GoDaddy has decided that December will be a great time to test whether its employees remain alert when it comes to cyber security threats. At a time when his staff is trying to navigate a holiday season hampered by a pandemic and a sick economy, the web hosting giant sent a phishing email with an offer too good to be true and now I sorry.
Copper Courier Press first reported that GoDaddy employees received an email on December 14 with the subject “GoDaddy Holiday Party”. The email informed workers that the company is looking forward to the annual holiday party and will issue “a one-time $ 650 bonus.” Two links were included in the email, and employees were advised to choose their location and fill in a few details on a form to ensure they would receive the bonus before the holidays. Unfortunately, the entire offer was just a test to see if employees would fall for such a scam if a bad actor tried to redirect them with a malicious link.
Two days later, about 500 GoDaddy employees were informed that bonuses were not coming and that they had failed a corporate phishing test. GoDaddy’s chief security officer, Demetrius, is coming wrote in the follow-up e-mail that employees who fail “will have to resume social engineering training on security awareness”.
Many companies perform these types of tests, and the indicative sign tends to be that the misleading email is sent from an email address that appears to be from a corporate account, for example, my boss might try to break me in. with an email from an address ending in @ gizmondo.com. But GoDaddy runs its own email service, and the fake phishing email was sent from an account with the address, [email protected]. It’s easy to see why so many workers failed the test, and it’s easy to see why GoDaddy sees such a blatant vulnerability in its systems after the company just suffered an embarrassment. data breach earlier this year.
What is not understood is the cruelty involved in setting up this test and the lack of tracking employees’ expectations of receiving a routine bonus in a year in which the company reported record growth while participating in higher corporate trend of dismissal workers. Cybersecurity is important for a company like GoDaddy, but the same test could have been done, training orders could have been issued to anyone who failed, and bonuses could still have been delivered to everyone.
G / O Media may receive a commission
“GoDaddy takes the security of our platform extremely seriously. We understand that some employees were upset by the phishing attempt and considered it insensitive, which is why we apologized, “a GoDaddy spokesman told Gizmodo. “While the test mimicked the real tests in the game today, we need to do better and be more sensitive to our employees.” The company did not respond when Gizmodo asked if it intended to issue bonuses.
Data breach can be a giant headache for a web hosting company, but if no one wants to work there and no one wants to do business with an organization that treats its employees like dirt in the toughest of times year of a generation, there ‘I will be nothing to keep safe.