They were promised a $650 holiday bonus from their company. It wasn’t an act of corporate goodwill, though, but a particularly insensitive phishing test. And instead of extra cash, those who failed were assigned extra work.
That’s what happened to around 500 employees at the US-based internet domain company GoDaddy. The company used a holiday bonus notification to test employees on email phishing scams, after workers had already been told they would not receive a bonus this year.
The phishing “test” email promised much-needed money; “2020 has been a record year for GoDaddy, thanks to you!”, it said. “Though we cannot celebrate together during our annual Holiday Party, we want to show our appreciation and share a $650 one—time Holiday bonus!”
Those who did as was told in the email were informed two days later that “you failed our recent phishing test,” and that they would be required to complete a security training. News of the “test” prompted outrage on Twitter, with some users threatening to change hosting providers.
While it’s not unusual for companies to send fake phishing emails to test their employees, promising a holiday bonus in the middle of a pandemic when millions are struggling to stay fed and housed is particularly cruel.
After severe backlash GoDaddy has finally expressed apologies over the incident.
“GoDaddy takes the security of our platform extremely seriously. We understand some employees were upset by the phishing attempt and felt it was insensitive, for which we have apologized. While the test mimicked real attempts in play today, we need to do better and be more sensitive to our employees,” a representative for GoDaddy, said in a statement.
GoDaddy, which has millions of customers, has fallen victim to various data breaches. Earlier this year it disclosed a breach that occurred in October 2019.