With ruthless devotion to operational security, web hosting firm GoDaddy has duped its employees with a hoax email promising a holiday bonus – which turned out to be a ruse to teach workers about the perils of phishing scams.
The notice, obtained this week by an Arizona NBC affiliate, enticed company personnel with an offer of a one-time “holiday bonus,” only asking that they enter their personal information into a form included on the email in order to guarantee they received the Christmas cash.
“Happy Holiday GoDaddy! 2020 has been a record year for GoDaddy, thanks to you!” the deceptive email said, adding: “Though we cannot celebrate together during our annual Holiday Party, we want to show our appreciation and share a $650 one-time Holiday bonus!”
To ensure that you receive your one-time bonus in time for the Holidays, please select your location and fill in the details.
To the frustration of employees, however, the offer was too good to be true. Those who followed the email’s instructions and filled out the form were soon met with a stern warning: “You’re getting this email because you failed our recent phishing test. You will need to retake the Security Awareness Social Engineering training,”according to local Arizona outlet the Copper Courier. The follow-up message also noted that around 500 GoDaddy employees had failed the test.
Days after the hoax email was sent on December 14, the company held a “town hall” event for workers where some anonymously expressed anger at the “tone-deaf” scheme, the NBC affiliate reported. The phishing ‘test’ may have been received especially poorly given that it came just months after GoDaddy CEO Aman Bhutani announced a spate of lay-offs amid the economic fallout of Covid-19 and related government shutdown policies, which have ravaged much of the US, and indeed global, economy.
While GoDaddy has fallen victim to far-reaching phishing attacks previously, with Forbes reporting a massive breach in May that impacted some 28,000 customers, netizens were not impressed with the fake email. Commenters savaged the company for the Grinch-like move, with one blasting the firm as “beyond deplorable.”
very insensitive of them. the company is trash to begin with so this wasn’t surprising @GoDaddy
— Limmidy (@Limmidy) December 25, 2020
What a way to close out 2020. Gross.
— Melissa Marie (@MelissaMarie_) December 25, 2020
Some observers pushed back on those condemning the company as a Scrooge, however, calling the move “smart” from a security standpoint. Some also argued that employees who fell for the trick were among “the most gullible user[s] on the planet.”
remember when all of twitter got hacked/infiltrated by TEENAGERS a few months ago? that happened because employees with access to the info, fell for a social engineering/phishing scam.godaddy was smart. as long as they didn’t fire anyone, this is best way to teach employees.
— Melvin McShay (@JonBlocksHIV69) December 25, 2020
Bonuses will come as is the norm.I host a website on godaddy and this makes me feel safe.
— Not Allowed! (@NotAllowedNot) December 25, 2020
“My employer doesn’t know who I am or where I work or how to pay me, so I should send it to them my personal info to opt in to a bonus they already want to give me! Wait no bonus? I’m going to the news!” -The most gullible user on the planet.
— Conroy (@ConroyHodgy) December 25, 2020
GoDaddy is not the first company to take heat for a similar stunt, with Tribune Publishing also fooling employees with a promise of a bonus in September in order to root out potential security breaches. The publisher later apologized for the setup – which also followed a company announcement that it would impose pay-cuts and lay-offs in some of its newsrooms – acknowledging that it was “misleading and insensitive.”
If you like this story, share it with a friend!