GoDaddy Tricked Employees With A Phishing Email Promising Them A Holiday Bonus.
Phishing tests for employees are a good business practice, except when they come at the expense of employee morale.
Arizona baed GoDaddy, the web-hosting and domain registrar company, did something truly awful. They send a spoof phishing email to staff that promised them BONUSES! So, of course, staff clicked on the link. The email promised a $650 bonus.
The email was sent on December 14th from "" and read:
“Though we cannot celebrate together during our annual Holiday Party, we want to show our appreciation and share a $650 one-time Holiday bonus! To ensure that you receive your one-time bonus in time for the Holidays, please select your location and fill in the details by Friday, December 18th.”
Around 500 employees clicked the link. Just two days later the company sent another email, reading:
“You’re getting this email because you failed our recent phishing test. You will need to retake the Security Awareness Social Engineering training.”
The Copper Courier reported the cruel prank and the backlash was spectacular.
IT departments routinely conduct phishing tests - common ones are ebay or amazon reset links, links about your bank account, etc. These are used to gauge employee's likelihood to click on links that could compromise the network of the company. Just one infraction often leads to training, as it should.
But in this case, it was just cruel. People are literally struggling to make ends meet and a $650 bonus could mean the difference between providing your children 3 meals a day or 2. GoDaddy clearly didn't think about that.
GoDaddy provided this weak comment:
GoDaddy - I hope you only get coal in your stocking this year.