GoDaddy, the world’s largest domain registrar and web hosting company is under fire for sending a fake email on Friday to its employees announcing holiday bonus.
“2020 has been a record year for GoDaddy, thanks to you!” the email continued, “though we cannot celebrate together during our annual Holiday Party, we want to show our appreciation and share a $650 one-time Holiday bonus!”
Much like phishing emails which seek to obtain valuable personal or financial data within a certain time that could be used against the recipient, employees of GoDaddy were asked in the email to submit their personal information by December 18.
Phishing tests are normal. Companies regularly use different methods to teach employees about computer safety because security breaches can have a major impact on the business.
But according to The Verge, “promising employees fake money definitely falls into the “oh no they didn’t” category”. “What’s the cruelest prank you can make on employees who are struggling during a global pandemic when millions of people have lost their jobs or lives?”, The Verge wrote.
Hundreds of employees who happily clicked the link in the email from GoDaddy unfortunately received a rebuke for failing exam instead of a $650 bonus. They were told to take a training course on social engineering for failing phishing test.
“You’re getting this email because you failed our recent phishing test,” the company’s chief security officer Demetrius Comes wrote in the email sent to at least 500 employees two days later, according to The Copper Courier. “You will need to retake the Security Awareness Social Engineering training,” the Chief security officer said.
GoDaddy reportedly apologized after receiving backlash from people who felt the email was “insensitive,” adding it “takes the security of our platform extremely seriously.”
“We understand some employees were upset by the phishing attempt and felt it was insensitive, for which we have apologized,” a spokesman said in a statement.
It may be easy though to understand why GoDaddy used phishing test for employees. The company has been attacked multiple times by hackers recently.
In March, GoDaddy reportedly suffered a large phishing scam. Several targeted domains came under hacker control. A voice phishing scam targeting GoDaddy support employees allowed the hackers to assume control over at least a half-dozen domain names, including transaction brokering site escrow.com, according to the report.