Roughly 500 employees failed the test, which claimed they would receive a $650 bonus.
“2020 has been a record year for GoDaddy, thanks to you!” the email read.
Sent by Happyholiday@Godaddy.com, tucked underneath a glittering banner of a snowflake and stamped with the words “GoDaddy Holiday Party,” the Dec. 14 email to hundreds of GoDaddy employees promised some welcome financial relief during an otherwise stressful year.
“Though we cannot celebrate together during our annual Holiday Party, we want to show our appreciation and share a $650 one-time Holiday bonus!” the email read. “To ensure that you receive your one-time bonus in time for the Holidays, please select your location and fill in the details by Friday, December 18th.”
But, two days later, the company sent another email.
“You’re getting this email because you failed our recent phishing test,” the company’s chief security officer Demetrius Comes wrote. “You will need to retake the Security Awareness Social Engineering training.”
Phishing tests are sent by companies to gauge their employees’ susceptibility to phishing attacks, where people outside the company will attempt to disguise themselves as trusted sources to gain access to sensitive information, like usernames and passwords.
The follow-up email from Comes said that roughly 500 GoDaddy employees clicked on the holiday bonus email and “failed the test.”
Scottsdale-based GoDaddy, the world’s largest domain registrar and web-hosting company, did not respond to repeated requests for comment about the emails. The emails were forwarded to The Copper Courier by three GoDaddy employees.
Earlier this year, Forbes reported that 28,000 GoDaddy customers were impacted after a data breach compromised their account usernames and passwords.
Despite the company surpassing 20 million customers this year and reporting “record customer growth,” the company laid off or reassigned hundreds of employees during the coronavirus pandemic, including in Arizona, Iowa, and Texas.
GoDaddy is not the first company this year to trick employees into falling for phishing scams by dangling the carrot of a potential bonus.
In September, Tribune Publishing, which owns several major newspapers around the country, sent a similar email to its employees.
The email, circulated by several furious Tribune employees on Twitter, said the company was giving out targeted bonuses of $5,000-$10,000, only to later reveal itself as a phishing test sent by the company.
“The level of cruelty is actually stunning,” Tribune reporter Danielle Ohl wrote at the time.
A Tribune spokesperson later told Vice News that the exercise was part of a regular, internal test to assess phishing risks and said that it had no intention of offending its employees. “In retrospect, the topic of the email was misleading and insensitive, and the company apologizes for its use,” the statement read.
Want to talk about phishing tests you’ve received from your employer? Reach the reporter at lorraine@couriernewsroom.com or 480-243-4086.
Politics
Supreme Court hears oral arguments in major abortion access case
The Supreme Court on Tuesday heard oral arguments on a case that will ultimately decide the future of mifepristone access in the United States. ...
VIDEO: Arizona Rep. Lorena Austin explains why ‘SB1166 is a dangerous bill’
@coppercourier Rep. Lorena Austin commanded the floor when they spoke about SB1166. The bill would require parents to be notified no more than five...
Local News
Prescription drugs are getting cheaper for seniors thanks to Biden’s Inflation Reduction Act
Prescription drug costs are falling by the thousands this year for more than a million American seniors due to President Biden’s Inflation Reduction...
VIDEO: This is why Right to Counsel is necessary for housing equality
@coppercourier A right to counsel has been proven to help tenants win eviction cases and stay in their homes, and it can soften the blow when...