https://cdni.rt.com/files/2020.12/xxl/5fe5693585f5406565408085.JPG

With ruthless devotion to operational security, web hosting firm GoDaddy has duped its employees with a hoax email promising a holiday bonus – which turned out to be a ruse to teach workers about the perils of phishing scams.

The notice, obtained this week by an Arizona NBC affiliate, enticed company personnel with an offer of a one-time “holiday bonus,” only asking that they enter their personal information into a form included on the email in order to guarantee they received the Christmas cash.

“Happy Holiday GoDaddy! 2020 has been a record year for GoDaddy, thanks to you!” the deceptive email said, adding: “Though we cannot celebrate together during our annual Holiday Party, we want to show our appreciation and share a $650 one-time Holiday bonus!”

To ensure that you receive your one-time bonus in time for the Holidays, please select your location and fill in the details.

To the frustration of employees, however, the offer was too good to be true. Those who followed the email’s instructions and filled out the form were soon met with a stern warning: “You’re getting this email because you failed our recent phishing test. You will need to retake the Security Awareness Social Engineering training,”according to local Arizona outlet the Copper Courier. The follow-up message also noted that around 500 GoDaddy employees had failed the test.

Days after the hoax email was sent on December 14, the company held a “town hall” event for workers where some anonymously expressed anger at the “tone-deaf” scheme, the NBC affiliate reported.

The company said it had already apologized to its employees for the stunt, acknowledging that it needs “to do better and be more sensitive to our employees.”

“GoDaddy takes the security of our platform extremely seriously. We understand some employees were upset by the phishing attempt and felt it was insensitive, for which we have apologized,” GoDaddy told AFP in a statement late on Thursday.

The phishing ‘test’ may have been received especially poorly given that it came just months after GoDaddy CEO Aman Bhutani announced a spate of lay-offs amid the economic fallout of Covid-19 and related government shutdown policies, which have ravaged much of the US, and indeed global, economy.

While GoDaddy has fallen victim to far-reaching phishing attacks previously, with Forbes reporting a massive breach in May that impacted some 28,000 customers, netizens were not impressed with the fake email. Commenters savaged the company for the Grinch-like move, with one blasting the firm as “beyond deplorable.”

I’ll be cancelling my services tonight @GoDaddy this was beyond deplorable https://t.co/Mghmla2QnJ

very insensitive of them. the company is trash to begin with so this wasn’t surprising @GoDaddy

What a way to close out 2020. Gross.

Some observers pushed back on those condemning the company as a Scrooge, however, calling the move “smart” from a security standpoint. Some also argued that employees who fell for the trick were among “the most gullible user[s] on the planet.”

remember when all of twitter got hacked/infiltrated by TEENAGERS a few months ago? that happened because employees with access to the info, fell for a social engineering/phishing scam.godaddy was smart. as long as they didn’t fire anyone, this is best way to teach employees.

Bonuses will come as is the norm.I host a website on godaddy and this makes me feel safe.

“My employer doesn’t know who I am or where I work or how to pay me, so I should send it to them my personal info to opt in to a bonus they already want to give me! Wait no bonus? I’m going to the news!” -The most gullible user on the planet.

GoDaddy is not the first company to take heat for a similar stunt, with Tribune Publishing also fooling employees with a promise of a bonus in September in order to root out potential security breaches. The publisher later apologized for the setup – which also followed a company announcement that it would impose pay-cuts and lay-offs in some of its newsrooms – acknowledging that it was “misleading and insensitive.”

If you like this story, share it with a friend!