Company Security Test Floats Nonexistent Bonuses

Critics blasted the phishing test amid the economic uncertainty of the pandemic.

Recent reports say that email phishing scams — where a recipient is tricked into providing sensitive information by a malicious actor posing as a trusted source — are not only increasing in frequency; they’re getting more sophisticated.

And the pandemic made it worse, as fraudsters have been, according to one expert, “quick to seize upon the confusion” of the pandemic and work-from-home.

It’s no surprise, then, that some companies are kicking their cybersecurity efforts into overdrive, though a recent incident at a large internet company shows that phishing test training might need to be paired with some sensitivity training.

Employees of GoDaddy, the web hosting company based in Scottsdale, voiced outrage after the company’s attempt at a phishing test rubbed some the wrong way. 

According to reports, GoDaddy sent an email to employees in the weeks leading up to Christmas offering them a bonus of $650. About 500 workers clicked on the link and input personal information. 

Two days later, they received a follow-up from GoDaddy’s security chief saying they’d failed a phishing test, at which point it became clear that no such bonuses existed. Social media users that subsequently caught wind of the incident blasted the company for using the bonus as part of the test amid the current economic uncertainty facing many families.

Following the incident, the news agency AFP published a statement from the company in which GoDaddy stressed the importance it places on the security of its platform. Said a spokesperson, “We understand some employees were upset by the phishing attempt and felt it was insensitive, for which we have apologized. While the test mimicked real attempts in play today, we need to do better and be more sensitive to our employees."

More in Video