Dec 25, 2020 10:50:00

A fake 'bonus notification' was sent to try an employee and talked about 'too evil'

The company sent a bonus notification to the employee, and when the employee entered the necessary information and replied, it was actually a test to confirm the height of awareness of

phishing scams , not a bonus to the person who replied. It has been reported that a notice of retraining has arrived .... It has been talked about as the cruelest prank at the end of the year, when there were many difficulties associated with the new coronavirus infection (COVID-19).

GoDaddy Employees Were Told They Were Getting a Holiday Bonus. It Was Actually a Phishing Test.
https://coppercourier.com/story/godaddy-employees-holiday-bonus-secruity-test/

GoDaddy wins our 2020 award for most evil company email --The Verge
https://www.theverge.com/2020/12/24/22199406/godaddy-wins-2020-stupidity-award

GoDaddy, a domain registrar rental server service headquartered in the United States, emailed a $ 650 bonus notice to hundreds of employees on December 14, 2020. ..

Below is a screenshot of the email actually sent.

Below the illustration 'GoDaddy HOLIDAY PARTY', the message follows.

The message said, 'We can't celebrate together at our annual holiday party, but we would like to express our gratitude and share a $ 650, one-time holiday bonus! Confirm that you received a one-time bonus on your holiday. Please send us your location and details by Friday, December 18th. '

However, GoDaddy sent the following email to the email replyer two days later.

'You have received this email because you failed your most recent phishing test. You will need to retake the security awareness training in social engineering .'

It is reported that about 500 people failed the GoDaddy phishing test. Phishing scams can leak confidential company information and personal information of employees, so companies may conduct tests to confirm employee awareness. There are other companies besides GoDaddy that perform phishing tests, and it is known that the American newspaper Tribune Publishing also conducted a phishing test in September 2020 disguised as a bonus notification. The employee who actually received the email said it was 'amazingly cruel.'

I've been able to confirm that this was in fact! An internal test from @tribpub . If you click the links, you get a message from the company's training contractor saying you clicked on a simulated phishing test.

The level of cruelty is actually stunning, even for this company.

— Danielle Ohl (@DTOhl) September 23, 2020

GoDaddy revealed a major data breach in May 2020, and testing appears to have been done to prevent this from happening. However, this phishing test has been criticized as 'cruel' and 'evil' due to employment instability at COVID-19 in 2020 and a temporary dismissal at GoDaddy. GoDaddy hasn't responded to media comments, but the aforementioned Tribune Publishing later apologized for being 'misleading and insensitive.'

It is also argued that phishing tests that test employees are counterproductive, such as discouraging employees and creating cracks between the security department and other departments.

Performing a 'phishing test' in-house has a negative effect on business operations --GIGAZINE