GoDaddy promised holiday bonus, it was just a phishing test

Illustration for an article titled GoDaddy: Sorry we promised a holiday bonus, it was just a phishing test

Photo: Jenny Kane (AP)

GoDaddy decided that December would be a great time to test whether its employees remain vigilant about cyber security threats. At a time when its staff is trying to navigate the fanciful holiday season of an epidemic and ailing economy, the web hosting giant sent a phishing email with an offer that was too good to be true and is now very sorry .

Arizona-based news outlet The Copper Courier Previously reported GoDaddy employees received an email on 14 December with the subject line “GoDaddy Holiday Party”. The email informed workers that the company looked forward to the annual holiday party and would issue a “$ 650 lump sum holiday bonus”. Two links were included in the email and employees were instructed to choose their location and fill in some details in the form to ensure that they would receive their bonus before the holidays. Unfortunately, the entire offering was just a test to see if employees would fall for such a scam if a bad actor tries to redirect them with malicious links.

Two days later, about 500 GoDaddy employees were informed that no bonuses were forthcoming and that they failed the corporate phishing test. GoDaddy’s chief security officer Demetrius arrives The follow-up email states that failing employees will “retake security awareness social engineering training.”

Many companies do this type of testing and the tell-tale sign states that the misleading email is sent from an email address that appears to be from a corporate account, for example, my boss sending me an email with an address Could be trying @ expires at But GoDaddy runs its own email service and is sent from an account with a fake phishing email address, [email protected] It is easy to see why so many workers failed the test, and it is easy to understand that GoDaddy would see such an embarrassing vulnerability in its system because the company just faced embarrassment Data breach earlier this year.

What is not understood is the brutality involved in the setup of this test and the lack of follow-up on the employee’s expectation of a regular bonus a year when the company reports. Record increase Participating in Big corporate trends Taking out staff. Cyberspace is important to a company such as GoDaddy, but it could have held the same exam, the training mandate could have been issued to anyone who had failed, and bonuses could still be distributed to everyone.

“GoDaddy takes the security of our platform very seriously. We understand that some employees were upset with the phishing attempt and felt it was insensitive, for which we apologized, ”a GoDaddy spokesperson told Gizmodo. “In today’s exam, we need to be better and more sensitive to our employees, mimicking the real efforts in sports.” The company did not respond when Gizmodo asked if it intended to issue bonuses.

Data breach can be a huge headache for a web hosting company, but if no one wants to work there and no one wants to do business with an organization that treats its employees like a mess The most difficult year in a generation, the hardest moment. ‘There will be nothing to keep safe.


Leave a Reply

Your email address will not be published.