While no one can deny the importance of training employees regarding cybersecurity for business, GoDaddy went a bit too far. They adopted quite an insensitive approach of offering fake bonuses to assess their employees’ vigilance. Lately, GoDaddy apologized for the insensitive phishing test.
GoDaddy Sent Fake Bonus Email To Staff
Around two weeks ago, GoDaddy employees received good news from their employer. In an email purportedly from GoDaddy, they were informed to be receiving a holiday bonus from the firm.
Specifically, around 500 employees of GoDaddy received that email on December 14, 2020. The sender’s email address appeared as “[email protected]” as if the firm particularly created this email address for the offer.
The email’s subject line was “2020 Holiday Party”. Whereas, the message included a glittering image with the text that offered $650 as a bonus to the employee from GoDaddy. It read,
Though we cannot celebrate together during our annual Holiday Party, we want to show our appreciation and share a $650 one-time Holiday bonus!
The email further asked the recipient to fill-up the details in the appended form by December 18, 2020, to qualify for the bonus.
Also, to add a sense of urgency, the email read,
Any submittals after the cutoff will not be accepted and you will not receive the one-time bonus of $650 (free money, claim it now!)
Given the sender’s email address, the alluring bonus, the sense of urgency to provide details to claim the “free money”, and of course, the ongoing chaotic economic situation due to the COVID-19 pandemic, the staff trusted the emails and provided the details.
However, two days later, they received a cruel email revealing the previous message as a fake offer.
It turned out that the email did originate from GoDaddy, the company actually conducted a phishing test by sending that email.
The text of the following email from GoDaddy’s security offer, Demetrius Comes, read,
You’re getting this email because you failed our recent phishing test. You will need to retake the Security Awareness Social Engineering training.
GoDaddy Apologized For The Phishing Test
Soon after the GoDaddy staff realized the fact and the news went public, GoDaddy faced a backlash on social media.
Eventually, GoDaddy apologized for the insensitive phishing test at this time. As per their statement to AFP,
GoDaddy takes the security of our platform extremely seriously. We understand some employees were upset by the phishing attempt and felt it was insensitive, for which we have apologized.
While the test mimicked real attempts in play today, we need to do better and be more sensitive to our employees.
Aside from the debate of this phishing test being right or wrong, one thing remains universal. That is, to stay wary of phishing emails. Any email that sounds “too good” is often “too good to be true”. So, even if you receive a happy email apparently from your employer, it’s always wise to counter-check it’s validity by contacting the apparent sender via means other than email.
Stay safe everyone.