GoDaddy decided that December would be a good time to check if its employees are staying alert when it comes to cybersecurity threats. At a time when his staff is trying to navigate a holiday season overwhelmed by a pandemic and a suffering economy, the web hosting giant sent a fishing email with an offer that was too good to be true and now I’m so sorry.
Arizona-based newsletter The Copper Courier reported for the first time that GoDaddy employees received an email on Dec. 14 with the subject “GoDaddy Holiday Party.” The email informed workers that the company is looking forward to the annual holiday party and will issue “a one-time holiday bonus of $ 650.” Two links were included in the email and employees were instructed to choose their location and fill out some details on a form to make sure they would receive the bonus before the holidays. Unfortunately, the entire offer was nothing more than a test to see if employees would fall in love with this scam if a bad actor tries to redirect them with a malicious link.
Two days later, about 500 GoDaddy employees were informed that they were not arriving good and that they had failed a corporate fishing test. GoDaddy’s head of security, Demetrius, arrives wrote in the follow-up email that failed employees “will have to resume safety awareness social engineering training.”
Many companies perform this type of testing and the telltale sign is that a misleading email is sent from an email address that appears to come from a corporate account, for example, my boss may try to call me with an email from an address ending in @ gizmondo.com. But GoDaddy runs its own email service and the fake fishing email was sent from an account with the address, [email protected]. It’s easy to see why so many workers failed the test and it’s easy to understand why GoDaddy would see such a blatant vulnerability in their systems after the company just suffered a disgrace. data breach earlier this year.
What is not understood is the cruelty involved in setting up this test and the lack of monitoring of employees ’expectations of a routine bonus in a year in which the company reported growth record while participating in the biggest corporate trend of dismissal workers. Cybersecurity is important to a company like GoDaddy, but this same test could have been carried out, training warrants could have been issued to anyone who failed, and vouchers could still be handed out to everyone.
G / O Media may receive a commission
“GoDaddy takes the security of our platform very seriously. We understand that some employees were upset by the fishing attempt and felt that it was insensitive, so we apologized, ”a GoDaddy spokesman told Gizmodo. “While the test mimicked the actual attempts at play today, we need to do better and be more sensitive to our employees.” The company did not respond when Gizmodo asked if it intended to issue the bonuses.
Data breaches can be a giant headache for a web hosting company, but if no one wants to work there and no one wants to do business with an organization that treats its employees like dirt in the toughest time of the year, ‘hardest year of a generation, there’ I will be nothing to be sure.