Nobody’s going to argue that companies don’t have a duty to protect their assets from nefarious attempts to access them. Indeed, we’ve seen all too frequently how companies we could rightfully expect better from failed to protect confidential information, as has happened with Equifax, Marriott, Yahoo, Adobe, and others, affecting hundreds of millions of their clients.
So it’s little wonder companies are taking cyber security more seriously than ever. But increased security has also landed website host GoDaddy in the headlines after jerking its workers around with a cruel test.
RELATED STORIES
In December, GoDaddy employees received a very promising email.
As The Copper Courier reported, it all looked legit.
“2020 has been a record year for GoDaddy, thanks to you!” the email read. “Though we cannot celebrate together during our annual Holiday Party, we want to show our appreciation and share a $650 one-time Holiday bonus!
“To ensure that you receive your one-time bonus in time for the Holidays, please select your location and fill in the details by Friday, December 18th.”
Even discerning workers might have been thrown off by the email.
The email address provided was Happyholiday@Godaddy.com, and it included a fancy graphic as well. However, workers who clicked on the link to provide their info to get their bonuses received a second email two days later.
“You’re getting this email because you failed our recent phishing test,” the new email read. Instead of $650, they’d have to take the company’s Security Awareness Social Engineering training again.
Now, it’s not unusual for companies to test their employees for their susceptibility to phishing attempts.
GoDaddy had to announce a breach earlier in the year, one that was the result of a successful phishing attempt and that compromised data from about 28,000 customers, according to Forbes .
But dangling fake bonuses in an already-trying year, at that time of year, certainly set many people off. About 500 of GoDaddy’s workers failed the phishing test, and three of them forwarded the emails to The Copper Courier.
Reaction online was swift and harsh.
“Another example of why @GoDaddy is a trash company,” wrote one person on Twitter . “If the high prices and constant unnecessary upsells weren’t bad enough – look at what they subject their employees to during this pandemic when folks need some much needed relief.”
“I get the intention but surely there’s a better way than dangling holiday bonuses to employees when times are absolutely tough right now?” wrote another . “Maybe a fake ‘suspicious activity detected, enter your password now to confirm’ would’ve been far less controversial.”
GoDaddy CEO Aman Bhutani later apologized for the phishing test at a town hall.
“GoDaddy takes the security of our platform extremely seriously. We understand some employees were upset by the phishing attempt and felt it was insensitive, for which we have apologized,” a spokesman said, according to CBS News . “While the test mimicked real attempts in play today, we need to do better and be more sensitive to our employees.”
However, Bhutani also declined to issue any real bonuses to GoDaddy’s employees.
h/t: The Copper Courier
