GoDaddy Tricked Employees With A Phishing Email Promising Them A Holiday Bonus.
Credit: Screenshot
December 26, 2020

Arizona baed GoDaddy, the web-hosting and domain registrar company, did something truly awful. They send a spoof phishing email to staff that promised them BONUSES! So, of course, staff clicked on the link. The email promised a $650 bonus.

The email was sent on December 14th from "Happyholiday@Godaddy.com" and read:

“Though we cannot celebrate together during our annual Holiday Party, we want to show our appreciation and share a $650 one-time Holiday bonus! To ensure that you receive your one-time bonus in time for the Holidays, please select your location and fill in the details by Friday, December 18th.”

Around 500 employees clicked the link. Just two days later the company sent another email, reading:

“You’re getting this email because you failed our recent phishing test. You will need to retake the Security Awareness Social Engineering training.”

The Copper Courier reported the cruel prank and the backlash was spectacular.

IT departments routinely conduct phishing tests - common ones are ebay or amazon reset links, links about your bank account, etc. These are used to gauge employee's likelihood to click on links that could compromise the network of the company. Just one infraction often leads to training, as it should.

But in this case, it was just cruel. People are literally struggling to make ends meet and a $650 bonus could mean the difference between providing your children 3 meals a day or 2. GoDaddy clearly didn't think about that.

GoDaddy provided this weak comment:

GoDaddy - I hope you only get coal in your stocking this year.

Can you help us out?

For 17 years we have been exposing Washington lies and untangling media deceit, but now Facebook is drowning us in an ocean of right wing lies. Please give a one-time or recurring donation, or buy a year's subscription for an ad-free experience. Thank you.

Discussion

New Commenting System

Our comments are now powered by Insticator. In order to comment you will need to create an Insticator account. The process is quick and simple. When registering you will also be presented with the option to tie all your old Disqus comments to your new Insticator account. Please note that the ability to comment with a C&L site account is no longer available.

We welcome relevant, respectful comments. Any comments that are sexist or in any other way deemed hateful by our staff will be deleted and constitute grounds for a ban from posting on the site. Please refer to our Terms of Service (revised 3/17/2016) for information on our posting policy.