including:
- Use of unauthorized domains such as
gitlab[.]careersandcareers-gitlab[.]com - References to fake certifications like “CPD USA Certification”
- Fake recruiter profiles on LinkedIn and Teams impersonating GitLab HR staff
- Requests for sensitive information or upfront “equipment” payments after fake interviews
These impersonators are becoming more sophisticated, using corporate-style emails, authentic-looking offer letters, and realistic video interview invitations to gain trust.
Common warning signs
Candidates should be cautious if they encounter any of the following:
- The email domain is not
@gitlab.com(e.g., Gmail, Outlook, or lookalike domains). - The recruiter requests you to pay for equipment, certification, or background checks.
- The communication happens only through chat, without verified GitLab calendar invites.
- The job listing does not appear on the official GitLab careers page.
- The recruiter refuses to verify their identity via a GitLab.com address or directs you to external URLs unrelated to GitLab.
GitLab’s official recruiting process
GitLab’s hiring process is fully remote but transparent and verifiable.
- All communications come from official
@gitlab.comemail addresses. - Interviews are conducted via Zoom, not Microsoft Teams or WhatsApp.
- GitLab never requests payment, purchases, or certification fees during recruitment.
- Legitimate offers and onboarding steps are handled securely through GitLab systems.
For details on how we hire, please refer to our Candidate Handbook.
What GitLab is doing
GitLab’s Security and People teams are actively investigating and reporting fake recruiting domains and profiles to hosting providers and social networks. We continue to collaborate with legal, communications, and platform partners to remove fraudulent content and notify affected individuals.
How to protect yourself
If you receive suspicious communication that claims to be from GitLab:
- Verify the sender’s email domain — it should always end in
@gitlab.com. - Confirm job postings directly on about.gitlab.com/jobs.
- Avoid sending personal or financial information to unverified recruiters.
For additional information on avoiding job scams, see these trusted resources:
